Add fuzz testing using american fuzzy lop

Existing tests: block, transaction, signature, cold outputs, cold transaction. Data for these is in tests/data/fuzz. A convenience shell script is in contrib/fuzz_testing/fuzz.sh, eg: contrib/fuzz_testing/fuzz.sh signature The fuzzer will run indefinitely, ^C to stop. Fuzzing is currently supported for GCC only. I can't get CLANG to build Monero here as it dies on some system headers, so if someone wants to make it work on both, that'd be great. In particular, the __AFL_LOOP construct should be made to work so that a given run can fuzz multiple inputs, as the C++ load time is substantial.
2025-05-02 08:56:09 -04:00 · 2017-06-24 12:38:41 +01:00 · 2017-06-24 12:38:41 +01:00 · 841231e5bd
commit 841231e5bd
parent ae8841f2ab
20 changed files with 710 additions and 0 deletions
--- a/contrib/fuzz_testing/fuzz.sh
+++ b/contrib/fuzz_testing/fuzz.sh
@ -0,0 +1,21 @@
+#!/bin/sh
+
+AFLFUZZ=$(which afl-fuzz)
+if ! test -x "$AFLFUZZ"
+then
+  echo "afl-fuzz not found - install american-fuzzy-lop"
+  exit 1
+fi
+
+type="$1"
+if test -z "$type"
+then
+  echo "usage: $0 block|transaction|signature|cold-outputs|cold-transaction"
+  exit 1
+fi
+case "$type" in
+  block|transaction|signature|cold-outputs|cold-transaction) ;;
+  *) echo "usage: $0 block|transaction|signature|cold-outputs|cold-transaction"; exit 1 ;;
+esac
+
+afl-fuzz -i tests/data/fuzz/$type -m 150 -t 250 -o fuzz-out/$type build/fuzz/tests/fuzz/${type}_fuzz_tests