Skip to content

fuzz-tests: improve fuzz-bech32 #8311

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

fuzz-tests: improve fuzz-bech32 #8311

wants to merge 4 commits into from
+23 −16

Conversation

Chand-ra
Copy link

@Chand-ra Chand-ra commented Jun 2, 2025
edited
Loading

Add improvements to tests/fuzz/fuzz-bech32 and add the coverage increasing inputs to the corresponding corpus.

Checklist

Before submitting the PR, ensure the following tasks are completed. If an item is not applicable to your PR, please mark it as checked:

  • The changelog has been updated in the relevant commit(s) according to the guidelines.
  • Tests have been added or modified to reflect the changes.
  • Documentation has been reviewed and updated as needed.
  • Related issues have been listed and linked, including any that this PR closes.

CC: @morehouse

Chandra Pratap added 2 commits June 2, 2025 05:25
fuzz-tests: Replace manual allocations with tal_arr()
5ed84e9 
Changelog-None: Use the common library utilities for temporary
allocations instead of manually calling `malloc` and `free`.

This makes the code conformant with rest of the codebase and
reduces the chances of leaks.
fuzz-tests: Test over all possible witness version values
bfb072e 
According to `common/bech32.h`, the valid values of witness
program version are between 0 and 16 (inclusive). Update the
test to iterate over all of these values.
morehouse
morehouse reviewed Jun 7, 2025
View reviewed changes
tests/fuzz/fuzz-bech32.c Outdated
uint8_t *converted = tal_arr(tmpctx, uint8_t, size * 2);
size_t converted_len = 0;
if (bech32_convert_bits(converted, &converted_len, 5, data, size, 8, 1)) {
uint8_t *deconverted = tal_arr(tmpctx, uint8_t, converted_len * 2);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does deconverted need to be size converted_len * 2? If we're going from 5 bits back to 8 bits, shouldn't we need at most size bytes?

tests/fuzz/fuzz-bech32.c Outdated
@@ -60,5 +60,18 @@ void run(const uint8_t *data, size_t size)
assert(memcmp(data_out, data, data_out_len) == 0);
}

/* Test 8-to-5 bit roundtrip conversion */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it make sense to do the roundtrip as part of the above call to bech32_convert_bits?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense, the calls above don't test a whole lot.

fuzz-tests: test 8-to-5 bit conversion
c7f37f8 
Currently, the test only verifies the 5-to-8 bit conversion. Replace
it with a roundtrip check that verifies 8-to-5 bit conversion as well.
fuzz-tests: Add coverage-increasing inputs to seed corpora
f595374 
Change in the fuzzing scheme of fuzz-bech32 led to the
discovery of test inputs that result in greater in code
coverage. Add these inputs to the test's seed corpus.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@morehouse morehouse morehouse left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Chand-ra @morehouse