From 841231e5bd0d90e8a57d6fd997701a70ef520730 Mon Sep 17 00:00:00 2001
From: moneromooo-monero <moneromooo-monero@users.noreply.github.com>
Date: Sat, 24 Jun 2017 12:38:41 +0100
Subject: [PATCH] Add fuzz testing using american fuzzy lop

Existing tests: block, transaction, signature, cold outputs,
cold transaction.

Data for these is in tests/data/fuzz.

A convenience shell script is in contrib/fuzz_testing/fuzz.sh, eg:

contrib/fuzz_testing/fuzz.sh signature

The fuzzer will run indefinitely, ^C to stop.

Fuzzing is currently supported for GCC only. I can't get CLANG
to build Monero here as it dies on some system headers, so if
someone wants to make it work on both, that'd be great.
In particular, the __AFL_LOOP construct should be made to work
so that a given run can fuzz multiple inputs, as the C++ load
time is substantial.
---
 Makefile                              |   4 +
 contrib/fuzz_testing/fuzz.sh          |  21 +++++
 tests/CMakeLists.txt                  |   2 +
 tests/data/fuzz/block/BLOCK1          | Bin 0 -> 205 bytes
 tests/data/fuzz/block/BLOCK2          | Bin 0 -> 252 bytes
 tests/data/fuzz/cold-outputs/OUTPUTS1 | Bin 0 -> 7 bytes
 tests/data/fuzz/cold-outputs/OUTPUTS2 | Bin 0 -> 256 bytes
 tests/data/fuzz/cold-transaction/CTX1 | Bin 0 -> 1073 bytes
 tests/data/fuzz/signature/SIG1        |   0
 tests/data/fuzz/signature/SIG2        |   1 +
 tests/data/fuzz/transaction/TX1       | Bin 0 -> 95 bytes
 tests/data/fuzz/transaction/TX2       | Bin 0 -> 13255 bytes
 tests/fuzz/CMakeLists.txt             |  91 +++++++++++++++++++++
 tests/fuzz/block.cpp                  |  67 ++++++++++++++++
 tests/fuzz/cold-outputs.cpp           | 108 +++++++++++++++++++++++++
 tests/fuzz/cold-transaction.cpp       | 110 ++++++++++++++++++++++++++
 tests/fuzz/fuzzer.cpp                 |  96 ++++++++++++++++++++++
 tests/fuzz/fuzzer.h                   |  38 +++++++++
 tests/fuzz/signature.cpp              | 105 ++++++++++++++++++++++++
 tests/fuzz/transaction.cpp            |  67 ++++++++++++++++
 20 files changed, 710 insertions(+)
 create mode 100755 contrib/fuzz_testing/fuzz.sh
 create mode 100644 tests/data/fuzz/block/BLOCK1
 create mode 100644 tests/data/fuzz/block/BLOCK2
 create mode 100644 tests/data/fuzz/cold-outputs/OUTPUTS1
 create mode 100644 tests/data/fuzz/cold-outputs/OUTPUTS2
 create mode 100644 tests/data/fuzz/cold-transaction/CTX1
 create mode 100644 tests/data/fuzz/signature/SIG1
 create mode 100644 tests/data/fuzz/signature/SIG2
 create mode 100644 tests/data/fuzz/transaction/TX1
 create mode 100644 tests/data/fuzz/transaction/TX2
 create mode 100644 tests/fuzz/CMakeLists.txt
 create mode 100644 tests/fuzz/block.cpp
 create mode 100644 tests/fuzz/cold-outputs.cpp
 create mode 100644 tests/fuzz/cold-transaction.cpp
 create mode 100644 tests/fuzz/fuzzer.cpp
 create mode 100644 tests/fuzz/fuzzer.h
 create mode 100644 tests/fuzz/signature.cpp
 create mode 100644 tests/fuzz/transaction.cpp

diff --git a/Makefile b/Makefile
index 9344f387c..0f5ee5773 100644
--- a/Makefile
+++ b/Makefile
@@ -108,6 +108,10 @@ release-static-win32:
 	mkdir -p build/release
 	cd build/release && cmake -G "MSYS Makefiles" -D STATIC=ON -D ARCH="i686" -D BUILD_64=OFF -D CMAKE_BUILD_TYPE=Release -D BUILD_TAG="win-x32" -D CMAKE_TOOLCHAIN_FILE=../../cmake/32-bit-toolchain.cmake -D MSYS2_FOLDER=c:/msys32 ../.. && $(MAKE)
 
+fuzz:
+	mkdir -p build/fuzz
+	cd build/fuzz && cmake -D BUILD_TESTS=ON -D USE_LTO=OFF -D CMAKE_C_COMPILER=afl-gcc -D CMAKE_CXX_COMPILER=afl-g++ -D ARCH="x86-64" -D CMAKE_BUILD_TYPE=fuzz -D BUILD_TAG="linux-x64" ../.. && $(MAKE)
+
 clean:
 	@echo "WARNING: Back-up your wallet if it exists within ./build!" ; \
         read -r -p "This will destroy the build directory, continue (y/N)?: " CONTINUE; \
diff --git a/contrib/fuzz_testing/fuzz.sh b/contrib/fuzz_testing/fuzz.sh
new file mode 100755
index 000000000..35b74f7e4
--- /dev/null
+++ b/contrib/fuzz_testing/fuzz.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+AFLFUZZ=$(which afl-fuzz)
+if ! test -x "$AFLFUZZ"
+then
+  echo "afl-fuzz not found - install american-fuzzy-lop"
+  exit 1
+fi
+
+type="$1"
+if test -z "$type"
+then
+  echo "usage: $0 block|transaction|signature|cold-outputs|cold-transaction"
+  exit 1
+fi
+case "$type" in
+  block|transaction|signature|cold-outputs|cold-transaction) ;;
+  *) echo "usage: $0 block|transaction|signature|cold-outputs|cold-transaction"; exit 1 ;;
+esac
+
+afl-fuzz -i tests/data/fuzz/$type -m 150 -t 250 -o fuzz-out/$type build/fuzz/tests/fuzz/${type}_fuzz_tests
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index cb29b27a0..85763f8b5 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -77,6 +77,7 @@ file(COPY
   DESTINATION data)
 
 add_subdirectory(core_tests)
+add_subdirectory(fuzz)
 add_subdirectory(crypto)
 add_subdirectory(functional_tests)
 add_subdirectory(performance_tests)
@@ -114,6 +115,7 @@ set(enabled_tests
     hash
     performance_tests
     core_proxy
+    fuzz
     unit_tests)
 
 add_custom_target(tests DEPENDS enabled_tests)
diff --git a/tests/data/fuzz/block/BLOCK1 b/tests/data/fuzz/block/BLOCK1
new file mode 100644
index 0000000000000000000000000000000000000000..1d681ac237cc7f1504aa764732a9bf9f906c676a
GIT binary patch
literal 205
zcmV;;05bmp0FLO>sRd4wEk0*u-Qr$YOr(TuwyTR=-EKe#Q~Z=ZrEnU=G3ftv<4XaB
zs}lkL$*L0r-}%ai6#_md9IpxZ9eU<{Ye?*J+HzGR6GUu{^w$?A7;j^V;3t6Kyzi%1
z0uZu#0CN1yxA%o{NXBm$sUirJ8*(U!_uPRKrY@E4G=RX$^Ms=U0!P7l8{j(|I^h15
z6LB%Gd#jlQWMk%pa|d<#QvuCS^&tTfrvaqT60~RH!oAF_tCQHV?lif5GHU_!E|;el
HF*a2I?%H6@

literal 0
HcmV?d00001

diff --git a/tests/data/fuzz/block/BLOCK2 b/tests/data/fuzz/block/BLOCK2
new file mode 100644
index 0000000000000000000000000000000000000000..b9de418a91cd26622a9aa82ad9277df0c12a8097
GIT binary patch
literal 252
zcmV<Y00aL40OilpsRh|eLkNNyhz}{AD=`{h#($<TM3_*x+gUYS;RF7K@!`K20004$
zs1pJI*ryW&;-CC&0_m8T0!BFO8`><1d<nwBPFy;BZw`1WltcJFF4+vxQGm#=pd|vO
z9f0@ouGBzbE>a&n6RbG>xid}Nn}*2XVnc|(;LR(5;JojrR|2;*LTi>LqkVmZu<W&r
zhK8_n3LvEUGSI0_f~d3^2tk0r%JYPy0s<&HR!<8KO4&-&QwvCBb(U3Xlm=QF#+r=z
z*1yNrhs`Si0S`bUMLR{G1#qmxD^`O=R&uLW%_7`;s-=kf3WjYa0tf&A0007J^>+Y}
Cg>U`<

literal 0
HcmV?d00001

diff --git a/tests/data/fuzz/cold-outputs/OUTPUTS1 b/tests/data/fuzz/cold-outputs/OUTPUTS1
new file mode 100644
index 0000000000000000000000000000000000000000..f449f61ad97ee4c25446c22102c869b3cce5cb08
GIT binary patch
literal 7
McmZQz00KsK000mG2><{9

