elements icon indicating copy to clipboard operation
elements copied to clipboard
verified publisher icon ElementsProject

fuzz crash in coins.h

Open delta1 opened this issue 1 year ago • 0 comments

Found a crash when running against the coins_deserialize target

> FUZZ=coins_deserialize ./result/bin/fuzz crash-f77124d7f0b2b8708302ed1e203f852ead503e7a
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 3125864708
INFO: Loaded 1 modules   (336833 inline 8-bit counters): 336833 [0x617bcea01b30, 0x617bcea53ef1), 
INFO: Loaded 1 PC tables (336833 PCs): 336833 [0x617bcea53ef8,0x617bcef77b08), 
./result/bin/fuzz: Running 1 inputs 1 time(s) each.
Running: crash-f77124d7f0b2b8708302ed1e203f852ead503e7a
fuzz: ./coins.h:61: void Coin::Serialize(Stream &) const [Stream = CDataStream]: Assertion `!IsSpent()' failed.

IsSpent checks CTxOut::IsNull which differs from upstream:

Elements source

bool IsNull() const
   {
       if (!g_con_elementsmode) {
           // Ignore the asset and the nonce in compatibility mode.
           return nValue.IsNull() && scriptPubKey.empty();
       }

       return nAsset.IsNull() && nValue.IsNull() && nNonce.IsNull() && scriptPubKey.empty();
   }

Bitcoin source

bool IsNull() const
   {
       return (nValue == -1);
   }

crash file crash-f77124d7f0b2b8708302ed1e203f852ead503e7a.zip

delta1 avatar Jun 04 '24 12:06 delta1