From d807cc7a8aa7ec45477534faffd22fed3fc50a8c Mon Sep 17 00:00:00 2001
From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com>
Date: Wed, 6 Jul 2022 21:48:10 +0530
Subject: [PATCH 01/11] merge bitcoin#17926: Add key_io fuzzing harness. Fuzz
 additional functions in existing fuzzing harnesses

---
 src/Makefile.test.include     |  7 ++++++
 src/test/fuzz/hex.cpp         | 16 +++++++++++-
 src/test/fuzz/integer.cpp     | 17 +++++++++++++
 src/test/fuzz/key_io.cpp      | 47 +++++++++++++++++++++++++++++++++++
 src/test/fuzz/script.cpp      | 31 ++++++++++++++++++++++-
 src/test/fuzz/transaction.cpp | 23 +++++++++++++++++
 test/fuzz/test_runner.py      |  1 +
 7 files changed, 140 insertions(+), 2 deletions(-)
 create mode 100644 src/test/fuzz/key_io.cpp

diff --git a/src/Makefile.test.include b/src/Makefile.test.include
index 7fb25b70aa57..779294d0d3f1 100644
--- a/src/Makefile.test.include
+++ b/src/Makefile.test.include
@@ -38,6 +38,7 @@ FUZZ_TARGETS = \
   test/fuzz/integer \
   test/fuzz/inv_deserialize \
   test/fuzz/key \
+  test/fuzz/key_io \
   test/fuzz/key_origin_info_deserialize \
   test/fuzz/locale \
   test/fuzz/merkle_block_deserialize \
@@ -469,6 +470,12 @@ test_fuzz_key_LDADD = $(FUZZ_SUITE_LD_COMMON)
 test_fuzz_key_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_key_SOURCES = $(FUZZ_SUITE) test/fuzz/key.cpp
 
+test_fuzz_key_io_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_key_io_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_key_io_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_key_io_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_key_io_SOURCES = $(FUZZ_SUITE) test/fuzz/key_io.cpp
+
 test_fuzz_key_origin_info_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DKEY_ORIGIN_INFO_DESERIALIZE=1
 test_fuzz_key_origin_info_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_key_origin_info_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
diff --git a/src/test/fuzz/hex.cpp b/src/test/fuzz/hex.cpp
index 54693180be1f..2de6100d7b64 100644
--- a/src/test/fuzz/hex.cpp
+++ b/src/test/fuzz/hex.cpp
@@ -2,8 +2,12 @@
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
+#include <core_io.h>
+#include <primitives/block.h>
+#include <rpc/util.h>
 #include <test/fuzz/fuzz.h>
-
+#include <uint256.h>
+#include <univalue.h>
 #include <util/strencodings.h>
 