literal 0
HcmV?d00001

diff --git a/tests/data/fuzz/cold-outputs/OUTPUTS2 b/tests/data/fuzz/cold-outputs/OUTPUTS2
new file mode 100644
index 0000000000000000000000000000000000000000..907bcdb913d7c4cd244f1ac8a18fd812db5869d8
GIT binary patch
literal 256
zcmZQzU|?WmWMpSxWM{4q;bUI*mI)-n#JoF%4<rNR00Bq}%46$2u)A*^CrAxQhEZX+
zm2h}V$=%qUa^eqEib`J}TdnzctNrx@*%gV;MelZnF)A`J?%nRX=%rB^vyA$A%b9Pt
zGOf2i;Vr;Fb@tOb1+5Eix?jNtU2K2Oaw=cU_fm_K&XkR>6;)#V-V~ikQu5!sS8sy!
z>^zWVQ1<}UV+U~8F)%8WoR}1N$H(Wnqxq3<KT}TZ3}Y?Oc>V8G?7I^sZsxql`hnhN
GWB>qDdP|}J

literal 0
HcmV?d00001

diff --git a/tests/data/fuzz/cold-transaction/CTX1 b/tests/data/fuzz/cold-transaction/CTX1
new file mode 100644
index 0000000000000000000000000000000000000000..0afecedbcce8682c2a7d1c43b57381c3f0f5afd1
GIT binary patch
literal 1073
zcmZQz00Blu6p9tdV~%bH3o<H13w*SBJBMN2yPsk!lWO1i-2Y*=KW^1N31h`~ce_;_
zdl?l14+*Jrw<OGVoIU@R$?E$@*bD70Jd?EBs<8a?jm_V-+As^TF)=E5p5OR>=d5qq
z*Y#$werWvvI!vi`_KT}*T8rlK3C5SrNMKZON>kBg*zR<_?5p(j&V7m7H6&gn7fWaP
z&(vnz_f2!nIcDzZKyx^6X5P!-`o($mnq_5%g+R;kiQ@P4x-TZqZ+WYD_vYMSMuk)J
zLf-Q(F3m6T+i^hgfSW=3@`@+nM$KDxxJUE{lwLGpHhBv)=SI!mABVLK^J3jM%}%PF
zQR?b{Y{lhUlU7?UD_QsFQg<<<g1>!#_0CoU>(!e3)ET!=%T`E{n|9eWeHqtL8Kdt_
zmya?p1DUhiN;tfw<ZkRvIq?T7MWwHgt=4?J)&BZ{?25$aqIbK(7!^LheRt8^JTI~B
z>Kbn+$C9c~8(c0LY!<!$B;Z<It6p?8BMUGJ6!va+UG&nZj9EtgyyeWdTbb6|pYRso
zpE~<#or2Z{H{GucY`q6|_pRe(WMou;#1}Zya1d<0tfEs6aDWW9ZS#;bcYUvO&oav*
zdu5Sx-~|R3qa2Nldz-w9!rXO!GAis+a15y844m31m$v#?6xTc#`~GE_`*t08VG=C%
zSN3%g&=e*HRtABkS6)!VIH=pGVH7CkGAc4Kt~;aYv_5}R(1oR1w<Wi<^nCOc_RZ5%
zZ;iAN+4%S8LSJAK2P&nW7l5`hGO{x;vNP9*@PX0+Fd7({n0JTpfn*?Y0+NFApiu`>
z1H^=r4A4gelLN>g=1U2Mj<2PCRc`anUbkE=>2DlU`}!X_Wxq=2^MsssYhWapQs6EF
qnpSdRQs5mQpXZL|N51_`Ik7X0wLs(bzf-aAPL#Nr^B(I5c?<x^kBw~r

literal 0
HcmV?d00001

diff --git a/tests/data/fuzz/signature/SIG1 b/tests/data/fuzz/signature/SIG1
new file mode 100644
index 000000000..e69de29bb
diff --git a/tests/data/fuzz/signature/SIG2 b/tests/data/fuzz/signature/SIG2
new file mode 100644
index 000000000..f03e8a4de
--- /dev/null
+++ b/tests/data/fuzz/signature/SIG2
@@ -0,0 +1 @@
+SigV1WbMcLkLKXz3Su9iFUp9aYF5vSfpVetcytVWAgqhn3KNe1kidn7M2KfTRpuK8G1ba1w2u5mbyoWbkLPy2Gm97BM4W
\ No newline at end of file
diff --git a/tests/data/fuzz/transaction/TX1 b/tests/data/fuzz/transaction/TX1
new file mode 100644
index 0000000000000000000000000000000000000000..706af6acee5e81feec41dac53280ce2e3511a80a
GIT binary patch
literal 95
zcmV-l0HFT@sn}5g|LxaN0p$AM!L!x@0*;e;;^C_VP)Cw_W*RbLcn%#LYR<hU;DbIF
zEarA^E-L{+K34+H!HfZyc`2S{2o3ql7c1*H0fLFNYS&WBEM3R~2mk;809MWcPyiv8
BCiegU

literal 0
HcmV?d00001

diff --git a/tests/data/fuzz/transaction/TX2 b/tests/data/fuzz/transaction/TX2
new file mode 100644
index 0000000000000000000000000000000000000000..f751f97a28235ff8ad67fe505430be5c68f88243
GIT binary patch
literal 13255
zcmV;&GdRow00II41E!|}*y{tYl>xOq65yV`vV|gDw|8@qaGkGyu6$5(ruK4C6BX4Q
zL1O{{1Gu#TkH-e~MGg`3V$pC<K*(FAEB2Bab{Kc%uJ;QncB}gIn2;FdNdf=@XDoZ-
z0fU6|vco>3THzBvXHhk@=TKYs&x<{VTyLJ{00OyBF;am0fXfX_^-Jj8J>m(ZmIOd2
zW+qVCsH4cHuJR!PWf|*Vefd_v91g&%d88|xLt#2{%XH`Ti*L8{KdiQ|0+8Uf(H4ZF
za=PdNMN=v3M%ApR=DFK1?W|N#OAnA$n9r?3ls6>tzH{RO?dBDOxmp#k#Q@Cv^^uQE
zTUrK)6?)%Kf0E(~@Ugs%>|S2*kMPb=vpIyW9;Y22(EYXTQaC9Qw+Vml#3o{zVSLD<
zfwzB8Y@Qa8Wv}Pr;kaz~0u2T-iVv!S5=v?}R-~JJzwQ64a}F1h!dS#uxtu=`UD-bF
zd<}IO$DNOrVfRxR%W;slC9@D+pMm4#4qy-FREGi|^a%GYY&XRGh~gXd9d3QDZ*zA~
z{RY{}HyCpO2I6njgq=YGoU>o|sk--w9H_Q?O9hCYZyJ>7E^MxLOct2+F6DR!O0>`g
z=z|Wc*R6>{=a@^kz=Nr&xI@yrr_9WIvk9?@>1Am5$6vDd7H<}A0e0~U=F&yb_(Gwa
z6x+Tg1_RFalF)-X8&xDb20!uG$_XO^XudgjAN4ca-@)C-cLXOtrnXgeGXswA<7aqN
z6+#Q|Du~dm_Y|X{Ml;IN#0*UU7$nnTzJV{*$|%0<<hOudhn?h4+Uf_v#}0K;bOW>q
z!zi0`c$(S1w5*&(=VI<UY2!fiK<(bRnd>h*4FRM)Zl(!P{Okzd$Cq-k+wrz~@S6$5
zulk{Qq9Pzpzz&5hH|Jk{T;<?D^?Ut~`Tf#|&A^@AkPBXZfXv;HoCjJ_kh=?jo_PDk
zf&7Okrj3w+<&d$h2my5AkByl2Q40#S%zO30WCUck2)z1V?~`!$2b7m(L44S!Q)!k=
zBo136QD;ZQL1TuU@Oo3KYf@&%pAVY|66OuJ`4hDRD+91N{uyQv?<fsSB-3EWie1BN
zlDMQI{etgA0Enu?mkw_O|K;7!K}zNW5b><8IM2@*qcZ~C_vv&Ux^It3d=FjZ4moCp
zAOftEHu@T&Ghg~wQk6a~;+}s>U6bG=nFF6f`PGTm>W~<A5^L?Q@Ku+T8NGT2D$I9V
zA&kTTaR~e?t-@eDv&Bs_f;vGxo($QoWd&7O42JwFREwFdB@IyI)I`ur5R%~UT*52q
zCaebXUD`F&Aq&@M7l}D6t_WL1MU^lhLnJ|wXw}byMz^yxCwiU{?~BPm)X`ABoC$ZN
zx>)|6<_1&%v)Y=WlCZIN${jeSULVt-d{?R%{tgecp&mtq%_7D4EW63@A;lA4MjggE
z5#*x2aoN0B_6gHT|C^GLBbiegY{vs9Bu}xIZuVjG6XKehh-=eXBnH)vyQz@>h*HK0
z-Uf^ui^4n4%cPTqoBB;m1^e3heFba07TCCOT?qtHx*$3rkL0x3dowKC@7}ErwiGv-
z^#-44abhH6=k~te1gIn0#b-mD9Wf|UOM;`>AQsIe+XZ15sRvDmOH=;tRwu*1J(U_I
zFf{rLSWeu5>zfgex(W~PNgv7AaV$0e5v&gaqe`>PbnJOzPc`+Xf?vr;t_*?3?_9JP
zn&$>JO4*^Fl)G4vI)jKOf8`esC^x73b_}5?YFXeqO5<DlX4Hpd(>)kSlckK%O4^m#
z@Ojs`We!j)oIwfo7ykvn=weL$)Gol~o^<CKB9}AFc~LML+69hkhm;~$K;ITl$6Y3>
zaB&9P`2>=4im6i0n^PUzt_>!@Tjh^}U~x22U3xuDWAAzx1?;j)!th5&GA0gED+}ZK
z$lyNm@x@R?$dqaV=9ofQv620E{CRyIGLFxz>;uo|!cQCyHsLtNB8mcAIu)LJGwa$8
zc?GCH`Y^r;CkS3aLM;yLQ)`d@`rp8bF=##d!DHW5WPNv(`O>{hO$?}kbw?f-H*L9W
zIaq6TC@$eE0wf{T0bSoLk6U>wPYEUq(UV`>Z$PqK3G%M8Gri=?C!%EV&DmL%ydCJd
zt_X4+iRHE!m_pZKgjN2@)tta5oe>s7=l;O`dcwr|i~$G~^cTS-+<{O_)_9H}f+d#O
z%jtweTc>hq)d5O#4+zA$RDv8nig-TK!+zZ)gcDNtvb_r#xEY(KymlL?7zA5oanIZV
zH^I?ZR<bPv(b}8$l(tA1sAZF_KQjo877tb7hGN>J!$x%nPex3^V@KA6>)#(A9w2!R
zJ)FXtAOv1-d5{6hQ%eax4BA%XHB3+o9t&P={5!_mY;G&kb^)B2BO?c#ItINAt=FQr
zJQKybRxJVXJ|g+Z!I!J=p938cK_r~rK)c$|Sn3Z%&67x|;NUa}BKmP~J^yO>Tn8k8
z%WbRZ<$CI2z)@_WnwOZ}Zpf)FqYy;v<sQSHBnVwx-OG2(D5iagD+Pv`q6S=m>=1M9
zC7u4%FaIuCDGNCdcD0TzgO1}Rvyi(Q*183Y{J{yMczcw-QEnoG>jyhrMVk5i9j1+&
zY{+3waJD7q<e1or8W&Ty>MGT~Iso6{MrEy&j4qQjAQ~98?i&ixuoK)MUQ0f1=N(mm
z=>}V<t&7-a6Kr}3Z{m~B#_4)6zeCP1hcMfN936&(rU$q3+_7qBAUk@md!f)9G0oej
z+(}DZzIz*kmS|!ZLI<piAhxb05@w=wqDMfI7NZ(k&uvBkFdm(8=_<v*UJgQsHX`~V
zB6?do{Eq!%<^hjj{u)DgncY+pGUlqUMF)DE!AyA1_s`^o301S8LX?<m%BDL+wRkN!
zK%N6&Dhj#<YM@zfd}$*PnG@Oh&Qndb3H?DsheDFT`*L!!A_<}GkqBd&lx%+xmNFJ#
z-dQZ@(r(ppoy}dnyU1A=+W^4j8r2$NxD|~H2>lMZV<GQ<d!kERZ|;X|WO5`Mbp(2q
zzrVb`=Ak;-_{|$yA58dLUn}6R@KVmKUAw`fT?0=iuj`2`sEdL>P`E$J(rUp*LAdfT
z-AROZ__8Br6blK<mYV&Z&oL!c>yfW{-#LC4b0;Si+Nn_vrelQLL=446&hAXj9hyB~
zzt?gMNeCQl5WKlXcz+vo!Q25Kc>}S?|4;|eBJ+3)R>Z#NI=wX9PH(MtX)*)!VU%2k
zS^>Aos3_gWg7uvrGcXfbZ8WwOPci>*$No}w83Gzi(GJVPj+ZV8sH}g&r_(sx4S``(
zNyK41h5$YQbI2?EU<4&)mU9l(Oc3{SHAZT(XRl9`zH&3Ra%xB60?Czi_yAvIeJRi=
zRmW!)hriKMJoW-@z-Dh$|7mOEU5y*s@c@Gx6s&y_R$X56tr%8!6T&UmOt%8(P6N(d
z$Mf}srwouKF1oW2;4af|apk4*jl6YJye4Cx__BGr0LPA@5e(VUkQJ^>xNduXZ+ysc
zE1k|4B3qEKoQ<=PzGkFpj0hu;Pn?M9OZ1-GGYs(H82%lLyP9)3IQ~peqbH(0w+}hQ
z3`y4zmgN<j^Xl~91`1@?(b|(F^eOj#O3a5!;{)&WaKToy5GZipY5^Ic`lGrV$r*eb
z`nW&z8#3$I?+e9|1-oLls76t9pH;Zl4!ISO|9$jOF$?sF2fOvm69E%8*9lAX^K`DB
zXMHbWvw5Kvpk3Wp&v<5LRW74CdjS^m07o{7MGY~q4c@DH#XL^IjPkGG9k%wU9;^^V
zuL9<coE6&H^`i=lLd(L($60NB8$(UQS=B!Cf9j7wfCVG7RmBiHQ4$mKN2s9DD3ro|
ziP?^DeBq_SmZg78iVKeMc<9Z=ZkLav&}YDH0nU4h&G_>jzM$bK<b%&IybKc$Z$%?S
zpZLE@Jr8Cnw5c@YH1OAwnInsvg9OB6ivZ!1SgUHk!3zE?lDYg}3O+!BbNfTuxo=FZ
zB8~WWEdZwdZ4UD#b^}ClI*Co@vHZ)LlE;ss+vcZ!zXr40@Bp}a^KX0QkqZg+R7fD1
z(uFy9g)@HOK-~R~)3D@M76%<Vpmh+#c#gcU$-z6xXJkF<44zwnP06>`vB!<Qr3{_Q
z#dj*<0ihNi$DZwWP<NTXfDm~eR4B-TQ(0^PTLO17&sDYX^{3=J`8aYSkC~8fzXELW
