fixes

Author: abenso

Makefile

@@ -45,6 +45,12 @@ fuzz_crash:
 fuzz_clean:
 	@cd fuzzing && $(MAKE) fuzz_clean
 
+fuzz_report:
+	@cd fuzzing && $(MAKE) fuzz_report
+
+fuzz_report_html:
+	@cd fuzzing && $(MAKE) fuzz_report_html
+
 fuzz_help:
 	@echo "Fuzzing targets for ledger-zxlib:"
 	@echo ""

fuzzing/FuzzingCommon.cmake

@@ -48,13 +48,13 @@ endif()
 if(ENABLE_COVERAGE)
     message(STATUS "Coverage enabled")
 
-    # Create coverage directory in project fuzz folder
-    file(MAKE_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}/fuzz/coverage")
+    # Create coverage directory in project folder
+    file(MAKE_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}/coverage")
 
     # Add coverage instrumentation
-    string(APPEND CMAKE_C_FLAGS " -fprofile-instr-generate=${CMAKE_CURRENT_SOURCE_DIR}/fuzz/coverage/%p.profraw -fcoverage-mapping")
-    string(APPEND CMAKE_CXX_FLAGS " -fprofile-instr-generate=${CMAKE_CURRENT_SOURCE_DIR}/fuzz/coverage/%p.profraw -fcoverage-mapping")
-    string(APPEND CMAKE_LINKER_FLAGS " -fprofile-instr-generate=${CMAKE_CURRENT_SOURCE_DIR}/fuzz/coverage/%p.profraw -fcoverage-mapping")
+    string(APPEND CMAKE_C_FLAGS " -fprofile-instr-generate=${CMAKE_CURRENT_SOURCE_DIR}/coverage/%p.profraw -fcoverage-mapping")
+    string(APPEND CMAKE_CXX_FLAGS " -fprofile-instr-generate=${CMAKE_CURRENT_SOURCE_DIR}/coverage/%p.profraw -fcoverage-mapping")
+    string(APPEND CMAKE_LINKER_FLAGS " -fprofile-instr-generate=${CMAKE_CURRENT_SOURCE_DIR}/coverage/%p.profraw -fcoverage-mapping")
 endif()
 
 # Sanitizers configuration

fuzzing/Makefile

@@ -104,21 +104,39 @@ fuzz_report:
 		fi; \
 	done
 
-# Generate HTML coverage report
+# Generate unified HTML coverage report for all fuzzers
 .PHONY: fuzz_report_html
 fuzz_report_html:
+	@# Check coverage directory exists and has data
 	@if [ ! -d "$(FUZZ_COVERAGE_DIR)" ] || [ -z "$$(ls -A $(FUZZ_COVERAGE_DIR) 2>/dev/null)" ]; then \
 		echo "Error: Coverage directory is empty. Please run the fuzzer with ENABLE_COVERAGE flag ON"; \
 		exit 1; \
 	fi
+	@# Merge all profraw files into a single profdata file
 	@llvm-profdata merge -sparse $(FUZZ_COVERAGE_DIR)/*.profraw -o $(FUZZ_COVERAGE_DIR)/coverage.profdata
-	@for fuzzer in $(FUZZ_BUILD_DIR)/fuzz-*; do \
-		if [ -x "$$fuzzer" ]; then \
-			llvm-cov show $$fuzzer -instr-profile=$(FUZZ_COVERAGE_DIR)/coverage.profdata \
-				-format=html -output-dir=$(FUZZ_COVERAGE_DIR)/report_html_$$(basename $$fuzzer); \
-		fi; \
-	done
-	@echo "HTML coverage reports generated in $(FUZZ_COVERAGE_DIR)/report_html_*"
+	@echo "Generating unified coverage report for all fuzzers..."
+	@rm -rf $(FUZZ_COVERAGE_DIR)/report_html_unified
+	@# Generate HTML report with all fuzzer binaries
+	@llvm-cov show \
+		$(FUZZ_BUILD_DIR)/fuzz-base58 \
+		-object $(FUZZ_BUILD_DIR)/fuzz-base64 \
+		-object $(FUZZ_BUILD_DIR)/fuzz-bech32 \
+		-object $(FUZZ_BUILD_DIR)/fuzz-hexutils \
+		-object $(FUZZ_BUILD_DIR)/fuzz-segwit_addr \
+		-object $(FUZZ_BUILD_DIR)/fuzz-bignum \
+		-object $(FUZZ_BUILD_DIR)/fuzz-zxformat \
+		-object $(FUZZ_BUILD_DIR)/fuzz-timeutils \
+		-instr-profile=$(FUZZ_COVERAGE_DIR)/coverage.profdata \
+		-format=html \
+		-output-dir=$(FUZZ_COVERAGE_DIR)/report_html_unified \
+		-show-line-counts-or-regions \
+		-show-instantiations \
+		-show-expansions
+	@echo "Unified HTML coverage report generated in $(FUZZ_COVERAGE_DIR)/report_html_unified"
+	@# Open report in default browser (cross-platform)
+	@open $(FUZZ_COVERAGE_DIR)/report_html_unified/index.html 2>/dev/null || \
+		xdg-open $(FUZZ_COVERAGE_DIR)/report_html_unified/index.html 2>/dev/null || \
+		echo "Please open manually: $(FUZZ_COVERAGE_DIR)/report_html_unified/index.html"
 
