Skip to content

Commit 91db985

Browse files
author
MarcoFalke
committed
Merge bitcoin#21927: fuzz: Run const CScript member functions only once
fa74bfc fuzz: Run const CScript member functions only once (MarcoFalke) Pull request description: Those functions should be O(N) in the input size (or maybe worse, I didn't check), so if the fuzz input dictates to run them N times, the complexity is N^2. Fix this by calling them only once. Can be reviewed with: `--ignore-all-space --word-diff-regex=.` Input: https://github.com/bitcoin/bitcoin/files/6464685/clusterfuzz-testcase-minimized-input.log Hopefully fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34101 ACKs for top commit: practicalswift: cr ACK fa74bfc: patch looks correct, rationale makes sense and patch touches only `src/test/fuzz/` Tree-SHA512: d579f7a2103ec154bf482a872142e55a1d9e7673d33a22a4c4230186fdd1b6618846463f4e25941031cc8c4bd1ea8d06cb49ae1bb1ec4af115497f5e5de1e19c
2 parents 176842d + fa74bfc commit 91db985

File tree

1 file changed

+30
-31
lines changed

1 file changed

+30
-31
lines changed

src/test/fuzz/script_ops.cpp

Lines changed: 30 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -14,55 +14,54 @@
1414
FUZZ_TARGET(script_ops)
1515
{
1616
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
17-
CScript script = ConsumeScript(fuzzed_data_provider);
17+
CScript script_mut = ConsumeScript(fuzzed_data_provider);
1818
while (fuzzed_data_provider.remaining_bytes() > 0) {
1919
CallOneOf(
2020
fuzzed_data_provider,
2121
[&] {
2222
CScript s = ConsumeScript(fuzzed_data_provider);
23-
script = std::move(s);
23+
script_mut = std::move(s);
2424
},
2525
[&] {
2626
const CScript& s = ConsumeScript(fuzzed_data_provider);
27-
script = s;
27+
script_mut = s;
2828
},
2929
[&] {
30-
script << fuzzed_data_provider.ConsumeIntegral<int64_t>();
30+
script_mut << fuzzed_data_provider.ConsumeIntegral<int64_t>();
3131
},
3232
[&] {
33-
script << ConsumeOpcodeType(fuzzed_data_provider);
33+
script_mut << ConsumeOpcodeType(fuzzed_data_provider);
3434
},
3535
[&] {
36-
script << ConsumeScriptNum(fuzzed_data_provider);
36+
script_mut << ConsumeScriptNum(fuzzed_data_provider);
3737
},
3838
[&] {
39-
script << ConsumeRandomLengthByteVector(fuzzed_data_provider);
39+
script_mut << ConsumeRandomLengthByteVector(fuzzed_data_provider);
4040
},
4141
[&] {
42-
script.clear();
43-
},
44-
[&] {
45-
(void)script.GetSigOpCount(false);
46-
(void)script.GetSigOpCount(true);
47-
(void)script.GetSigOpCount(script);
48-
(void)script.HasValidOps();
49-
(void)script.IsPayToScriptHash();
50-
(void)script.IsPayToWitnessScriptHash();
51-
(void)script.IsPushOnly();
52-
(void)script.IsUnspendable();
53-
{
54-
CScript::const_iterator pc = script.begin();
55-
opcodetype opcode;
56-
(void)script.GetOp(pc, opcode);
57-
std::vector<uint8_t> data;
58-
(void)script.GetOp(pc, opcode, data);
59-
(void)script.IsPushOnly(pc);
60-
}
61-
{
62-
int version;
63-
std::vector<uint8_t> program;
64-
(void)script.IsWitnessProgram(version, program);
65-
}
42+
script_mut.clear();
6643
});
6744
}
45+
const CScript& script = script_mut;
46+
(void)script.GetSigOpCount(false);
47+
(void)script.GetSigOpCount(true);
48+
(void)script.GetSigOpCount(script);
49+
(void)script.HasValidOps();
50+
(void)script.IsPayToScriptHash();
51+
(void)script.IsPayToWitnessScriptHash();
52+
(void)script.IsPushOnly();
53+
(void)script.IsUnspendable();
54+
{
55+
CScript::const_iterator pc = script.begin();
56+
opcodetype opcode;
57+
(void)script.GetOp(pc, opcode);
58+
std::vector<uint8_t> data;
59+
(void)script.GetOp(pc, opcode, data);
60+
(void)script.IsPushOnly(pc);
61+
}
62+
{
63+
int version;
64+
std::vector<uint8_t> program;
65+
(void)script.IsWitnessProgram(version, program);
66+
}
6867
}

0 commit comments

Comments
 (0)