z!gid{Pd7;VzXvS>aiA!T8vZFofj)|q-4Do-g>|}+seq>=jtb6rGz8y+bt~ZxslkD<
zaS+YhfmVXhovfL@BAcPyxsJc7+zG%PH(*}Nol4{fl<2KTVi0LC&@?CVE`vId1sH$c
z;Ri+=B6+%uK=fTDfI`x;y1x?_`fC{+%>`w>?Q9%*;R_bFA(R#*zb}-Y_6E@nQR-92
z4VqKgr6@>E72X!wNdy0>OfFQU-d-(ZHvvw_DfK7nWrD-P*&_v@&+|7yF9hO!k>)gg
z8o5UQev)!JqSDM~(TA8;d^KxnH>BIPR|q{Ln}!s`s>@WvrJ1^?`aQQaDCj$a0L_UZ
zr6fYrWeNky`Hwc#BA22p?rP$T=mwiCCjRDI!^!e`97N0aN(&i2*U#ARuzCFe+#2$_
z+^TQs-p*cC6p#z>=jZyDiUp@E`^V}pbii7GMlSyHo~uvas&&RnYn~Fa>DXQ~x(*E$
zx$B3~S<T=OhWZ0gGXJY%m{8ZV*3u2}NMRiBcntCa3bud~nO%w0_jX%0Y}u*4vRrDv
zC$N!?ACb12kqexys`OG@Ej&AtY@3EQ`NU+1V9Oef(Xw@Vmx)i@vkmWVUzyL7C5pFy
zurmr2tS-vxiX+V`<!$D=vk{SyTL+FC2R)$#F0=2vr}(NCqkx)Pd9Y*IuyS^PuSFFh
zoC=ymU5<2x6;$`j!_8lN70kFmHTH>L8#=-$VAf@a6bV@_Ij;6M&kIBc%Dv`5JTyJ-
zP~O4c!pXu{@j8a3FaR2M$rBl#s-&{0#pP5=XJ;5?{fcJ?#g7<;8YH1Dssj0|cze&1
zh+(JXp`{2oKvmehjv=^R_188lc`}Ju(gT;V^GvX#$WQusFcLn@j;fLsZ49QVs$Kgv
zQN?7m2n@~sb7Q-d0B?#5lUMV1(C#vSOzQEpbj_D`5vf%nGXa~UKiN3xeu>s{x)<=m
z+q?-}Y)Xf1bCMv#C)qfmW(BWW_1TB7ZM9u0nBP^eXb8=0!8z@QvFVvIA7P|I76Qkf
z!;bb2(C%1y9hz9ciEJk5P4em>h1Ga-^t0rlwhk2Aq|>Mk2e+OXMY)vQFLYz(EmxvZ
z2{Dfm)&xRpGzl*RA~V0)e1J-vt=MNdGF6t6wDcSy$L(CJu>rx{vJHG#&@Z+7rX#29
zM(n2r))pWeW51lykf23llOAqwdj!s<V&Qod&ZR?9uUR7FTgH>MYr;oZ|B^Y_E2DU@
za1IwZVQarv0<HmVqZ6H*I%v&evg*)rF%~38XsSHmGXuy5Bj~q}vyliYF-S^|WXSHi
zrST`!YRWhg4bbl>SOmu`8ajs}rp6Tof>N7X@8r6V4rj(i;;0eQ@aO-!4+y$R6kZ;%
z&z)``n`NTBPs3uoQXR$7M!D`g#M&*BLI555lG#nM`Q4G;n?Kq;QGF5cW<F3b5?XR&
zu2~23<P7uVmH(MB#4;Oxt^HXO#7zOJ5gtJjrK}H0ZeuBi-~bneImYEgjS0oiR{3z}
zys6c7ywC>Q9GjgbyGAfJ;0J6;X#+Xn392iTM*>p5J!=c>kT@=uXpkx8#L!Pq)d99m
zFjw99w_}h0B?8Qt%LO|I>apY11*x$4C~OJlvH*2^OU?RBH%Wh^&Q{fwZ&wUV^?pJQ
zbs@(ZmE=>SUI`-;xWEh_K;Pl-j=OZ2L3Q#v{0(~R2RCX2Xmc<ZGzge2Dls-BHr<cT
ziwlXk^GSjYN_$4B(3~GpJ8McnQw7+2`Kj&AFw&7<t~`m_vNCx0HPA_(2FfA#6YGIo
zWdi9StwYpXts76@tt~7z^Hidi56CEke7OCM=$ZP|N(&cGkn8eCWYL7a8mW*oC~||R
zV2&V04lYs6U~3mZQ4XJjO<Qu~-ngWd6HawyprC=qqZa@;6drJLN9{o^tUT#{AiDd-
zNKUwqv1SbG)!G5Yi_Vx+`=dAOYuLLgjiliAksr~vz&!;d4=S^}6v?Mfm>y@)eKb$P
zQT<q+cV+X*CJj0?kxVAj?AF3&tQ!EO^k-2N6{mwz+YLE)7XVbdkMv6b7WAWkXQ<?s
z^0z1eTJ<~J)DRcE96Q?;Ae&t{^R4uz_eOmXgh=^T2m~yfKZYpDl~g*Vd)U9VthXYs
zSnpwbz0JVu!c<i|m*+H#P<pZD+8!r$Uc_liq00uZ0;llvbOD&<lq_INoH?!D<Odgc
zn6@eM64l72sxcr_@_-xR%3iGd0i1qm(i#uGAW=nlpD8bfPyz2jbbHOcSn>b2?6Anz
zT=RLb0vutlN0azUa+2ov=c&{O5}LfJBK$~E7~j!$Cve!EG&$KH3dzC{RC^E}&-H<6
zy2E|lGYfS~-mPU)RH@Qd&I&-Vc1K+z0E`B@QRO9GwG;n1aA^*=nPC$*KWU`PHG&|l
zXPHtZSNXB)Fk(7Zy=tr1qq59Ceum+@6L|QWmM%8OTGCCMzVK7=0Kkk_1P?wVvQCa1
z5C4Erk+~%$WatJxrdjJodSLCrE)-HpRTs<U&$jY<t)hr|b(5?{Z2-k$Y061=jxgq*
z^<<;qs$c_Zkg<L|Ix+4$!LKJHX?XnnhK4}dDxj>((ZIs_2s%bJDx}+^n#}ith?N^e
z7Y=Az6;OZXtj!PG*+eiC>Pg03pkdi$GlYI>T6@kIlMZmM1AU-W3HHzq04`;W=MrFC
zE*b4#-7q-M>F4tdIbn&lgP6L}a^}LV*unm7;lW<#r3~eOlsTjw+L&d_$wp3ASqFPx
zmhkesV5D=41`B6L54&wPH1S>va^^NIBq$KpHI6Yt%Ql`6wpd8Tsth?nrNcRImA|@G
zninFhy0wB#e|rM)H(!-h9?{^-RR#;IBB<l-sbbhKs=Ow9rEXfVS05Nm2T-y2g!3cP
zi;V2xS&F<5D;_ZSZrh3gxkhzFSipylO}$K&)}YJGEpNowlN~>vJ6AtB0UlA}HFDy8
zT&gW{r4L@4bDqYVoAT}ZxJfs4fCFfSphD|3JE(@18eLRa1wautWJG*mz3m9tJ#a1x
zCyEOGnKzG*gvrqkJR0X8PZtX+icA+!ax&B73;sGfFXl)Qc<JFJ#vH6X-_CVP!*gF8
zQ<!o%np^LMb-$0zk#yg*Qr=Y;${dmN`aEx!xkP8nyBN<Dy=FISgT9+4d#dZ?y2y~B
zoq@)Cfv+r^#J_xBDOo;4>^ub&pjPjbiN>HAC6ZdkmI*mYt)~z%Pn@mC*@gKS&Zkq(
zM{j%#t%Iya{pfHFskMpfr6G0=a~B#d5ucGke!uM@r_e)W@ej{EoLfj2pI9RjY8tKE
zQpe;!Gmm@1z$x6x?a#YMZD1NMj-j8spaNIY8@R+K)eBB<mE)vR2XWSLQ%<{&&f#;j
z_6jQIULGlV3C`~-n~4C2C>pemdBTyW7GvhXCLAF^h5sJS5aUwvyC$G$qTTeuD7%BI
z2kS4Xvj$s`YGE0YCpqPYTrX|_qvK3iLTlOAW2sTY!G<y54{MAXQ5Tetf#!L*Ntz<P
zkF{Ob)q!ukum(KJ*xWPB05)aGT55Xii?&U&*(FU_ZmEj~w01$E==;N-hD1wi`;Fnk
zQQdIH#y@+zi8_jG<yzd6HZYzI0f-LzPjTO=C+c7P@iDBfA|cb~$bR)Jxg^7RpoEZ5
zJa4~X->xpQKSe+A6BaJ&?~jRr;EF#hvB2&jyJpF<r>hgUjq>!}ZQy7Mw_Htv5CmqM
zv$|aZnBl(fyqGJJy~T+b1|+7oRKE4GOqd)isv)b~7WP2Vr)l3qVh~KT{%qB~lVr(x
z57h?@c`Q1H`JYJrm7#*~fJaV<L|WVxzPGhHL5CXbPoVu%x?<y;q>eDcDbOY`%orQ+
zAMH#dwxA*MKD=6_XWD7l!&p?uuA!eMcow6_r)K3VshVFL*p$cE?6K2a((<g5{l$Cj
zZXI5^!E*3UR70TEB@k?5ZzkeD#0uqJ$pIV)KlBiJ81koR-Me;|5_)K8H&Et0jF?5u
z{l<DH*S7je8REM7C=Bbm@`8Kz<f3`6@1lZD(o~GZd(x74;Ll#CMfqr(wL8R;e}Ik<
zo~wkXKROMX<FRCuW|_WCq!nBX&XWVE=<@Z}m#WzkVnA_Dg0ke`6gHrcEYwSEStm(C
z3ZMej8eN*fz+a@`MflM+v3AZ7d(T0AijU%zrVPvmHkCpm*w6@u^z*>rP*F(jSLNzN
z$q%=Y)MNe@XV%bhTl)`DzvN%*5Y^K9U?NPtsM230t4Y^g!2tadE~{e$jG{uZHX_0f
zMeX7ezB}grsWQQ?heMehNkeFOx2}t%7P(#E?(Fi$L+F6Q1@Vh*K_D6ZzKGZ25Y|Zz
z`ybexAl^S;SP|Z^EbAHU;r28UvhP|Wglc^_N2ol0%v)0yh+w@v4<VnEWAOf6XWbLw
zhnXwE($j3E832V~DA9PUaf!N^K^y$LN;xE~r)Q8di4}e@gXOIBnvfgZ=m3bwPkpNC
