Skip to content

Panic on txn with value > 21mill in ChannelMonitor::block_connected, Clean up fuzz targets a bit #454

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 5, 2020
Merged

Panic on txn with value > 21mill in ChannelMonitor::block_connected, Clean up fuzz targets a bit #454

merged 2 commits into from
Feb 5, 2020

Conversation

TheBlueMatt
Copy link
Collaborator

One cleanup to fuzz target infrastructure to make it easier to work with, one fix for a failing test.

@TheBlueMatt
Drop individual fuzz target duplicate_crash tests for file reader
a343cf9 
Previously, in each of our fuzz tests we had a dummy test which
had a hard-coded hex string which it passed into the fuzz target
so that when a failing test case was found, its hex could be
copied into the test and you could run cargo test to analyze the
failure. However, this was somewhat unwieldy as converting large
tests back and forth between hex and raw files is quite annoying.

Instead, we replace each of those tests with a test in each target
that looks for files in fuzz/test_cases and runs each file it finds.

Since we're editing every bin target anyway, we also automate adding
no_main to libfuzzer builds with #![cfg_attr].
@TheBlueMatt
Panic on txn with value > 21mill in ChannelMonitor::block_connected
04215c4 
full_stack_target found a crash where we may overflow ruring fee
calculation if a transaction appears on-chain with massive value
available for us to claim. Since these transactions are clearly
bogus, we shouldn't allow full_stack_target to connect them, but
we also improve the error generated by explicitly panicing on them.
@jkczyz
Copy link
Contributor

jkczyz commented Feb 4, 2020

Previously, in each of our fuzz tests we had a dummy test which
had a hard-coded hex string which it passed into the fuzz target
so that when a failing test case was found, its hex could be
copied into the test and you could run cargo test to analyze the
failure. However, this was somewhat unwieldy as converting large
tests back and forth between hex and raw files is quite annoying.

Does someone running the test need to copy the hex into a file?

Instead, we replace each of those tests with a test in each target
that looks for files in fuzz/test_cases and runs each file it finds.

Or will a failing fuzz test case produce such a file which then just needs to be copied?

@jkczyz jkczyz self-requested a review February 4, 2020 20:12
@TheBlueMatt
Copy link
Collaborator Author

Right, previously if you found a failing test, you had to hexdump it and copy the (often huge) hex into the fuzz file's test case. Now you can just cp the file.

@jkczyz
Copy link
Contributor

jkczyz commented Feb 4, 2020

Right, previously if you found a failing test, you had to hexdump it and copy the (often huge) hex into the fuzz file's test case. Now you can just cp the file.

Could you add documentation for this? Or -- if documentation for fuzzing currently doesn't exist -- open an issue?

@TheBlueMatt
Copy link
Collaborator Author

Done. #475

@TheBlueMatt TheBlueMatt merged commit 425e4ad into lightningdevkit:master Feb 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkczyz jkczyz jkczyz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@TheBlueMatt @jkczyz