Antoine Poinsot
4 years ago
committed by
Christian Decker
2 changed files with 95 additions and 0 deletions
@ -0,0 +1,92 @@ |
|||
#include <assert.h> |
|||
#include <stdint.h> |
|||
#include <string.h> |
|||
#include <tests/fuzz/libfuzz.h> |
|||
|
|||
#include <bitcoin/pubkey.h> |
|||
#include <bitcoin/chainparams.h> |
|||
#include <bitcoin/script.h> |
|||
#include <bitcoin/tx.h> |
|||
#include <ccan/tal/tal.h> |
|||
#include <common/amount.h> |
|||
#include <common/close_tx.h> |
|||
#include <common/setup.h> |
|||
#include <common/utils.h> |
|||
#include <wire/wire.h> |
|||
|
|||
void init(int *argc, char ***argv) |
|||
{ |
|||
common_setup("fuzzer"); |
|||
chainparams = chainparams_for_network("bitcoin"); |
|||
} |
|||
|
|||
void run(const uint8_t *data, size_t size) |
|||
{ |
|||
const uint8_t *wire_ptr; |
|||
size_t wire_max, min_size, script_size; |
|||
struct bitcoin_txid txid; |
|||
uint32_t vout; |
|||
struct amount_sat funding, to_us, to_them, dust_limit, max; |
|||
const uint8_t *our_script, *their_script, *funding_script; |
|||
struct pubkey *pk1, *pk2; |
|||
|
|||
/* create_close_tx wants:
|
|||
* - 3 scripts: 3 * N bytes |
|||
* - 1 txid: 32 bytes |
|||
* - 1 u32: 4 bytes |
|||
* - 4 amount_sat: 4 * 8 bytes |
|||
* |
|||
* Since both output scripts size are not restricted, we also try |
|||
* to vary their length. |
|||
* Therefore, we allocate the entire remaining bytes to scripts. |
|||
*/ |
|||
min_size = 8 * 3 + 4 + 32; |
|||
if (size < min_size + 2) |
|||
return; |
|||
|
|||
script_size = (size - min_size) / 2; |
|||
wire_ptr = data; |
|||
|
|||
wire_max = 8; |
|||
to_us = fromwire_amount_sat(&wire_ptr, &wire_max); |
|||
assert(wire_ptr); |
|||
wire_max = 8; |
|||
to_them = fromwire_amount_sat(&wire_ptr, &wire_max); |
|||
assert(wire_ptr); |
|||
wire_max = 8; |
|||
dust_limit = fromwire_amount_sat(&wire_ptr, &wire_max); |
|||
/* The funding must be > to_us + to_them (TODO: we could simulate some fees) .. */ |
|||
if (!(amount_sat_add(&funding, to_us, to_them))) |
|||
return; |
|||
/* .. And < max_btc as we assert it's not nonsensical! */ |
|||
max = AMOUNT_SAT((u32)WALLY_SATOSHI_PER_BTC * WALLY_BTC_MAX); |
|||
if (amount_sat_greater(funding, max)) { |
|||
funding = max; |
|||
to_us = amount_sat_div(max, 2); |
|||
to_them = amount_sat_div(max, 2); |
|||
} |
|||
|
|||
wire_max = 4; |
|||
vout = fromwire_u32(&wire_ptr, &wire_max); |
|||
wire_max = 32; |
|||
fromwire_bitcoin_txid(&wire_ptr, &wire_max, &txid); |
|||
|
|||
our_script = tal_dup_arr(tmpctx, const uint8_t, wire_ptr, script_size, 0); |
|||
their_script = tal_dup_arr(tmpctx, const uint8_t, wire_ptr + script_size, |
|||
script_size, 0); |
|||
|
|||
/* We assert it's valid, so we can't throw garbage at the funding script.. */ |
|||
pk1 = tal(tmpctx, struct pubkey); |
|||
pk2 = tal(tmpctx, struct pubkey); |
|||
pubkey_from_hexstr("034fede2c619f647fe7c01d40ae22e4c285291ca2ffb47937bbfb7d6e8285a081f", |
|||
PUBKEY_CMPR_LEN, pk1); |
|||
pubkey_from_hexstr("028dfe31019dd61fa04c76ad065410e5d063ac2949c04c14b214c1b363e517452f", |
|||
PUBKEY_CMPR_LEN, pk2); |
|||
funding_script = bitcoin_redeem_2of2(tmpctx, pk1, pk2); |
|||
|
|||
create_close_tx(tmpctx, chainparams, our_script, |
|||
their_script, funding_script, &txid, |
|||
vout, funding, to_us, to_them, dust_limit); |
|||
|
|||
clean_tmpctx(); |
|||
} |
Loading…
Reference in new issue