Merge pull request #95 from sanket1729/fuzz_fixes

Fuzz fixes

Author: sanket1729

.travis.yml

@@ -9,6 +9,7 @@ matrix:
       env: DO_FUZZ=true DO_LINT=true
     - rust: beta
     - rust: nightly
+      env: DO_BENCH=true
     - rust: 1.22.0
 
 script:

contrib/test.sh

@@ -46,5 +46,5 @@ fi
 # Bench if told to
 if [ "$DO_BENCH" = true ]
 then
-    cargo bench --features unstable
+    cargo bench --features="unstable compiler"
 fi

fuzz/Cargo.toml

@@ -14,6 +14,7 @@ honggfuzz_fuzz = ["honggfuzz"]
 [dependencies]
 honggfuzz = { version = "0.5", optional = true }
 afl = { version = "0.3", optional = true }
+regex = { version = "1.3.9"}
 miniscript = { path = "..", features = ["fuzztarget", "compiler"] }
 
 # Prevent this from interfering with workspaces
@@ -42,8 +43,4 @@ path = "fuzz_targets/roundtrip_semantic.rs"
 
 [[bin]]
 name = "compile_descriptor"
-path = "fuzz_targets/compile_descriptor.rs"
-
-[[bin]]
-name = "roundtrip_policy"
-path = "fuzz_targets/roundtrip_policy.rs"
+path = "fuzz_targets/compile_descriptor.rs"

fuzz/README

@@ -0,0 +1,39 @@
+# Fuzz Tests
+
+Repository for fuzz testing Miniscript. 
+
+## How to reproduce crashes?
+
+Travis should output a offending hex("048531e80700ae6400670000af5168" in the example) 
+which you can use as shown. Copy and paste the following code lines into file reporting crashes and 
+replace the hex with the offending hex. 
+Refer to file [roundtrip_concrete.rs](./fuzz_targets/roundtrip_concrete.rs) for an example. 
+
+```
+#[cfg(test)]
+mod tests {
+    fn extend_vec_from_hex(hex: &str, out: &mut Vec<u8>) {
+        let mut b = 0;
+        for (idx, c) in hex.as_bytes().iter().enumerate() {
+            b <<= 4;
+            match *c {
+                b'A'...b'F' => b |= c - b'A' + 10,
+                b'a'...b'f' => b |= c - b'a' + 10,
+                b'0'...b'9' => b |= c - b'0',
+                _ => panic!("Bad hex"),
+            }
+            if (idx & 1) == 1 {
+                out.push(b);
+                b = 0;
+            }
+        }
+    }
+
+    #[test]
+    fn duplicate_crash() {
+        let mut a = Vec::new();
+        extend_vec_from_hex("048531e80700ae6400670000af5168", &mut a);
+        super::do_test(&a);
+    }
+}
+```

fuzz/fuzz_targets/compile_descriptor.rs

@@ -46,31 +46,3 @@ fn main() {
         });
     }
 }
-
-#[cfg(test)]
-mod tests {
-    fn extend_vec_from_hex(hex: &str, out: &mut Vec<u8>) {
-        let mut b = 0;
-        for (idx, c) in hex.as_bytes().iter().enumerate() {
-            b <<= 4;
-            match *c {
-                b'A'...b'F' => b |= c - b'A' + 10,
-                b'a'...b'f' => b |= c - b'a' + 10,
-                b'0'...b'9' => b |= c - b'0',
-                _ => panic!("Bad hex"),
-            }
-            if (idx & 1) == 1 {
-                out.push(b);
-                b = 0;
-            }
-        }
-    }
-
-    #[test]
-    fn duplicate_crash() {
-        super::do_test(b"pkh()");
-        let mut a = Vec::new();
-        extend_vec_from_hex("00", &mut a);
-        super::do_test(&a);
-    }
-}