 #include <cassert>
@@ -19,4 +23,14 @@ void test_one_input(const std::vector<uint8_t>& buffer)
     if (IsHex(random_hex_string)) {
         assert(ToLower(random_hex_string) == hex_data);
     }
+    (void)IsHexNumber(random_hex_string);
+    uint256 result;
+    (void)ParseHashStr(random_hex_string, result);
+    (void)uint256S(random_hex_string);
+    try {
+        (void)HexToPubKey(random_hex_string);
+    } catch (const UniValue&) {
+    }
+    CBlockHeader block_header;
+    (void)DecodeHexBlockHeader(block_header, random_hex_string);
 }
diff --git a/src/test/fuzz/integer.cpp b/src/test/fuzz/integer.cpp
index d7b91423bd7c..45f8ca7b1c5a 100644
--- a/src/test/fuzz/integer.cpp
+++ b/src/test/fuzz/integer.cpp
@@ -23,6 +23,7 @@
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
 #include <uint256.h>
+#include <util/moneystr.h>
 #include <util/strencodings.h>
 #include <util/system.h>
 #include <util/time.h>
@@ -69,11 +70,19 @@ void test_one_input(const std::vector<uint8_t>& buffer)
     (void)DecompressAmount(u64);
     (void)FormatISO8601Date(i64);
     (void)FormatISO8601DateTime(i64);
+    // FormatMoney(i) not defined when i == std::numeric_limits<int64_t>::min()
+    if (i64 != std::numeric_limits<int64_t>::min()) {
+        int64_t parsed_money;
+        if (ParseMoney(FormatMoney(i64), parsed_money)) {
+            assert(parsed_money == i64);
+        }
+    }
     (void)GetSizeOfCompactSize(u64);
     (void)GetSpecialScriptSize(u32);
     // (void)GetVirtualTransactionSize(i64, i64); // function defined only for a subset of int64_t inputs
     // (void)GetVirtualTransactionSize(i64, i64, u32); // function defined only for a subset of int64_t/uint32_t inputs
     (void)HexDigit(ch);
+    (void)MoneyRange(i64);
     (void)i64tostr(i64);
     (void)IsDigit(ch);
     (void)IsSpace(ch);
@@ -99,6 +108,14 @@ void test_one_input(const std::vector<uint8_t>& buffer)
     (void)SipHashUint256(u64, u64, u256);
     (void)SipHashUint256Extra(u64, u64, u256, u32);
     (void)ToLower(ch);
+    (void)ToUpper(ch);
+    // ValueFromAmount(i) not defined when i == std::numeric_limits<int64_t>::min()
+    if (i64 != std::numeric_limits<int64_t>::min()) {
+        int64_t parsed_money;
+        if (ParseMoney(ValueFromAmount(i64).getValStr(), parsed_money)) {
+            assert(parsed_money == i64);
+        }
+    }
 
     const arith_uint256 au256 = UintToArith256(u256);
     assert(ArithToUint256(au256) == u256);
diff --git a/src/test/fuzz/key_io.cpp b/src/test/fuzz/key_io.cpp
new file mode 100644
index 000000000000..5333c5093c57
--- /dev/null
+++ b/src/test/fuzz/key_io.cpp
@@ -0,0 +1,47 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <chainparams.h>
+#include <key_io.h>
+#include <rpc/util.h>
+#include <script/standard.h>
+#include <test/fuzz/fuzz.h>
+
+#include <cassert>
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void initialize()
+{
+    SelectParams(CBaseChainParams::REGTEST);
+}
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    const std::string random_string(buffer.begin(), buffer.end());
+
+    const CKey key = DecodeSecret(random_string);
+    if (key.IsValid()) {
+        assert(key == DecodeSecret(EncodeSecret(key)));
+    }
+
+    const CExtKey ext_key = DecodeExtKey(random_string);
+    if (ext_key.key.size() == 32) {
+        assert(ext_key == DecodeExtKey(EncodeExtKey(ext_key)));
+    }
+
+    const CExtPubKey ext_pub_key = DecodeExtPubKey(random_string);
+    if (ext_pub_key.pubkey.size() == CPubKey::COMPRESSED_SIZE) {
+        assert(ext_pub_key == DecodeExtPubKey(EncodeExtPubKey(ext_pub_key)));
+    }
+
+    const CTxDestination tx_destination = DecodeDestination(random_string);
+    (void)DescribeAddress(tx_destination);
+    // (void)GetKeyForDestination(/* store */ {}, tx_destination);
+    (void)GetScriptForDestination(tx_destination);
+    (void)IsValidDestination(tx_destination);
+
+    (void)IsValidDestinationString(random_string);
+}
diff --git a/src/test/fuzz/script.cpp b/src/test/fuzz/script.cpp
index 251b6c891622..139e7b5b77e0 100644
--- a/src/test/fuzz/script.cpp
+++ b/src/test/fuzz/script.cpp
@@ -15,12 +15,15 @@
 #include <script/standard.h>
 #include <streams.h>
 #include <test/fuzz/fuzz.h>
+#include <univalue.h>
 #include <util/memory.h>
 
 void initialize()
 {
     // Fuzzers using pubkey must hold an ECCVerifyHandle.
     static const auto verify_handle = MakeUnique<ECCVerifyHandle>();
+
+    SelectParams(CBaseChainParams::REGTEST);
 }
 
 void test_one_input(const std::vector<uint8_t>& buffer)
@@ -28,7 +31,20 @@ void test_one_input(const std::vector<uint8_t>& buffer)
     const CScript script(buffer.begin(), buffer.end());
 
