From de5d8626184f6189d07137ca935da8703b8a78a3 Mon Sep 17 00:00:00 2001 From: Murch Date: Fri, 2 Jun 2023 14:20:33 -0400 Subject: [PATCH] fuzz: Fix mini_miner_selection running out of coin Fixes a bug in the mini_miner_selection fuzz test found by fuzzing: It was possible for the mini_miner_selection fuzz test to generated transactions that created fewer new outputs than the two inputs they each spent. If the fuzz seed did so consistently, eventually it would cause a `pop_front()` on an empty available_coins. Fixed per belt-suspender approach: - assert that available_coins is not empty before generating tx - generate at least two coins per new tx - allow building tx with a single coin if only one is available --- src/test/fuzz/mini_miner.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/test/fuzz/mini_miner.cpp b/src/test/fuzz/mini_miner.cpp index f49d9403931993..5ebe9c66437f03 100644 --- a/src/test/fuzz/mini_miner.cpp +++ b/src/test/fuzz/mini_miner.cpp @@ -118,9 +118,11 @@ FUZZ_TARGET_INIT(mini_miner_selection, initialize_miner) LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 100) { CMutableTransaction mtx = CMutableTransaction(); - const size_t num_inputs = 2; - const size_t num_outputs = fuzzed_data_provider.ConsumeIntegralInRange(2, 5); + assert(!available_coins.empty()); + const size_t num_inputs = std::min(size_t{2}, available_coins.size()); + const size_t num_outputs = fuzzed_data_provider.ConsumeIntegralInRange(3, 5); for (size_t n{0}; n < num_inputs; ++n) { + assert(available_coins.size() > 0); auto prevout = available_coins.front(); mtx.vin.push_back(CTxIn(prevout, CScript())); available_coins.pop_front();