z2`+xiOg3SUNV>ckScs-7yOb;Zf=wvpIebZsWa#mV6~kt%N#u)d#LeZY&8*vx-K3BK
zI0!^W6F~?nu@M|Q9#syKLspOD@kF)fk+89OA%}+{jt>SfnWc&FN4sgi<8<Iu*UQnV
zd(3#eg;In=4!_3O$O=IVbt?d{$-kN=O(36Z(Y$gKepzFDqhR_tgrl|f@CwQjq(ob5
ziII}*rWQm#GBkk0JsHeV*7H+MAh{D=qX!56KGh$4RT?}MLc_tpmq@mW+fWT}>wu+l
zJK+55O$>E$`xku=g=Y{|xH<2H0e(mNqV&Fzc|o@7oDrn+au3N5>llk6hk(BF0fyYg
zme1}S;n2<}Fzhj?_udNm91W4#ae?JY*zj-;Z6yn-I+n<92t7|CEIJ_wEsH*bRts0>
z(pl2s?zy=1owirM)H5B;&yaa)7<J)qcNsW2kp`=;3;m7nSRxRI9&v4*xim#R^AVd-
zF9@GRwuuISr~{aq`<iC~mN~tv0*6lN{XPyQSEqR?O8}_E-)mqS;|G7*|Bqk$kF}5a
zzv+*e)sW6bw~@$ZTqulRx(j$3b_~J}(MfH4o}AiRU`T6mW(BW&4m)PRf{a|#&-i?O
z{|1|<@Ea$DRvKr+IdjPL*dEvTsZoAx*ny~|`&^C-gA1Sj9?s*AK<gnk&Ig+7KAzdP
zJ(bxE;cOg5t!OYPJ`4%~vB&=cMBSk?1RrhB;*>=G^;Kc=qIKWVb=v9#1qGM8^lNy@
z&2<e8GK6gkfG9lsQ-nL3XQ3R)`!-@TD+(P%fiSyar*qsF``(KZ_~lORC=#zV&xGk6
zsFQ!EE&xy$UhlV<GDyf5EvsKPORlW!{ixjkHHhPy5bbb(SqteMZPu;#Na$}fuDoDA
zs@2XkmSaEc^bZolZ!XBihY9oScqDq30x3u|dmSES_omAvr;*dT%;d75{?#`UnhEtX
zBvEU+t-Qg!*sU(q5Ce>hwW}KV;Rj(8Y=8jfYyo<2@fwrrtqLc`I>+2m5j(`Hn2ZY}
zqZe<qJeHzFoC0u;dqNDnGC=**+kAQ|fun&^PbkP;D-k>~YCS^v1ONmEU=jfZYoPy~
zm3~zJHHmi&y@dT=s6xGu@UNWqHVQlA6eJYzb`i&_BwPQgJ+AT8F*AGojJHg^c9iKN
z1P=?}*|+U3iQQ<&Q+H*rcpg$)-ix&xast#JCJ776*ale()Z?o<R77(9XUlAI!`@e>
zw!uw@FdwwRn?v;fVgm58XdW|>kKQvthwOWujPkyuE>lL)ltIkxpm}G{Z3ND{2R9+k
zP9TP_46uA7N!!%>(C@lA)dOYBh(g#gs0#}oeZ8agaG#ib-@x5^mPI7ks3nJ~*NWpR
z-(gxWw+{1x0Ja#ToAjSR69^Gtk?wMm0d-$3Ftbb3O(`H^kO=FWOp<mLSw)H542^;&
ziY(7_^x_V$8{emZCH>b$Hvzd1yHZX<p~htBIGn5k#dbZZL^T5OCw-c~du|G+00S-}
zl{k^>+b3-UOjFd=xX;kXM2woZjeAo+Y~q?{dJbgc&$K_&`@m0>Vezs!$m~qtQjPt$
z7ZT*T1}Vtn@DBnM8JpN1=5Y~4YjJMwb=&#GM%a5hKz2~oU1jzl!2&khkrmOR1PK4J
zdk*{2IAKwL^rszldAt50nzm@=6%2}U2;g(nsEZRFHtVMZ>bN;}MtHP{>w!nld}V{7
zYy_=Q9>eF?9YfBu*y2tk60AR3XV>;!LNvxa=B5MzF$#6%pUNUI_FmO#T7Wb3^80$N
z_}xQ8gKMSpDj!Ew^$)GG0+@w2fx`&oYv+`4-*7`RDK&COLd>sE*5Q#nJqAqnoFH=l
zWIKkrDp}w5!*!FlueR>33j4x5zM+7Hpa!WF85c5NZ~-XkU4G7Ld0liLn^)Et+`pss
z1$=y@kp%coX~{Q0Xab*u1%Jf{np!JM4WC31IU|)q%5&!U^9}~XhDCM)xQ~}Q>Bhw2
zx~V65lZ#H`L&`=q=$^T9zyYL<(frKBT2b%mNA6@3o3VHdgl=$!ROFMXH>+2#5fAAa
zq!GG`fb73Im<m)M<g4r#J+#4EBjq^m?K1*SJpf&s3N91iSH9`P0yhEbN64AGV>S|+
zdX<<&GpGVp;SWPZXd^=_<G@E422&>7_*$kCrz(H~br~_|0f8aIvkA!O5f4%J4;_-L
zgfDfLZHG&70T}m&?0xz+aLxYrAq6^MY_@Y|QdJGH6IHkinY2Xbir58mk`FT3)E`_$
z?g*jO`W*Q(_wzXvi=2#2m3T<CJ)@~LRVqV`^;ubZ`2g{?5ek%C-t_A8BHc3=?qh}b
zm>1piF$&p~cWDfwUIG@x38cM7QC2e%ymg*<T_*>oWB_dOjy-kXs1`nSzy}9f=#4_7
z$A%Y?2y54P7!dvSy7#W@^)olHiilG@X9B=~2^3;6N}g~n`xhQx1MobMO}{k~Q@g$l
zldh*N!UcGkSq&}c7go@4os6-1uww(=<%`-U!}}lT8#ce#4Gc+9&7(Ut9zh<JAA3f8
zlPNiqKSrn@V3Sj-94ldqG66Oo;-X1iC%o)f86(&`Y|FQ`%NE0jT<+Dx+tJ*lr3)OL
z%M182j4;HNf_-zIy}1&^COVE}*>FN;*)tcte*iDNTJDh*$vr9^!igCaFl|x)WmfVP
zCXJ)}iCA23OAhm-amAf3mmOGF_ukZ>08W;3(tN0Q`sxSD>cEAj4+s2XHulxj32UZa
z7>iRju;Pra={Xeq`{eW(?k5u|+XM<Pw;S#_!b%WJLRa>gPVXeuw(ox(Ex6F5?!GHG
zH3@c)lir8RBS@Sq+2kCkEN_PuZtN~QDUf~*Hu!y%I{-gMSi?O{xg^+%Z^vuIY!!ag
zm@~p{iY!Z0lLqXEp$xE0Nfz-s%XZN)A$F6$#|0=5T?TJPEG;{>sJU`)UI*j<N~^#O
z_#weqB$~6&bOI8*bNI+>!|S9)`1&1N>I~(?VeFpFHP9yoZxzJE?4bAK*!`ZShn=sX
zsE##;stYiPS-g9oo7XWifz%wRiy7}pw{)7mF$9M5powgy^9~oVpGWL!;kzUQ10z%T
zPg#!t&!k?@iSwd3;PBuabPT}F<MZ13W<J&@Ip{)(+ZwMKWo*gBF%JgS@mv&80}qYP
zR#)O9$lmQC<)92&b?OJJ<NtSbQc1`faN+;cTm$1lmxtBgeM-Y2I5Q$qCX<`!2Dgc8
zK?WO^p;m4tGXOvJTNSEE&76DMquH<-98Pv>UW}T{1hg$k4+fHcISjsMBawMC?<!ZY
zasvX5^9$ApCl1Vjv(RCk0Lul28v~?4uqMUZPW`k8Th{6P*_VvkMNk{T*>*f#vi;V7
zbPwtjPdA_m+Q%=;$JSN8o)CB4n_g*6tlH49Em(-QN(I3y+LvzJ#<CSA-gxU81f)@&
zEcj3W@@aqCKww*ZxeUCpNSh2vg=OK1MxCRLITPPsvGAh&5ZLvE<e^EwnGG*n>`I8?
z8QMuXL4%>y@tBboU4l^|5MlteQE@_-qXnV0aZ2VE5UZW)hsfeJ&TMN-AI+7{2y-TM
z+)|$LKMv%tk=dhriceDw%u-iE@_QYEU>NmAK<D10DlwtRrVLDYggT{7$w6?+kw}Eu
z>8tspuJ9MC!xcU9927jR>I0?Xt%1}9-O<gt2f||czIrMt1{M>{Zts6o=S$GNK@FsU
zSeF-H>n|nvIg%i8TGaZsg$W*;nr&b3vN*zMDF*RL@tZf@kO5Vxsq;I<Y?wlo!(KGn
z6fTB#C#kS#+X^(8T|XA;=T{ueKw$2?VyonUG7}YGuzZkCg}eCrPXGw`#)zU^1w6B`
z(%TniSgM<7CkOL~&~*WiqZjY*!~z1iP)>b62yLa28m1NG=)|+Mjl^<uBJIQ;L&X^B
zp#}(qO`7@+d4c}+<eM|lMETG!9X6GR@Tf@`&wK;(kq95Cm9Y4!6?rG?#s3g+1RCC<
z>5q=B+&89qXd*Ompbe4hv5Cc%kC03H>N9>$6tg((a}v<^>j0JDzz*gUZw}-^!{9k_
zB}a6k#Nk4d9A-*qpMrZBB#}YC5*5I=r3AcF`R^(?wYQhG_?(DN_7ap$A&M({>s%)}
zTyaS$-U_Z969fph^uZRyk&4kgKDNJF8og;2v3`J<!6c~rPYvFD1kY=|P7$E*CLWaQ
zKvn)Ct}60K5u%iYBdc_7UI?dNlZ+{zBKVQ#BgI+YOiV@7neGIs!Q7SB7^;^-Bmi5b
zecYg|t%KPWw3@?X<mM0GwtG4yv~qW2{k~rj6%P4jSI*PF@&-~!Dv=+t_l9iGJA~3h
z&`<#Db~J$TDGrcD16sZn9);Js3do83Z-#r34#iU)D0%#6*nDXD{SJ+nA?=*vk%&+M