     std::vector<unsigned char> compressed;
-    (void)CompressScript(script, compressed);
+    if (CompressScript(script, compressed)) {
+        const unsigned int size = compressed[0];
+        assert(size >= 0 && size <= 5);
+        CScript decompressed_script;
+        const bool ok = DecompressScript(decompressed_script, size, compressed);
+        assert(ok);
+    }
+
+    for (unsigned int size = 0; size < 6; ++size) {
+        std::vector<unsigned char> vch(GetSpecialScriptSize(size), 0x00);
+        vch.insert(vch.end(), buffer.begin(), buffer.end());
+        CScript decompressed_script;
+        (void)DecompressScript(decompressed_script, size, vch);
+    }
 
     CTxDestination address;
     (void)ExtractDestination(script, address);
@@ -55,4 +71,17 @@ void test_one_input(const std::vector<uint8_t>& buffer)
     (void)script.IsPushOnly();
     (void)script.IsUnspendable();
     (void)script.GetSigOpCount(/* fAccurate= */ false);
+
+    (void)FormatScript(script);
+    (void)ScriptToAsmStr(script, false);
+    (void)ScriptToAsmStr(script, true);
+
+    UniValue o1(UniValue::VOBJ);
+    ScriptPubKeyToUniv(script, o1, true);
+    UniValue o2(UniValue::VOBJ);
+    ScriptPubKeyToUniv(script, o2, false);
+    UniValue o3(UniValue::VOBJ);
+    ScriptToUniv(script, o3, true);
+    UniValue o4(UniValue::VOBJ);
+    ScriptToUniv(script, o4, false);
 }
diff --git a/src/test/fuzz/transaction.cpp b/src/test/fuzz/transaction.cpp
index f7f97999acb2..60068ac8d9fc 100644
--- a/src/test/fuzz/transaction.cpp
+++ b/src/test/fuzz/transaction.cpp
@@ -2,6 +2,7 @@
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
+#include <chainparams.h>
 #include <coins.h>
 #include <consensus/tx_check.h>
 #include <consensus/tx_verify.h>
@@ -13,11 +14,17 @@
 #include <primitives/transaction.h>
 #include <streams.h>
 #include <test/fuzz/fuzz.h>
+#include <univalue.h>
 #include <validation.h>
 #include <version.h>
 
 #include <cassert>
 
+void initialize()
+{
+    SelectParams(CBaseChainParams::REGTEST);
+}
+
 void test_one_input(const std::vector<uint8_t>& buffer)
 {
     CDataStream ds(buffer, SER_NETWORK, INIT_PROTO_VERSION);
@@ -78,4 +85,20 @@ void test_one_input(const std::vector<uint8_t>& buffer)
     (void)IsFinalTx(tx, /* nBlockHeight= */ 1024, /* nBlockTime= */ 1024);
     (void)IsStandardTx(tx, reason);
     (void)RecursiveDynamicUsage(tx);
+
+    CCoinsView coins_view;
+    const CCoinsViewCache coins_view_cache(&coins_view);
+    (void)AreInputsStandard(tx, coins_view_cache);
+
+    UniValue u(UniValue::VOBJ);
+    // ValueFromAmount(i) not defined when i == std::numeric_limits<int64_t>::min()
+    bool skip_tx_to_univ = false;
+    for (const CTxOut& txout : tx.vout) {
+        if (txout.nValue == std::numeric_limits<int64_t>::min()) {
+            skip_tx_to_univ = true;
+        }
+    }
+    if (!skip_tx_to_univ) {
+        TxToUniv(tx, /* hashBlock */ {}, u);
+    }
 }
diff --git a/test/fuzz/test_runner.py b/test/fuzz/test_runner.py
index cb7eb4d2cfd4..f156bf50d3a3 100755
--- a/test/fuzz/test_runner.py
+++ b/test/fuzz/test_runner.py
@@ -27,6 +27,7 @@
     "flat_file_pos_deserialize",
     "float",
     "hex",
+    "key_io",
     "integer",
     "key",
     "key_origin_info_deserialize",

From ab8822c1840cb2e449aef56f9bf52a08fc0c50a9 Mon Sep 17 00:00:00 2001
From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com>
Date: Sun, 15 Mar 2020 00:28:08 +0000
Subject: [PATCH 02/11] merge bitcoin#18353: Add fuzzing harnesses for classes
 CBlockHeader, CFeeRate and various functions

---
 src/Makefile.test.include                 | 28 ++++++++
 src/test/fuzz/block_header.cpp            | 41 +++++++++++
 src/test/fuzz/fee_rate.cpp                | 40 +++++++++++
 src/test/fuzz/integer.cpp                 |  4 ++
 src/test/fuzz/multiplication_overflow.cpp | 42 ++++++++++++
 src/test/fuzz/string.cpp                  | 84 +++++++++++++++++++++++
 src/test/fuzz/util.h                      | 39 +++++++++++
 7 files changed, 278 insertions(+)
 create mode 100644 src/test/fuzz/block_header.cpp
 create mode 100644 src/test/fuzz/fee_rate.cpp
 create mode 100644 src/test/fuzz/multiplication_overflow.cpp
 create mode 100644 src/test/fuzz/string.cpp

diff --git a/src/Makefile.test.include b/src/Makefile.test.include
index 779294d0d3f1..cff084724045 100644
--- a/src/Makefile.test.include
+++ b/src/Makefile.test.include
@@ -17,6 +17,7 @@ FUZZ_TARGETS = \
   test/fuzz/block_deserialize \
   test/fuzz/block_file_info_deserialize \
   test/fuzz/block_filter_deserialize \
+  test/fuzz/block_header \
   test/fuzz/block_header_and_short_txids_deserialize \
   test/fuzz/blockheader_deserialize \
   test/fuzz/blocklocator_deserialize \
@@ -31,6 +32,7 @@ FUZZ_TARGETS = \
   test/fuzz/descriptor_parse \
   test/fuzz/diskblockindex_deserialize \
   test/fuzz/eval_script \
+  test/fuzz/fee_rate \
   test/fuzz/fee_rate_deserialize \
   test/fuzz/flat_file_pos_deserialize \
   test/fuzz/float \
@@ -43,6 +45,7 @@ FUZZ_TARGETS = \
   test/fuzz/locale \
   test/fuzz/merkle_block_deserialize \
   test/fuzz/messageheader_deserialize \
+  test/fuzz/multiplication_overflow \
   test/fuzz/netaddr_deserialize \
   test/fuzz/out_point_deserialize \
   test/fuzz/p2p_transport_deserializer \
@@ -64,6 +67,7 @@ FUZZ_TARGETS = \
   test/fuzz/script_flags \
   test/fuzz/service_deserialize \
   test/fuzz/spanparsing \
+  test/fuzz/string \
   test/fuzz/strprintf \
   test/fuzz/sub_net_deserialize \
   test/fuzz/transaction \
@@ -344,6 +348,12 @@ test_fuzz_block_filter_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 test_fuzz_block_filter_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_block_filter_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 
+test_fuzz_block_header_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_block_header_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_block_header_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_block_header_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_block_header_SOURCES = $(FUZZ_SUITE) test/fuzz/block_header.cpp
+
 test_fuzz_block_header_and_short_txids_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DBLOCK_HEADER_AND_SHORT_TXIDS_DESERIALIZE=1
 test_fuzz_block_header_and_short_txids_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_block_header_and_short_txids_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
@@ -428,6 +438,12 @@ test_fuzz_eval_script_LDADD = $(FUZZ_SUITE_LD_COMMON)
 test_fuzz_eval_script_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_eval_script_SOURCES = $(FUZZ_SUITE) test/fuzz/eval_script.cpp
 
