Skip to content

fuzz-tests: improve fuzz-initial_channel #8373

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

fuzz-tests: improve fuzz-initial_channel #8373

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9a92d82
fuzz-tests: Prevent memory leak in `fuzz-initial_channel`
Jun 18, 2025
ecb1ccb
fuzz-tests: Add tests for untested functions
Jun 25, 2025
7012606
fuzz-tests: Add the crashing input to the test's corpus
Jun 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added tests/fuzz/corpora/fuzz-initial_channel/crash-ba4c2f61ced86bf70af5f7c7d2ed3f7042efe9ce
View file
Open in desktop
Binary file not shown.
37 changes: 33 additions & 4 deletions tests/fuzz/fuzz-initial_channel.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,24 @@ void init(int *argc, char ***argv)
chainparams = chainparams_for_network("bitcoin");
}

#define MAX_SATS (u64)WALLY_SATOSHI_PER_BTC * WALLY_BTC_MAX

static void test_channel_update_funding(struct channel *channel, const u8 **cursor, size_t *max) {
struct bitcoin_outpoint funding;
struct amount_sat funding_sats;
s64 splice_amnt;

if (*max < sizeof(funding) + sizeof(funding_sats) + sizeof(splice_amnt))
return;

fromwire_bitcoin_outpoint(cursor, max, &funding);
funding_sats = fromwire_amount_sat(cursor, max);
funding_sats.satoshis %= MAX_SATS;
splice_amnt = fromwire_s64(cursor, max) % MAX_SATS;

channel_update_funding(channel, &funding, funding_sats, splice_amnt);
}

void run(const uint8_t *data, size_t size)
{
struct channel_id cid;
Expand All @@ -49,7 +67,7 @@ void run(const uint8_t *data, size_t size)
minimum_depth = fromwire_u32(&data, &size);
funding_sats = fromwire_amount_sat(&data, &size);
local_msatoshi = fromwire_amount_msat(&data, &size);
max = AMOUNT_SAT((u32)WALLY_SATOSHI_PER_BTC * WALLY_BTC_MAX);
max = AMOUNT_SAT(MAX_SATS);
if (amount_sat_greater(funding_sats, max))
funding_sats = max;
feerate_per_kw = fromwire_u32(&data, &size);
Expand All @@ -71,8 +89,10 @@ void run(const uint8_t *data, size_t size)

/* TODO: determine if it makes sense to check at each step for libfuzzer
* to deduce pertinent inputs */
if (!data || !size)
if (!data || !size) {
clean_tmpctx();
return;
}

for (enum side opener = 0; opener < NUM_SIDES; opener++) {
channel = new_initial_channel(tmpctx, &cid, &funding,
Expand All @@ -91,8 +111,17 @@ void run(const uint8_t *data, size_t size)
channel_type,
wumbo, opener);

/* TODO: make initial_channel_tx() work with ASAN.. */
(void)channel;
if (channel) {
const u8 *wscript;
struct wally_tx_output *direct_outputs[NUM_SIDES];
char *err_reason = NULL;

if(!initial_channel_tx(tmpctx, &wscript, channel, &local_funding_pubkey,
opener, direct_outputs, &err_reason))
assert(err_reason);

test_channel_update_funding(channel, &data, &size);
}
}

clean_tmpctx();
Expand Down