 # === PYTHON FORMATTING TARGETS ===
 

fuzzing/fuzz_local/CMakeLists.txt

@@ -89,4 +89,49 @@ target_include_directories(zxlib_hexutils PUBLIC
 add_fuzz_target(hexutils hexutils_fuzzer.cpp zxlib_hexutils)
 
 # Create library for segwit_addr (reuse existing bech32 sources)
-add_fuzz_target(segwit_addr segwit_addr_fuzzer.cpp zxlib_bech32)
+add_fuzz_target(segwit_addr segwit_addr_fuzzer.cpp zxlib_bech32)
+
+# Find source files for bignum
+file(GLOB BIGNUM_SOURCES
+    "${ZXLIB_SRC_DIR}/bignum.c"
+)
+
+# Create library for bignum
+add_library(zxlib_bignum STATIC ${BIGNUM_SOURCES})
+target_include_directories(zxlib_bignum PUBLIC 
+    ${ZXLIB_INCLUDE_DIR}
+    ${ZXLIB_SRC_DIR}
+)
+
+# Add fuzz target for bignum
+add_fuzz_target(bignum bignum_fuzzer.cpp zxlib_bignum)
+
+# Find source files for zxformat
+file(GLOB ZXFORMAT_SOURCES
+    "${ZXLIB_SRC_DIR}/zxformat.c"
+)
+
+# Create library for zxformat
+add_library(zxlib_zxformat STATIC ${ZXFORMAT_SOURCES})
+target_include_directories(zxlib_zxformat PUBLIC 
+    ${ZXLIB_INCLUDE_DIR}
+    ${ZXLIB_SRC_DIR}
+)
+
+# Add fuzz target for zxformat
+add_fuzz_target(zxformat zxformat_fuzzer.cpp zxlib_zxformat)
+
+# Find source files for timeutils
+file(GLOB TIMEUTILS_SOURCES
+    "${ZXLIB_SRC_DIR}/timeutils.c"
+)
+
+# Create library for timeutils
+add_library(zxlib_timeutils STATIC ${TIMEUTILS_SOURCES})
+target_include_directories(zxlib_timeutils PUBLIC 
+    ${ZXLIB_INCLUDE_DIR}
+    ${ZXLIB_SRC_DIR}
+)
+
+# Add fuzz target for timeutils
+add_fuzz_target(timeutils timeutils_fuzzer.cpp zxlib_timeutils)

fuzzing/fuzz_local/analyze_local_crashes.py

@@ -17,26 +17,26 @@
 try:
     # Import configuration from fuzz_config
     from fuzz_config import FUZZ_BUILD_DIR
-    
+
     # Check if analyzer script exists
     analyzer_script = os.path.join(fuzzing_dir, "analyze_crashes.py")
     if not os.path.exists(analyzer_script):
         print(f"Error: Analyzer script not found at {analyzer_script}")
         sys.exit(1)
-    
+
     # Override default arguments to point to this project root
     if "--fuzz-dir" not in sys.argv:
         sys.argv.extend(["--fuzz-dir", current_dir])
-    
+
     # Import and run the common crash analyzer
     from analyze_crashes import main
-    
+
     print("🔍 Analyzing ledger-zxlib fuzzer crashes...")
     print(f"Working directory: {current_dir}")
     print(f"Build directory: {os.path.join(current_dir, FUZZ_BUILD_DIR)}")
-    
+
     sys.exit(main())
-    
+
 except ImportError as e:
     print(f"Error: Cannot import required module: {e}")
     print("Make sure ../analyze_crashes.py and fuzz_config.py exist")