+test_fuzz_fee_rate_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_fee_rate_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_fee_rate_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_fee_rate_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_fee_rate_SOURCES = $(FUZZ_SUITE) test/fuzz/fee_rate.cpp
+
 test_fuzz_fee_rate_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DFEE_RATE_DESERIALIZE=1
 test_fuzz_fee_rate_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_fee_rate_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
@@ -500,6 +516,12 @@ test_fuzz_messageheader_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 test_fuzz_messageheader_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_messageheader_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 
+test_fuzz_multiplication_overflow_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_multiplication_overflow_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_multiplication_overflow_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_multiplication_overflow_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_multiplication_overflow_SOURCES = $(FUZZ_SUITE) test/fuzz/multiplication_overflow.cpp
+
 test_fuzz_netaddr_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DNETADDR_DESERIALIZE=1
 test_fuzz_netaddr_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_netaddr_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
@@ -626,6 +648,12 @@ test_fuzz_spanparsing_LDADD = $(FUZZ_SUITE_LD_COMMON)
 test_fuzz_spanparsing_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_spanparsing_SOURCES = $(FUZZ_SUITE) test/fuzz/spanparsing.cpp
 
+test_fuzz_string_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_string_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_string_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_string_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_string_SOURCES = $(FUZZ_SUITE) test/fuzz/string.cpp
+
 test_fuzz_strprintf_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
 test_fuzz_strprintf_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_strprintf_LDADD = $(FUZZ_SUITE_LD_COMMON)
diff --git a/src/test/fuzz/block_header.cpp b/src/test/fuzz/block_header.cpp
new file mode 100644
index 000000000000..92dcccc0e150
--- /dev/null
+++ b/src/test/fuzz/block_header.cpp
@@ -0,0 +1,41 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <optional.h>
+#include <primitives/block.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+#include <uint256.h>
+
+#include <cassert>
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    const Optional<CBlockHeader> block_header = ConsumeDeserializable<CBlockHeader>(fuzzed_data_provider);
+    if (!block_header) {
+        return;
+    }
+    {
+        const uint256 hash = block_header->GetHash();
+        static const uint256 u256_max(uint256S("ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"));
+        assert(hash != u256_max);
+        assert(block_header->GetBlockTime() == block_header->nTime);
+        assert(block_header->IsNull() == (block_header->nBits == 0));
+    }
+    {
+        CBlockHeader mut_block_header = *block_header;
+        mut_block_header.SetNull();
+        assert(mut_block_header.IsNull());
+        CBlock block{*block_header};
+        assert(block.GetBlockHeader().GetHash() == block_header->GetHash());
+        (void)block.ToString();
+        block.SetNull();
+        assert(block.GetBlockHeader().GetHash() == mut_block_header.GetHash());
+    }
+}
diff --git a/src/test/fuzz/fee_rate.cpp b/src/test/fuzz/fee_rate.cpp
new file mode 100644
index 000000000000..f3d44d9f9379
--- /dev/null
+++ b/src/test/fuzz/fee_rate.cpp
@@ -0,0 +1,40 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <amount.h>
+#include <policy/feerate.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <cstdint>
+#include <limits>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    const CAmount satoshis_per_k = ConsumeMoney(fuzzed_data_provider);
+    const CFeeRate fee_rate{satoshis_per_k};
+
+    (void)fee_rate.GetFeePerK();
+    const size_t bytes = fuzzed_data_provider.ConsumeIntegral<size_t>();
+    if (!MultiplicationOverflow(static_cast<int64_t>(bytes), satoshis_per_k) && bytes <= static_cast<uint64_t>(std::numeric_limits<int64_t>::max())) {
+        (void)fee_rate.GetFee(bytes);
+    }
+    (void)fee_rate.ToString();
+
+    const CAmount another_satoshis_per_k = ConsumeMoney(fuzzed_data_provider);
+    CFeeRate larger_fee_rate{another_satoshis_per_k};
+    larger_fee_rate += fee_rate;
+    if (satoshis_per_k != 0 && another_satoshis_per_k != 0) {
+        assert(fee_rate < larger_fee_rate);
+        assert(!(fee_rate > larger_fee_rate));
+        assert(!(fee_rate == larger_fee_rate));
+        assert(fee_rate <= larger_fee_rate);
+        assert(!(fee_rate >= larger_fee_rate));
+        assert(fee_rate != larger_fee_rate);
+    }
+}
diff --git a/src/test/fuzz/integer.cpp b/src/test/fuzz/integer.cpp
index 45f8ca7b1c5a..d94595599203 100644
--- a/src/test/fuzz/integer.cpp
+++ b/src/test/fuzz/integer.cpp
@@ -22,6 +22,7 @@
 #include <streams.h>
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
+#include <time.h>
 #include <uint256.h>
 #include <util/moneystr.h>
 #include <util/strencodings.h>
@@ -30,6 +31,7 @@
 #include <version.h>
 