zp|`_Hk|XTF90p1k@+J8819l_3LIj{`KPOg;oZ@WA+QN@CH8D!}!cyuX=mJGK0yw$Q
zxdFzMPSdVifiT_5QoTX*j1?c3#O(HL6m~~UCX<2zy$zGxl?UeWN(w(iqLTsqI9Q;k
z`{Rx_ar{lkpCqdvk_8F_Va({B^X}x15y<q~^izPfKSy6fY*)bMXlCv>F%LeKvROAa
zoYQ}*_zc~X=_j-MExKSxi`?3wA;=Wq=K%!oth+}!e!=p)V9BCq`r^3GcYLejJ0>C;
ze6hTUE)09fOmN0b4~ItP;hz8!L6<{P9fPwGkbI%sx}jGaz7LcbDroGHGA7#1nZu2w
z)o$fNvh!)=%x3`yh*ps3Ujp0XcJcS;a8a&Oey#=VSQxwl3VMtn3pZuBg>6VBiwyp6
za5_`rH{3J&2*=9oqKS%u@0H|ba@@)4XmdQ;I|V+y<vdd-7Ay|;nRq(_WJ&Wb`<ds?
zvejg6SyBt>S^y@5LUXai<+EBC|L*R;-VWB3l6uYHz>!D=6z}W1Vh+!K-z9OHImErF
z-I%lY?DzTiVM75-#=}h+8P*R`U<|a(JDcsM650*PldI?$&JyvJwDOpSIKHg^Yo1K@
zoC~i3OHqvd#?^Hme)&4o{p5Ath|;!G+zCfy4)JNREC}foDZ;q$IYi4uXm|6g*K%6;
zg#Vp3Fkx|a!LL!aB@T<R76cFnv=4|Dc!|gw=1VgkF0oud<~H%><(+Py`VG)fKNb-u
z$phMcq(6R;*ikx9g{@U~*kFsQNxOjbMgtS^go>dSB7KEViv=s@2(=Uvca-yG18C7&
zYLv#E0|KJ43`6?Kx4E(hTVhYf7yUINq%eXRtrowyohIv8{0PBL@y%|`Q@`|eICuA%
z4Y`ATbcH&EBwZ|1qtMiU#s$%*Z>0E?a0g=c!p*2LjoK`cZ$54hJ?xIM_7K{$*8rFC
zLPOF2aVLW{%PB_!nJ43R52_s&RLF>T2F=)|{tjZGTy=k_JX^;SkHSE;H|vKX1e1nD
z;^4HT#H~>?011?asr<_b9W#;JR891;CVH^$Y7nOsgzu~ZPtMXdZUQBpDQfAPHjN3i
ziY)C~>bDs(s}OnN$yw8H6u{I-*$;<c7?0EgtOd{Lw}dA!bybr0(%+A>S0C-_p<uwN
z$PXO_MTu2jqp-8spAO4{Y$zcR*YP&A6n0989K%}2cDZbNeCRyyShPYBTqsEVcob;s
z8~4y`=`GlAO`!FPB<gsNdc4Fmt56p>|NKC&newp)5syo1q=7&xgRfX&B`p&d0nj-<
zI<KIi{eRlnKM6Bj+UMh0I=1}pb~QB^tUusQV@Q*NHaSEV+3B7<)3Z7K%o{|LS4>oX
zE&nuUOVDPk7+C}QfFiRIj&l)0pW&7}=*1bb>Vy)+J0l~+!O&mU{?p<xguy|kGjwCU
z`k*){)Rj-mTY`M<s^I+JL5&%$L8U?Tz30rs7n2Ruwr6~1bq}KR5CS_X_u8+$`(9o2
zVmY?)J3b00)poy4a`TzZDUe-N3Lk-ijgr#RshP>2YastkzDr5SxzeQsB^s)t&NtaS
zjU}Tbj^9xhYNB*}%KpdKvmI^A<MgKuBLuho&0(Otfjug_rzK~-G=AWX>?%(@wx)Wj
z-MMZ4h-%`Q{j$!VmC1)M{EmiJbnOP5H6ywjZkRHdcoQn@SzCFTJXhe8xhh`5vpY_-
zKMZa@kCzZUS6GvK6wjf&tK5i?xr3%qT(>moUh^>oiaD7P69%kV<RMOGu%K&Q3)blq
zxH!&)Ir%Z2h%9Y@{+pvsijL%qX$<R?YwqlgUI^uzeU**YL~!!iuE?}&#;cT{`VSEQ
zY!c^WtDCxYxoSI1&Jxk;bx-IoXiKf~f-;n3tb3JwHSk1@2JJ>@4Qo^2g;kO4vlx(a
zVhS=L6}`kmfSxer1@Jf*Zx%dKz&#1}?Wds)9wdj5ctC>QE^XCK`5~g`E~N~%rYT<s
z3ywuqx6EI_<Rm_A2)XCj354VrsE1&Ea9JfI#DeW5^x;806aYBqir0CoEfj#-vQL>L
z%zv%Koj<%U=S#8w)=xxhoMWQ3Ce0+pjpCYNS)b}U>RB*T)cnq&p|RJ?84n7KHP86D
zDpDr`C=T{ry^NE>da9O@r|g0`Z=-nu#0nEq5q$xfsC1%g+*P<kZsS%5661nSmBfmW
zFeQa;L=W{I@Jzu`7l3`$Y~pMN=(HD-0>CZ99;8{ixD~jc|N4kmeXy~c)b@SWa3PK^
zd?>%vzp8V&7clVPk<;J=c)(zfDAv!attv}<P2r<~A4!R{gH(9g-+nz=epOS+kU8rX
z$6Z?q5K`<JDu)98nX`sLbrh-)+}1dZFXKdH@nO~TA@1x6H1S0(qs_?Zf|}5}B@5c8
z-0yIzN4{-ROwESQ_jc5`D-3{$f&ST1AGd0HVq_-4Rci3*A`@kEqn*y;=VKnAnaR;!
z)T<NRfUg<A2*@Sk8_g&u*d7~t$F9bENc@IH&T+dv0cid(qg1}NNxvJ*88JCg8e$6-
zO`%+>lE48GGrC9lRH^60qTkRVs?TBcQ@BG^fU#bY5CXXwujMwCj3?udA}?)P=1%!Y
zZIom^sgNsDk(zR%TieNyCA8Zy1nwJfL>1t6U*1GfKHymqP-9-?A|;npums-zN02Mb
zpyu6e_op#7>Fl64U;al6qQHv5@BJ4T7GsEC?~&hi>{&<h%UT7>j^l(^wOPl8i{=t$
zRk^Yr?9@fk`|>|1$V3~{jKrR-?0*}WnL}a?K0zqDWg+h<QU+L(lg4^L>-ON}VJNY%
zuaM0K&xLS{Y;12RHOjT39b;L8qeLW?{AFQAF|tly;sVbWIwjz9a(E{i8j=*r-mn>D
z_-nEi>DO(qC5Pyk)GU0PEY5Qeva`6fejdjAB-zjGVO#(8=6IRD&Mf|DX<)JAvv7FZ
zhh54>_)n(0F}5BRgBl7{M1@#XM|hkv$smSTjyyW+mA|<+&L*XQQ&EC*<cZmeR`d${
z#^MN2$(D5;o-=yA*TlA2s9a?*FkOqJk>W}paUQ+yHfTq=P%-6F10_sEtUI*HIK2;c
z-$JhIMSc{OoM2RaUw49hrduKXL?Jv@QBi<=^^>qzTn3|7ntuQ@y2KD#;m;cSIreDg
z!j_QQVs2b=Ez{xN_0Mi_v_dD*yyhu<*_;LI=?g4>uQ7k4EbA0&)fHazVm9Ss1_WSs
zTSBX^aH?S#?JCIGj_q>K6oD0kkFthEL9wbR8HXDQz2Eg0O^g<S!t{?okvh7iRaUJh
z2y<o=ZMP}t$7hE_5xfi?J)e(UtfiJHkcJiN_{D~hk$|7-Mc8zCRrVvgp*QkGSV;!u
zjnt|=;HHk+Lx51cY09V>q&LzvkHYOY(GN0>FZ&IaW*pQbf8d2G6YUWpakX0v^q!6@
z=J2AYOfym_uQDPQVDyTT8pOsnK^FNmLpfWLUGLy~8t^tC&pm-Qq+o%OPB%~oXD7s^
zO(kJM^kDrE;!a89XzdzDDNj68o?{<GPb+~wJ!&pwAM#r_vYP3&HRZ=tb;c*aa%x%_
zx6<hjfl^eSw2lezz7*y(89mp*^^B9P*W9FchU%zHLAiVoQ-<lk#zWPG1Uff=miouo
zxK*3rb1ieiH0r&)dEWPlxL}>hND%x(2p37`!!DrHtXbI(JEY8b#v0j7kTJTdlfh?s
zJ(4;J<6lS_xwFHI&Q(7xbKg!&xMg|~r>;%_w~IXkO{~u$!aEW;I_1M)^NM{!SMhXM
zrTdCua|xV&X$uFZng2@xf;`dWdus1HHq+?-go;nIRij-gVwL}qY<NHsaH4?0rz;zk
zmQ0(4ymzmpFl;@v;bBvTL&;dbMA?i38!&`lIv2p7Jz}Yhr%z*r{GAJb_iT#mnP-(Z
zm<G5IA^|nyhIN-6)C<7g&Vr(VdcW>Sm;tV%NQ}Av+7AB_M>W($Q~n+t=`(2`b0K>M
z=%#ftzd!z*8JO@DiVl`mXB}I95*xk>Nt|h$n{cBbJ}$3)_Wm6)VZgriX$+8g`sEXG
zGf|3DwBxGYA)GlN4n{s^OiYC~>>S7m&<={`VhpQc_MN(BXM5Z1(5Mx(P{b}(-IGi`
zrZmCj2MMM)RhDx&UAlC7&c(yQf({mOxXZ*q_5QtkzaOxw0|NI|J&t(c4bW3O7dCEm
z({7Pk_A{r$sfV?bti!55>;u$&`msE2Dr6P2<-)hv4!EmQWQ~?|mCfQhIzg(kTMGG^
zs9b>4s?V_|mAHq@@|D}$R{(x8YJ<t2fhgo@)dvuj?I_M{8RM{yS{VhFKiN|p)sp+V
z6BATu0%qba+XA#wk?lB?H^#@tluY!xp}b5kCYU&uRG~~1@}+D=$_yZRl+%GaemTFC
z%*iTSKbzr#o8qz7{vq^*Gz?e*xCQ?+d;BaQ4Y+f0U<@cVSl?i2W1@m)Esi?l)C&Ey
F@CFw_Xp#T`

literal 0
HcmV?d00001

diff --git a/tests/fuzz/CMakeLists.txt b/tests/fuzz/CMakeLists.txt
new file mode 100644
index 000000000..853d46a12
--- /dev/null
+++ b/tests/fuzz/CMakeLists.txt
@@ -0,0 +1,91 @@
+# Copyright (c) 2014-2017, The Monero Project
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without modification, are
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this list of
+#    conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice, this list
+#    of conditions and the following disclaimer in the documentation and/or other
+#    materials provided with the distribution.
+#
+# 3. Neither the name of the copyright holder nor the names of its contributors may be
+#    used to endorse or promote products derived from this software without specific
+#    prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+# THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+add_executable(block_fuzz_tests block.cpp fuzzer.cpp)
+target_link_libraries(block_fuzz_tests
+  PRIVATE
+    cryptonote_core
+    p2p
+    epee
+    ${CMAKE_THREAD_LIBS_INIT}
+    ${EXTRA_LIBRARIES})
+set_property(TARGET block_fuzz_tests
+  PROPERTY
+    FOLDER "tests")
+
+add_executable(transaction_fuzz_tests transaction.cpp fuzzer.cpp)
+target_link_libraries(transaction_fuzz_tests
+  PRIVATE
+    cryptonote_core
+    p2p
+    epee
+    ${CMAKE_THREAD_LIBS_INIT}
+    ${EXTRA_LIBRARIES})
+set_property(TARGET transaction_fuzz_tests
+  PROPERTY
+    FOLDER "tests")
+
+add_executable(signature_fuzz_tests signature.cpp fuzzer.cpp)
+target_link_libraries(signature_fuzz_tests
+  PRIVATE
+    wallet
+    cryptonote_core
+    p2p
+    epee
+    ${CMAKE_THREAD_LIBS_INIT}
+    ${EXTRA_LIBRARIES})
+set_property(TARGET signature_fuzz_tests
+  PROPERTY
+    FOLDER "tests")
+
+add_executable(cold-outputs_fuzz_tests cold-outputs.cpp fuzzer.cpp)
+target_link_libraries(cold-outputs_fuzz_tests
+  PRIVATE
+    wallet
+    cryptonote_core
+    p2p
+    epee
+    ${CMAKE_THREAD_LIBS_INIT}
+    ${EXTRA_LIBRARIES})
+set_property(TARGET cold-outputs_fuzz_tests
+  PROPERTY
+    FOLDER "tests")
+
+add_executable(cold-transaction_fuzz_tests cold-transaction.cpp fuzzer.cpp)
+target_link_libraries(cold-transaction_fuzz_tests
+  PRIVATE
+    wallet
+    cryptonote_core
+    p2p
+    epee
+    ${CMAKE_THREAD_LIBS_INIT}
+    ${EXTRA_LIBRARIES})
+set_property(TARGET cold-transaction_fuzz_tests
+  PROPERTY
+    FOLDER "tests")
+
diff --git a/tests/fuzz/block.cpp b/tests/fuzz/block.cpp
new file mode 100644
index 000000000..099e8e3bd
--- /dev/null
+++ b/tests/fuzz/block.cpp
@@ -0,0 +1,67 @@
+// Copyright (c) 2017, The Monero Project
+// 
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+// 
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+// 
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+// 
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include "include_base_utils.h"
+#include "common/command_line.h"
+#include "file_io_utils.h"
+#include "cryptonote_protocol/blobdatatype.h"
+#include "cryptonote_basic/cryptonote_basic.h"
+#include "cryptonote_basic/cryptonote_format_utils.h"
+#include "fuzzer.h"
+
+class BlockFuzzer: public Fuzzer
+{
+public:
+  virtual int run(const std::string &filename);
+
+private:
+};
+
+int BlockFuzzer::run(const std::string &filename)
+{
+  std::string s;
+
+  if (!epee::file_io_utils::load_file_to_string(filename, s))
+  {
+    std::cout << "Error: failed to load file " << filename << std::endl;
+    return 1;
+  }
+  cryptonote::block b = AUTO_VAL_INIT(b);
+  if(!parse_and_validate_block_from_blob(s, b))
+  {
+    std::cout << "Error: failed to parse block from file  " << filename << std::endl;
+    return 1;
+  }
+  return 0;
+}
+
+int main(int argc, const char **argv)
+{
+  BlockFuzzer fuzzer;
+  return run_fuzzer(argc, argv, fuzzer);
+}
diff --git a/tests/fuzz/cold-outputs.cpp b/tests/fuzz/cold-outputs.cpp
new file mode 100644
index 000000000..e585b4b13
--- /dev/null
+++ b/tests/fuzz/cold-outputs.cpp
@@ -0,0 +1,108 @@
+// Copyright (c) 2017, The Monero Project
+// 
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+// 
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+// 
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+// 
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include "include_base_utils.h"
+#include "file_io_utils.h"
+#include "cryptonote_protocol/blobdatatype.h"
+#include "cryptonote_basic/cryptonote_basic.h"
+#include "cryptonote_basic/cryptonote_format_utils.h"
+#include "wallet/wallet2.h"
+#include "fuzzer.h"
+
+class ColdOutputsFuzzer: public Fuzzer
+{
+public:
+  ColdOutputsFuzzer(): wallet(true) {}
+  virtual int init();
+  virtual int run(const std::string &filename);
+
+private:
+  tools::wallet2 wallet;
+};
+
+int ColdOutputsFuzzer::init()
+{
+  static const char * const spendkey_hex = "0b4f47697ec99c3de6579304e5f25c68b07afbe55b71d99620bf6cbf4e45a80f";
+  crypto::secret_key spendkey;
+  epee::string_tools::hex_to_pod(spendkey_hex, spendkey);
+
+  try
+  {
+    boost::filesystem::remove("/tmp/cold-outputs-test.keys");
+    boost::filesystem::remove("/tmp/cold-outputs-test.address.txt");
+    boost::filesystem::remove("/tmp/cold-outputs-test");
+
+    wallet.init("");
+    wallet.generate("/tmp/cold-outputs-test", "", spendkey, true, false);
+
+    boost::filesystem::remove("/tmp/cold-outputs-test.keys");
+    boost::filesystem::remove("/tmp/cold-outputs-test.address.txt");
+    boost::filesystem::remove("/tmp/cold-outputs-test");
+  }
+  catch (const std::exception &e)
+  {
+    std::cerr << "Error on ColdOutputsFuzzer::init: " << e.what() << std::endl;
+    return 1;
+  }
+  return 0;
+}
+
+int ColdOutputsFuzzer::run(const std::string &filename)
+{
+  std::string s;
+
+  if (!epee::file_io_utils::load_file_to_string(filename, s))
+  {
+    std::cout << "Error: failed to load file " << filename << std::endl;
+    return 1;
+  }
+  s = std::string("\x01\x16serialization::archive") + s;
+  try
+  {
+    std::vector<tools::wallet2::transfer_details> outputs;
+    std::stringstream iss;
+    iss << s;
+    boost::archive::portable_binary_iarchive ar(iss);
+    ar >> outputs;
+    size_t n_outputs = wallet.import_outputs(outputs);
+    std::cout << boost::lexical_cast<std::string>(n_outputs) << " outputs imported" << std::endl;
+  }
+  catch (const std::exception &e)
+  {
+    std::cerr << "Failed to import outputs: " << e.what() << std::endl;
+    return 1;
+  }
+  return 0;
+}
+
+int main(int argc, const char **argv)
+{
+  ColdOutputsFuzzer fuzzer;
+  return run_fuzzer(argc, argv, fuzzer);
+}
+
diff --git a/tests/fuzz/cold-transaction.cpp b/tests/fuzz/cold-transaction.cpp
new file mode 100644
index 000000000..c35d604a8
--- /dev/null
+++ b/tests/fuzz/cold-transaction.cpp
@@ -0,0 +1,110 @@
+// Copyright (c) 2017, The Monero Project
+// 
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+// 
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+// 
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+// 
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include "include_base_utils.h"
+#include "common/command_line.h"
+#include "file_io_utils.h"
+#include "cryptonote_protocol/blobdatatype.h"
+#include "cryptonote_basic/cryptonote_basic.h"
+#include "cryptonote_basic/cryptonote_format_utils.h"
+#include "wallet/wallet2.h"
+#include "fuzzer.h"
+
+class ColdTransactionFuzzer: public Fuzzer
+{
+public:
+  ColdTransactionFuzzer(): wallet(true) {}
+  virtual int init();
+  virtual int run(const std::string &filename);
+
+private:
+  tools::wallet2 wallet;
+};
+
+
+int ColdTransactionFuzzer::init()
+{
+  static const char * const spendkey_hex = "0b4f47697ec99c3de6579304e5f25c68b07afbe55b71d99620bf6cbf4e45a80f";
+  crypto::secret_key spendkey;
+  epee::string_tools::hex_to_pod(spendkey_hex, spendkey);
+
+  try
+  {
+    boost::filesystem::remove("/tmp/cold-transaction-test.keys");
+    boost::filesystem::remove("/tmp/cold-transaction-test.address.txt");
+    boost::filesystem::remove("/tmp/cold-transaction-test");
+
+    wallet.init("");
+    wallet.generate("/tmp/cold-transaction-test", "", spendkey, true, false);
