From d69145acb76ff12b7c5c1e55ce89e14bc6453904 Mon Sep 17 00:00:00 2001
From: practicalswift <practicalswift@users.noreply.github.com>
Date: Sun, 15 Mar 2020 11:46:57 +0000
Subject: [PATCH] tests: Add fuzzing harness for MultiplicationOverflow(...)

---
 src/Makefile.test.include                 |  7 ++++
 src/test/fuzz/multiplication_overflow.cpp | 42 +++++++++++++++++++++++
 2 files changed, 49 insertions(+)
 create mode 100644 src/test/fuzz/multiplication_overflow.cpp

diff --git a/src/Makefile.test.include b/src/Makefile.test.include
index 796a34b867..26aced07f1 100644
--- a/src/Makefile.test.include
+++ b/src/Makefile.test.include
@@ -42,6 +42,7 @@ FUZZ_TARGETS = \
   test/fuzz/locale \
   test/fuzz/merkle_block_deserialize \
   test/fuzz/messageheader_deserialize \
+  test/fuzz/multiplication_overflow \
   test/fuzz/netaddr_deserialize \
   test/fuzz/netaddress \
   test/fuzz/out_point_deserialize \
@@ -513,6 +514,12 @@ test_fuzz_messageheader_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 test_fuzz_messageheader_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
 test_fuzz_messageheader_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 
+test_fuzz_multiplication_overflow_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_multiplication_overflow_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_multiplication_overflow_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_multiplication_overflow_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
+test_fuzz_multiplication_overflow_SOURCES = $(FUZZ_SUITE) test/fuzz/multiplication_overflow.cpp
+
 test_fuzz_netaddr_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DNETADDR_DESERIALIZE=1
 test_fuzz_netaddr_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_netaddr_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
diff --git a/src/test/fuzz/multiplication_overflow.cpp b/src/test/fuzz/multiplication_overflow.cpp
new file mode 100644
index 0000000000..923db8058b
--- /dev/null
+++ b/src/test/fuzz/multiplication_overflow.cpp
@@ -0,0 +1,42 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <cstdint>
+#include <string>
+#include <vector>
+
+namespace {
+template <typename T>
+void TestMultiplicationOverflow(FuzzedDataProvider& fuzzed_data_provider)
+{
+    const T i = fuzzed_data_provider.ConsumeIntegral<T>();
+    const T j = fuzzed_data_provider.ConsumeIntegral<T>();
+    const bool is_multiplication_overflow_custom = MultiplicationOverflow(i, j);
+    T result_builtin;
+    const bool is_multiplication_overflow_builtin = __builtin_mul_overflow(i, j, &result_builtin);
+    assert(is_multiplication_overflow_custom == is_multiplication_overflow_builtin);
+    if (!is_multiplication_overflow_custom) {
+        assert(i * j == result_builtin);
+    }
+}
+} // namespace
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    TestMultiplicationOverflow<int64_t>(fuzzed_data_provider);
+    TestMultiplicationOverflow<uint64_t>(fuzzed_data_provider);
+    TestMultiplicationOverflow<int32_t>(fuzzed_data_provider);
+    TestMultiplicationOverflow<uint32_t>(fuzzed_data_provider);
+    TestMultiplicationOverflow<int16_t>(fuzzed_data_provider);
+    TestMultiplicationOverflow<uint16_t>(fuzzed_data_provider);
+    TestMultiplicationOverflow<char>(fuzzed_data_provider);
+    TestMultiplicationOverflow<unsigned char>(fuzzed_data_provider);
+    TestMultiplicationOverflow<signed char>(fuzzed_data_provider);
+    TestMultiplicationOverflow<bool>(fuzzed_data_provider);
+}