fuzz-tests: Add fuzz target for closing_complete #8216
Conversation
|
Probably the best person to review this code is @morehouse |
Yeah, I've had a conversation with him over mail. He said he'd get around to it soon. |
| size_t upto_closer_scriptpubkey = (uintptr_t)&x->closer_scriptpubkey - (uintptr_t)x; | ||
| if (memcmp(x, y, upto_closer_scriptpubkey) != 0) | ||
| return false; |
There was a problem hiding this comment.
I'm concerned that some architectures may pad/align struct members to 8 bytes, which means there would be 4 bytes of uninitialized padding between locktime and fee_satoshis that could trigger false positives.
If we want to use the memcmp trick, we should probably move locktime to after fee_satoshis and then manually compare fields starting with locktime and thereafter.
There was a problem hiding this comment.
The memcmp dance takes as much lines as individually comparing struct closing_complete's members, so I've replaced the former with the latter in the latest push.
|
Also would be good to add a minimal input set as a seed corpus. |
Changelog-Added: 'closing_signed' and 'closing_complete' are channel closing negotiation messages defined in BOLT ElementsProject#2. While 'closing_signed' has a wire fuzz test, 'closing_complete' does not. Add a test to perform a round-trip encoding check (towire -> fromwire) similar to the other wire fuzzers.
Add a minimal input set as a seed corpus for the newly introduced test. This leads to discovery of interesting code paths faster.
closing_signedandclosing_completeare channel closing negotiation messages defined in BOLT #2.While
closing_signedhas a wire fuzz test,closing_completedoes not. Add a test to perform a round-trip encoding check (towire -> fromwire) similar to the other wire fuzzers.Checklist
Before submitting the PR, ensure the following tasks are completed. If an item is not applicable to your PR, please mark it as checked: