From ce935292c041162e160d95fc6afeda3dceded2cf Mon Sep 17 00:00:00 2001
From: practicalswift <practicalswift@users.noreply.github.com>
Date: Wed, 9 Oct 2019 13:07:31 +0000
Subject: [PATCH 1/3] tests: Add fuzzing harness for various CTxIn related
 functions

---
 src/Makefile.test.include |  7 +++++++
 src/test/fuzz/tx_in.cpp   | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+)
 create mode 100644 src/test/fuzz/tx_in.cpp

diff --git a/src/Makefile.test.include b/src/Makefile.test.include
index 6ae15cc553..d1f6589cf8 100644
--- a/src/Makefile.test.include
+++ b/src/Makefile.test.include
@@ -47,6 +47,7 @@ FUZZ_TARGETS = \
   test/fuzz/spanparsing \
   test/fuzz/sub_net_deserialize \
   test/fuzz/transaction \
+  test/fuzz/tx_in \
   test/fuzz/tx_in_deserialize \
   test/fuzz/txoutcompressor_deserialize \
   test/fuzz/txundo_deserialize
@@ -497,6 +498,12 @@ test_fuzz_tx_in_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_tx_in_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
 test_fuzz_tx_in_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 
+test_fuzz_tx_in_SOURCES = $(FUZZ_SUITE) test/fuzz/tx_in.cpp
+test_fuzz_tx_in_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_tx_in_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_tx_in_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
+test_fuzz_tx_in_LDADD = $(FUZZ_SUITE_LD_COMMON)
+
 endif # ENABLE_FUZZ
 
 nodist_test_test_bitcoin_SOURCES = $(GENERATED_TEST_FILES)
diff --git a/src/test/fuzz/tx_in.cpp b/src/test/fuzz/tx_in.cpp
new file mode 100644
index 0000000000..8e116537d1
--- /dev/null
+++ b/src/test/fuzz/tx_in.cpp
@@ -0,0 +1,33 @@
+// Copyright (c) 2019 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <consensus/validation.h>
+#include <core_memusage.h>
+#include <policy/policy.h>
+#include <primitives/transaction.h>
+#include <streams.h>
+#include <test/fuzz/fuzz.h>
+#include <version.h>
+
+#include <cassert>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    CDataStream ds(buffer, SER_NETWORK, INIT_PROTO_VERSION);
+    CTxIn tx_in;
+    try {
+        int version;
+        ds >> version;
+        ds.SetVersion(version);
+        ds >> tx_in;
+    } catch (const std::ios_base::failure&) {
+        return;
+    }
+
+    (void)GetTransactionInputWeight(tx_in);
+    (void)GetVirtualTransactionInputSize(tx_in);
+    (void)RecursiveDynamicUsage(tx_in);
+
+    (void)tx_in.ToString();
+}

From e75ecb91c730115290e1201371492c2cd334e9b4 Mon Sep 17 00:00:00 2001
From: practicalswift <practicalswift@users.noreply.github.com>
Date: Wed, 9 Oct 2019 13:14:52 +0000
Subject: [PATCH 2/3] tests: Add fuzzing harness for various CTxOut related
 functions

---
 src/Makefile.test.include |  7 +++++++
 src/test/fuzz/tx_out.cpp  | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+)
 create mode 100644 src/test/fuzz/tx_out.cpp

diff --git a/src/Makefile.test.include b/src/Makefile.test.include
index d1f6589cf8..79f2080554 100644
--- a/src/Makefile.test.include
+++ b/src/Makefile.test.include
@@ -49,6 +49,7 @@ FUZZ_TARGETS = \
   test/fuzz/transaction \
   test/fuzz/tx_in \
   test/fuzz/tx_in_deserialize \
+  test/fuzz/tx_out \
   test/fuzz/txoutcompressor_deserialize \
   test/fuzz/txundo_deserialize
 
@@ -504,6 +505,12 @@ test_fuzz_tx_in_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_tx_in_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
 test_fuzz_tx_in_LDADD = $(FUZZ_SUITE_LD_COMMON)
 
+test_fuzz_tx_out_SOURCES = $(FUZZ_SUITE) test/fuzz/tx_out.cpp
+test_fuzz_tx_out_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_tx_out_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_tx_out_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
+test_fuzz_tx_out_LDADD = $(FUZZ_SUITE_LD_COMMON)
+
 endif # ENABLE_FUZZ
 
 nodist_test_test_bitcoin_SOURCES = $(GENERATED_TEST_FILES)
diff --git a/src/test/fuzz/tx_out.cpp b/src/test/fuzz/tx_out.cpp
new file mode 100644
index 0000000000..aa1338d5ba
--- /dev/null
+++ b/src/test/fuzz/tx_out.cpp
@@ -0,0 +1,35 @@
+// Copyright (c) 2019 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <consensus/validation.h>
+#include <core_memusage.h>
+#include <policy/policy.h>
+#include <primitives/transaction.h>
+#include <streams.h>
+#include <test/fuzz/fuzz.h>
+#include <version.h>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    CDataStream ds(buffer, SER_NETWORK, INIT_PROTO_VERSION);
+    CTxOut tx_out;
+    try {
+        int version;
+        ds >> version;
+        ds.SetVersion(version);
+        ds >> tx_out;
+    } catch (const std::ios_base::failure&) {
+        return;
+    }
+
+    const CFeeRate dust_relay_fee{DUST_RELAY_TX_FEE};
+    (void)GetDustThreshold(tx_out, dust_relay_fee);
+    (void)IsDust(tx_out, dust_relay_fee);
+    (void)RecursiveDynamicUsage(tx_out);
+
+    (void)tx_out.ToString();
+    (void)tx_out.IsNull();
+    tx_out.SetNull();
+    assert(tx_out.IsNull());
+}

From d5766f223f627bf2eb731ce8552dfafa2b824378 Mon Sep 17 00:00:00 2001
From: practicalswift <practicalswift@users.noreply.github.com>
Date: Wed, 2 Oct 2019 08:01:27 +0000
Subject: [PATCH 3/3] tests: Add corpora suppression (FUZZERS_MISSING_CORPORA)
 for fuzzers missing in
 https://github.com/bitcoin-core/qa-assets/tree/master/fuzz_seed_corpus

---
 test/fuzz/test_runner.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/test/fuzz/test_runner.py b/test/fuzz/test_runner.py
index ffebb579e7..6bbe45f00f 100755
--- a/test/fuzz/test_runner.py
+++ b/test/fuzz/test_runner.py
@@ -32,6 +32,8 @@ FUZZERS_MISSING_CORPORA = [
     "script_deserialize",
     "sub_net_deserialize",
     "tx_in_deserialize",
+    "tx_in",
+    "tx_out",
 ]
 
 def main():