fuzzing/fuzz_local/bignum_fuzzer.cpp

@@ -0,0 +1,75 @@
+/*******************************************************************************
+ *   (c) 2025 Zondax AG
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ ********************************************************************************/
+
+#include <cassert>
+#include <cstddef>
+#include <cstdint>
+#include <cstring>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "bignum.h"
+
+#ifdef __cplusplus
+}
+#endif
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+    if (size < 2) {
+        return 0;
+    }
+
+    // Test bignumLittleEndian_to_bcd and bignumLittleEndian_bcdprint
+    uint8_t bcd_buffer[128];
+    char print_buffer[256];
+
+    // Limit input size to avoid too large allocations
+    const size_t input_size = (size > 64) ? 64 : size;
+
+    // Test little endian BCD conversion
+    memset(bcd_buffer, 0, sizeof(bcd_buffer));
+    bignumLittleEndian_to_bcd(bcd_buffer, sizeof(bcd_buffer), data, input_size);
+
+    // Test BCD to string printing
+    bignumLittleEndian_bcdprint(print_buffer, sizeof(print_buffer), bcd_buffer, sizeof(bcd_buffer));
+
+    // Test big endian BCD conversion
+    memset(bcd_buffer, 0, sizeof(bcd_buffer));
+    bignumBigEndian_to_bcd(bcd_buffer, sizeof(bcd_buffer), data, input_size);
+
+    // Test BCD to string printing for big endian
+    bignumBigEndian_bcdprint(print_buffer, sizeof(print_buffer), bcd_buffer, sizeof(bcd_buffer));
+
+    // Test with various buffer sizes
+    if (size > 4) {
+        const uint16_t bcd_len = (data[0] % 64) + 1;
+        const uint16_t out_len = (data[1] % 128) + 1;
+
+        if (bcd_len <= sizeof(bcd_buffer) && out_len <= sizeof(print_buffer)) {
+            memset(bcd_buffer, 0, bcd_len);
+            bignumLittleEndian_to_bcd(bcd_buffer, bcd_len, data + 2, input_size - 2);
+            bignumLittleEndian_bcdprint(print_buffer, out_len, bcd_buffer, bcd_len);
+
+            memset(bcd_buffer, 0, bcd_len);
+            bignumBigEndian_to_bcd(bcd_buffer, bcd_len, data + 2, input_size - 2);
+            bignumBigEndian_bcdprint(print_buffer, out_len, bcd_buffer, bcd_len);
+        }
+    }
+
+    return 0;
+}

fuzzing/fuzz_local/fuzz_config.py

@@ -18,14 +18,7 @@
 # Add parent directory to path to import FuzzConfig
 sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
 
-try:
-    from run_fuzzers import FuzzConfig
-except ImportError:
-    # Fallback if common module is not available
-    class FuzzConfig:
-        def __init__(self, name: str, max_len: int = 17000):
-            self.name = name
-            self.max_len = max_len
+from run_fuzzers import FuzzConfig
 
 
 def get_fuzzer_configs():
@@ -36,6 +29,9 @@ def get_fuzzer_configs():
         FuzzConfig(name="base64", max_len=1024),  # base64 fuzzer for encoding
         FuzzConfig(name="hexutils", max_len=512),  # hexutils fuzzer for hex string parsing
         FuzzConfig(name="segwit_addr", max_len=256),  # segwit address fuzzer
+        FuzzConfig(name="bignum", max_len=256),  # bignum fuzzer for BCD conversion
+        FuzzConfig(name="zxformat", max_len=512),  # zxformat fuzzer for string formatting
+        FuzzConfig(name="timeutils", max_len=256),  # timeutils fuzzer for time operations
     ]
 
 

fuzzing/fuzz_local/run_local_fuzz.py

@@ -17,22 +17,22 @@
 try:
     from run_fuzzers import main
     from fuzz_config import MAX_SECONDS, FUZZER_JOBS
-    
+
     # Override default arguments to point to this project root
     if "--fuzz-dir" not in sys.argv:
         sys.argv.extend(["--fuzz-dir", current_dir])
-    
+
     # Override max-seconds if not provided
     if "--max-seconds" not in sys.argv:
         sys.argv.extend(["--max-seconds", str(MAX_SECONDS)])
-    
+
     # Override jobs if not provided
     if "--jobs" not in sys.argv:
         sys.argv.extend(["--jobs", str(FUZZER_JOBS)])
-    
+
     # Run the common fuzzer
     sys.exit(main())
-    
+
 except ImportError as e:
     print(f"Error: Cannot import required module: {e}")
     print("Make sure ../run_fuzzers.py and fuzz_config.py exist")

fuzzing/fuzz_local/timeutils_fuzzer.cpp

@@ -0,0 +1,73 @@
+/*******************************************************************************
+ *   (c) 2025 Zondax AG
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ ********************************************************************************/
+
+#include <cassert>
+#include <cstddef>
+#include <cstdint>
+#include <cstring>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "timeutils.h"
+
+#ifdef __cplusplus
+}
+#endif
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+    if (size < 8) {
+        return 0;
+    }
+
+    char buffer[256];
+
+    // Test printTime with various timestamps
+    uint64_t timestamp;
+    memcpy(&timestamp, data, sizeof(uint64_t));
+
+    // Test printTime function
+    printTime(buffer, sizeof(buffer), timestamp);
+
+    // Test with smaller buffer sizes
+    printTime(buffer, 50, timestamp);
+    printTime(buffer, 20, timestamp);
+    printTime(buffer, 10, timestamp);
+    printTime(buffer, 1, timestamp);
+
+    // Test printTimeSpecialFormat if available
+    printTimeSpecialFormat(buffer, sizeof(buffer), timestamp);
+    printTimeSpecialFormat(buffer, 50, timestamp);
+
+    // Test month functions
+    if (size > 0) {
+        const uint8_t month = data[0] % 13;  // 0-12
+        const char *monthStr = getMonth(month);
+        (void)monthStr;  // Use to avoid warning
+    }
+
+    // Test decodeTime function
+    if (size >= 8) {
+        timedata_t timedata;
+        decodeTime(&timedata, timestamp);
+
+        // Also test extractTime
+        extractTime(timestamp, &timedata);
+    }
+
+    return 0;
+}