 #include <cassert>
+#include <chrono>
 #include <limits>
 #include <vector>
 
@@ -116,6 +118,8 @@ void test_one_input(const std::vector<uint8_t>& buffer)
             assert(parsed_money == i64);
         }
     }
+    const std::chrono::seconds seconds{i64};
+    assert(count_seconds(seconds) == i64);
 
     const arith_uint256 au256 = UintToArith256(u256);
     assert(ArithToUint256(au256) == u256);
diff --git a/src/test/fuzz/multiplication_overflow.cpp b/src/test/fuzz/multiplication_overflow.cpp
new file mode 100644
index 000000000000..923db8058be0
--- /dev/null
+++ b/src/test/fuzz/multiplication_overflow.cpp
@@ -0,0 +1,42 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <cstdint>
+#include <string>
+#include <vector>
+
+namespace {
+template <typename T>
+void TestMultiplicationOverflow(FuzzedDataProvider& fuzzed_data_provider)
+{
+    const T i = fuzzed_data_provider.ConsumeIntegral<T>();
+    const T j = fuzzed_data_provider.ConsumeIntegral<T>();
+    const bool is_multiplication_overflow_custom = MultiplicationOverflow(i, j);
+    T result_builtin;
+    const bool is_multiplication_overflow_builtin = __builtin_mul_overflow(i, j, &result_builtin);
+    assert(is_multiplication_overflow_custom == is_multiplication_overflow_builtin);
+    if (!is_multiplication_overflow_custom) {
+        assert(i * j == result_builtin);
+    }
+}
+} // namespace
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    TestMultiplicationOverflow<int64_t>(fuzzed_data_provider);
+    TestMultiplicationOverflow<uint64_t>(fuzzed_data_provider);
+    TestMultiplicationOverflow<int32_t>(fuzzed_data_provider);
+    TestMultiplicationOverflow<uint32_t>(fuzzed_data_provider);
+    TestMultiplicationOverflow<int16_t>(fuzzed_data_provider);
+    TestMultiplicationOverflow<uint16_t>(fuzzed_data_provider);
+    TestMultiplicationOverflow<char>(fuzzed_data_provider);
+    TestMultiplicationOverflow<unsigned char>(fuzzed_data_provider);
+    TestMultiplicationOverflow<signed char>(fuzzed_data_provider);
+    TestMultiplicationOverflow<bool>(fuzzed_data_provider);
+}
diff --git a/src/test/fuzz/string.cpp b/src/test/fuzz/string.cpp
new file mode 100644
index 000000000000..a7bc2cb4407e
--- /dev/null
+++ b/src/test/fuzz/string.cpp
@@ -0,0 +1,84 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <blockfilter.h>
+#include <clientversion.h>
+#include <logging.h>
+#include <netbase.h>
+#include <rpc/client.h>
+#include <rpc/request.h>
+#include <rpc/server.h>
+#include <rpc/util.h>
+#include <script/descriptor.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+#include <util/error.h>
+#include <util/fees.h>
+#include <util/settings.h>
+#include <util/strencodings.h>
+#include <util/string.h>
+#include <util/system.h>
+#include <util/translation.h>
+#include <util/url.h>
+
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    const std::string random_string_1 = fuzzed_data_provider.ConsumeRandomLengthString(32);