fuzz/fuzz_targets/roundtrip_concrete.rs

@@ -1,15 +1,20 @@
 
 extern crate miniscript;
-
+extern crate regex;
 use std::str::FromStr;
 use miniscript::{policy, DummyKey};
+use regex::Regex;
 
 type DummyPolicy = policy::Concrete<DummyKey>;
 
 fn do_test(data: &[u8]) {
     let data_str = String::from_utf8_lossy(data);
     if let Ok(pol) = DummyPolicy::from_str(&data_str) {
         let output = pol.to_string();
+        //remove all instances of 1@
+        let re = Regex::new("(\\D)1@").unwrap();
+        let output = re.replace_all(&output, "$1");
+        let data_str = re.replace_all(&data_str, "$1");
         assert_eq!(data_str, output);
     }
 }

fuzz/fuzz_targets/roundtrip_descriptor.rs

@@ -32,38 +32,4 @@ fn main() {
             do_test(data);
         });
     }
-}
-
-#[cfg(test)]
-mod tests {
-    fn extend_vec_from_hex(hex: &str, out: &mut Vec<u8>) {
-        let mut b = 0;
-        for (idx, c) in hex.as_bytes().iter().enumerate() {
-            b <<= 4;
-            match *c {
-                b'A'...b'F' => b |= c - b'A' + 10,
-                b'a'...b'f' => b |= c - b'a' + 10,
-                b'0'...b'9' => b |= c - b'0',
-                _ => panic!("Bad hex"),
-            }
-            if (idx & 1) == 1 {
-                out.push(b);
-                b = 0;
-            }
-        }
-    }
-
-    #[test]
-    fn duplicate_crash() {
-        let mut a = Vec::new();
-        extend_vec_from_hex("00", &mut a);
-        super::do_test(&a);
-    }
-
-    #[test]
-    fn test_cpkk_alias() {
-        let mut a = Vec::new();
-        extend_vec_from_hex("633a706b5f6b2829", &mut a); // c:pk_k()
-        super::do_test(&a);
-    }
-}
+}

fuzz/fuzz_targets/roundtrip_miniscript_script.rs

@@ -34,30 +34,3 @@ fn main() {
         });
     }
 }
-
-#[cfg(test)]
-mod tests {
-    fn extend_vec_from_hex(hex: &str, out: &mut Vec<u8>) {
-        let mut b = 0;
-        for (idx, c) in hex.as_bytes().iter().enumerate() {
-            b <<= 4;
-            match *c {
-                b'A'...b'F' => b |= c - b'A' + 10,
-                b'a'...b'f' => b |= c - b'a' + 10,
-                b'0'...b'9' => b |= c - b'0',
-                _ => panic!("Bad hex"),
-            }
-            if (idx & 1) == 1 {
-                out.push(b);
-                b = 0;
-            }
-        }
-    }
-
-    #[test]
-    fn duplicate_crash() {
-        let mut a = Vec::new();
-        extend_vec_from_hex("007c920092935187", &mut a);
-        super::do_test(&a);
-    }
-}

fuzz/fuzz_targets/roundtrip_miniscript_str.rs

@@ -33,30 +33,3 @@ fn main() {
         });
     }
 }
-
-#[cfg(test)]
-mod tests {
-    fn extend_vec_from_hex(hex: &str, out: &mut Vec<u8>) {
-        let mut b = 0;
-        for (idx, c) in hex.as_bytes().iter().enumerate() {
-            b <<= 4;
-            match *c {
-                b'A'...b'F' => b |= c - b'A' + 10,
-                b'a'...b'f' => b |= c - b'a' + 10,
-                b'0'...b'9' => b |= c - b'0',
-                _ => panic!("Bad hex"),
-            }
-            if (idx & 1) == 1 {
-                out.push(b);
-                b = 0;
-            }
-        }
-    }
-
-    #[test]
-    fn duplicate_crash() {
-        let mut a = Vec::new();
-        extend_vec_from_hex("00", &mut a);
-        super::do_test(&a);
-    }
-}