+
+    boost::filesystem::remove("/tmp/cold-transaction-test.keys");
+    boost::filesystem::remove("/tmp/cold-transaction-test.address.txt");
+    boost::filesystem::remove("/tmp/cold-transaction-test");
+  }
+  catch (const std::exception &e)
+  {
+    std::cerr << "Error on ColdTransactionFuzzer::init: " << e.what() << std::endl;
+    return 1;
+  }
+  return 0;
+}
+
+int ColdTransactionFuzzer::run(const std::string &filename)
+{
+  std::string s;
+
+  if (!epee::file_io_utils::load_file_to_string(filename, s))
+  {
+    std::cout << "Error: failed to load file " << filename << std::endl;
+    return 1;
+  }
+  s = std::string("\x01\x16serialization::archive") + s;
+  try
+  {
+    tools::wallet2::unsigned_tx_set exported_txs;
+    std::stringstream iss;
+    iss << s;
+    boost::archive::portable_binary_iarchive ar(iss);
+    ar >> exported_txs;
+    std::vector<tools::wallet2::pending_tx> ptx;
+    bool success = wallet.sign_tx(exported_txs, "/tmp/cold-transaction-test-signed", ptx);
+    std::cout << (success ? "signed" : "error") << std::endl;
+  }
+  catch (const std::exception &e)
+  {
+    std::cerr << "Failed to sign transaction: " << e.what() << std::endl;
+    return 1;
+  }
+  return 0;
+}
+
+int main(int argc, const char **argv)
+{
+  ColdTransactionFuzzer fuzzer;
+  return run_fuzzer(argc, argv, fuzzer);
+}
diff --git a/tests/fuzz/fuzzer.cpp b/tests/fuzz/fuzzer.cpp
new file mode 100644
index 000000000..3edf8cd19
--- /dev/null
+++ b/tests/fuzz/fuzzer.cpp
@@ -0,0 +1,96 @@
+// Copyright (c) 2017, The Monero Project
+// 
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+// 
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+// 
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+// 
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include <boost/program_options.hpp>
+#include "include_base_utils.h"
+#include "common/command_line.h"
+#include "fuzzer.h"
+
+#if (!defined(__clang__) || (__clang__ < 5))
+static int __AFL_LOOP(int)
+{
+  static int once = 0;
+  if (once)
+    return 0;
+  once = 1;
+  return 1;
+}
+#endif
+
+using namespace epee;
+using namespace boost::program_options;
+
+int run_fuzzer(int argc, const char **argv, Fuzzer &fuzzer)
+{
+  TRY_ENTRY();
+  string_tools::set_module_name_and_folder(argv[0]);
+
+  //set up logging options
+  mlog_configure(mlog_get_default_log_path("fuzztests.log"), true);
+  mlog_set_log("*:FATAL,logging:none");
+
+  options_description desc_options("Allowed options");
+  command_line::add_arg(desc_options, command_line::arg_help);
+
+  variables_map vm;
+  bool r = command_line::handle_error_helper(desc_options, [&]()
+  {
+    store(parse_command_line(argc, argv, desc_options), vm);
+    notify(vm);
+    return true;
+  });
+  if (!r)
+    return 1;
+
+  if (command_line::get_arg(vm, command_line::arg_help))
+  {
+    std::cout << desc_options << std::endl;
+    return 0;
+  }
+
+  if (argc < 2)
+  {
+    std::cout << desc_options << std::endl;
+    return 1;
+  }
+
+  int ret = fuzzer.init();
+  if (ret)
+    return ret;
+
+  const std::string filename = argv[1];
+  while (__AFL_LOOP(1000))
+  {
+    ret = fuzzer.run(filename);
+    if (ret)
+      return ret;
+  }
+
+  CATCH_ENTRY_L0("fuzzer_main", 1);
+  return 0;
+}
diff --git a/tests/fuzz/fuzzer.h b/tests/fuzz/fuzzer.h
new file mode 100644
index 000000000..a0a9c0173
--- /dev/null
+++ b/tests/fuzz/fuzzer.h
@@ -0,0 +1,38 @@
+// Copyright (c) 2017, The Monero Project
+// 
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+// 
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+// 
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+// 
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include <string>
+
+class Fuzzer
+{
+public:
+  virtual int init() { return 0; }
+  virtual int run(const std::string &filename) = 0;
+};
+
+int run_fuzzer(int argc, const char **argv, Fuzzer &fuzzer);
diff --git a/tests/fuzz/signature.cpp b/tests/fuzz/signature.cpp
new file mode 100644
index 000000000..69d0ad25b
--- /dev/null
+++ b/tests/fuzz/signature.cpp
@@ -0,0 +1,105 @@
+// Copyright (c) 2017, The Monero Project
+// 
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+// 
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+// 
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+// 
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include "include_base_utils.h"
+#include "common/command_line.h"
+#include "file_io_utils.h"
+#include "cryptonote_protocol/blobdatatype.h"
+#include "cryptonote_basic/cryptonote_basic.h"
+#include "cryptonote_basic/cryptonote_format_utils.h"
+#include "wallet/wallet2.h"
+#include "fuzzer.h"
+
+class SignatureFuzzer: public Fuzzer
+{
+public:
+  SignatureFuzzer(): Fuzzer(), wallet(true) {}
+  virtual int init();
+  virtual int run(const std::string &filename);
+
+private:
+  tools::wallet2 wallet;
+  cryptonote::account_public_address address;
+};
+
+int SignatureFuzzer::init()
+{
+  static const char * const spendkey_hex = "0b4f47697ec99c3de6579304e5f25c68b07afbe55b71d99620bf6cbf4e45a80f";
+  crypto::secret_key spendkey;
+  epee::string_tools::hex_to_pod(spendkey_hex, spendkey);
+
+  try
+  {
+    boost::filesystem::remove("/tmp/signature-test.keys");
+    boost::filesystem::remove("/tmp/signature-test.address.txt");
+    boost::filesystem::remove("/tmp/signature-test");
+
+    wallet.init("");
+    wallet.generate("/tmp/signature-test", "", spendkey, true, false);
+
+    boost::filesystem::remove("/tmp/signature-test.keys");
+    boost::filesystem::remove("/tmp/signature-test.address.txt");
+    boost::filesystem::remove("/tmp/signature-test");
+
+    bool has_payment_id;
+    crypto::hash8 new_payment_id;
+    if (!cryptonote::get_account_address_from_str_or_url(address, has_payment_id, new_payment_id, true, "9uVsvEryzpN8WH2t1WWhFFCG5tS8cBNdmJYNRuckLENFimfauV5pZKeS1P2CbxGkSDTUPHXWwiYE5ZGSXDAGbaZgDxobqDN"))
+    {
+      std::cerr << "failed to parse address" << std::endl;
+      return 1;
+    }
+  }
+  catch (const std::exception &e)
+  {
+    std::cerr << "Error on SignatureFuzzer::init: " << e.what() << std::endl;
+    return 1;
+  }
+  return 0;
+}
+
+int SignatureFuzzer::run(const std::string &filename)
+{
+  std::string s;
+
+  if (!epee::file_io_utils::load_file_to_string(filename, s))
+  {
+    std::cout << "Error: failed to load file " << filename << std::endl;
+    return 1;
+  }
+
+  bool valid = wallet.verify("test", address, s);
+  std::cout << "Signature " << (valid ? "valid" : "invalid") << std::endl;
+
+  return 0;
+}
+
+int main(int argc, const char **argv)
+{
+  SignatureFuzzer fuzzer;
+  return run_fuzzer(argc, argv, fuzzer);
+}
diff --git a/tests/fuzz/transaction.cpp b/tests/fuzz/transaction.cpp
new file mode 100644
index 000000000..21cd01bef
--- /dev/null
+++ b/tests/fuzz/transaction.cpp
@@ -0,0 +1,67 @@
+// Copyright (c) 2017, The Monero Project
+// 
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+// 
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+// 
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+// 
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include "include_base_utils.h"
+#include "common/command_line.h"
+#include "file_io_utils.h"
+#include "cryptonote_protocol/blobdatatype.h"
+#include "cryptonote_basic/cryptonote_basic.h"
+#include "cryptonote_basic/cryptonote_format_utils.h"
+#include "fuzzer.h"
+
+class TransactionFuzzer: public Fuzzer
+{
+public:
+  virtual int run(const std::string &filename);
+
+private:
+};
+
+int TransactionFuzzer::run(const std::string &filename)
+{
+  std::string s;
+
+  if (!epee::file_io_utils::load_file_to_string(filename, s))
+  {
+    std::cout << "Error: failed to load file " << filename << std::endl;
+    return 1;
+  }
+  cryptonote::transaction tx = AUTO_VAL_INIT(tx);
+  if(!parse_and_validate_tx_from_blob(s, tx))
+  {
+    std::cout << "Error: failed to parse transaction from file  " << filename << std::endl;
+    return 1;
+  }
+  return 0;
+}
+
+int main(int argc, const char **argv)
+{
+  TransactionFuzzer fuzzer;
+  return run_fuzzer(argc, argv, fuzzer);
+}