+    const std::string random_string_2 = fuzzed_data_provider.ConsumeRandomLengthString(32);
+    const std::vector<std::string> random_string_vector = ConsumeRandomLengthStringVector(fuzzed_data_provider);
+
+    (void)AmountErrMsg(random_string_1, random_string_2);
+    (void)AmountHighWarn(random_string_1);
+    BlockFilterType block_filter_type;
+    (void)BlockFilterTypeByName(random_string_1, block_filter_type);
+    (void)Capitalize(random_string_1);
+    (void)CopyrightHolders(random_string_1, fuzzed_data_provider.ConsumeIntegral<unsigned int>(), fuzzed_data_provider.ConsumeIntegral<unsigned int>());
+    FeeEstimateMode fee_estimate_mode;
+    (void)FeeModeFromString(random_string_1, fee_estimate_mode);
+    (void)FormatParagraph(random_string_1, fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 1000), fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 1000));
+    (void)FormatSubVersion(random_string_1, fuzzed_data_provider.ConsumeIntegral<int>(), random_string_vector);
+    (void)GetDescriptorChecksum(random_string_1);
+    (void)HelpExampleCli(random_string_1, random_string_2);
+    (void)HelpExampleRpc(random_string_1, random_string_2);
+    (void)HelpMessageGroup(random_string_1);
+    (void)HelpMessageOpt(random_string_1, random_string_2);
+    (void)IsDeprecatedRPCEnabled(random_string_1);
+    (void)Join(random_string_vector, random_string_1);
+    (void)JSONRPCError(fuzzed_data_provider.ConsumeIntegral<int>(), random_string_1);
+    const util::Settings settings;
+    (void)OnlyHasDefaultSectionSetting(settings, random_string_1, random_string_2);
+    (void)ParseNetwork(random_string_1);
+    try {
+        (void)ParseNonRFCJSONValue(random_string_1);
+    } catch (const std::runtime_error&) {
+    }
+    (void)ResolveErrMsg(random_string_1, random_string_2);
+    try {
+        (void)RPCConvertNamedValues(random_string_1, random_string_vector);
+    } catch (const std::runtime_error&) {
+    }
+    try {
+        (void)RPCConvertValues(random_string_1, random_string_vector);
+    } catch (const std::runtime_error&) {
+    }
+    (void)SanitizeString(random_string_1);
+    (void)SanitizeString(random_string_1, fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 3));
+    int port_out;
+    std::string host_out;
+    SplitHostPort(random_string_1, port_out, host_out);
+    (void)TimingResistantEqual(random_string_1, random_string_2);
+    (void)ToLower(random_string_1);
+    (void)ToUpper(random_string_1);
+    (void)TrimString(random_string_1);
+    (void)TrimString(random_string_1, random_string_2);
+    (void)urlDecode(random_string_1);
+    (void)ValidAsCString(random_string_1);
+    (void)_(random_string_1.c_str());
+}
diff --git a/src/test/fuzz/util.h b/src/test/fuzz/util.h
index d2a69ddfae98..42afcd941ed1 100644
--- a/src/test/fuzz/util.h
+++ b/src/test/fuzz/util.h
@@ -5,6 +5,7 @@
 #ifndef BITCOIN_TEST_FUZZ_UTIL_H
 #define BITCOIN_TEST_FUZZ_UTIL_H
 
+#include <amount.h>
 #include <attributes.h>
 #include <optional.h>
 #include <serialize.h>
@@ -22,6 +23,16 @@
     return {s.begin(), s.end()};
 }
 
+[[ nodiscard ]] inline std::vector<std::string> ConsumeRandomLengthStringVector(FuzzedDataProvider& fuzzed_data_provider, size_t max_vector_size = 16, size_t max_string_length = 16) noexcept
+{
+    const size_t n_elements = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, max_vector_size);
+    std::vector<std::string> r;
+    for (size_t i = 0; i < n_elements; ++i) {
+        r.push_back(fuzzed_data_provider.ConsumeRandomLengthString(max_string_length));
+    }
+    return r;
+}
+
 template <typename T>
 [[ nodiscard ]] inline Optional<T> ConsumeDeserializable(FuzzedDataProvider& fuzzed_data_provider, size_t max_length = 4096) noexcept
 {
@@ -36,4 +47,32 @@ template <typename T>
     return obj;
 }
 
+[[ nodiscard ]] inline CAmount ConsumeMoney(FuzzedDataProvider& fuzzed_data_provider) noexcept
+{
+    return fuzzed_data_provider.ConsumeIntegralInRange<CAmount>(0, MAX_MONEY);
+}
+
+template <typename T>
+bool MultiplicationOverflow(T i, T j)
+{
+    static_assert(std::is_integral<T>::value, "Integral required.");
+    if (std::numeric_limits<T>::is_signed) {
+        if (i > 0) {
+            if (j > 0) {
+                return i > (std::numeric_limits<T>::max() / j);
+            } else {
+                return j < (std::numeric_limits<T>::min() / i);
+            }
+        } else {
+            if (j > 0) {
+                return i < (std::numeric_limits<T>::min() / j);
+            } else {
+                return i != 0 && (j < (std::numeric_limits<T>::max() / i));
+            }
+        }
+    } else {
+        return j != 0 && i > std::numeric_limits<T>::max() / j;
+    }
+}
+
 #endif // BITCOIN_TEST_FUZZ_UTIL_H

From 6ee033b2da6f95767042bb38c79d56b4615719a6 Mon Sep 17 00:00:00 2001
From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com>
Date: Wed, 6 Jul 2022 22:13:36 +0530
Subject: [PATCH 03/11] merge bitcoin#18417: Add fuzzing harnesses for
 functions in addrdb.h, net_permissions.h and timedata.h

---
 src/Makefile.test.include         | 21 +++++++++++++
 src/test/fuzz/addrdb.cpp          | 36 +++++++++++++++++++++
 src/test/fuzz/net_permissions.cpp | 52 +++++++++++++++++++++++++++++++
 src/test/fuzz/timedata.cpp        | 29 +++++++++++++++++
 4 files changed, 138 insertions(+)
 create mode 100644 src/test/fuzz/addrdb.cpp
 create mode 100644 src/test/fuzz/net_permissions.cpp
 create mode 100644 src/test/fuzz/timedata.cpp

diff --git a/src/Makefile.test.include b/src/Makefile.test.include
index cff084724045..31e318016f60 100644
--- a/src/Makefile.test.include
+++ b/src/Makefile.test.include
@@ -6,6 +6,7 @@
 
 FUZZ_TARGETS = \
   test/fuzz/addr_info_deserialize \
+  test/fuzz/addrdb \
   test/fuzz/address_deserialize \
   test/fuzz/addrman_deserialize \
   test/fuzz/asmap \
@@ -46,6 +47,7 @@ FUZZ_TARGETS = \
   test/fuzz/merkle_block_deserialize \
   test/fuzz/messageheader_deserialize \
   test/fuzz/multiplication_overflow \
+  test/fuzz/net_permissions \
   test/fuzz/netaddr_deserialize \
   test/fuzz/out_point_deserialize \
   test/fuzz/p2p_transport_deserializer \
@@ -70,6 +72,7 @@ FUZZ_TARGETS = \
   test/fuzz/string \
   test/fuzz/strprintf \
   test/fuzz/sub_net_deserialize \
+  test/fuzz/timedata \
   test/fuzz/transaction \
   test/fuzz/tx_in \
   test/fuzz/tx_in_deserialize \
@@ -282,6 +285,12 @@ test_fuzz_addr_info_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 test_fuzz_addr_info_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_addr_info_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 
+test_fuzz_addrdb_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_addrdb_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_addrdb_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_addrdb_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_addrdb_SOURCES = $(FUZZ_SUITE) test/fuzz/addrdb.cpp
+
 test_fuzz_address_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DADDRESS_DESERIALIZE=1
 test_fuzz_address_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_address_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
@@ -522,6 +531,12 @@ test_fuzz_multiplication_overflow_LDADD = $(FUZZ_SUITE_LD_COMMON)
 test_fuzz_multiplication_overflow_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_multiplication_overflow_SOURCES = $(FUZZ_SUITE) test/fuzz/multiplication_overflow.cpp
 
+test_fuzz_net_permissions_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_net_permissions_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_net_permissions_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_net_permissions_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_net_permissions_SOURCES = $(FUZZ_SUITE) test/fuzz/net_permissions.cpp
+
 test_fuzz_netaddr_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DNETADDR_DESERIALIZE=1
 test_fuzz_netaddr_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_netaddr_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
@@ -666,6 +681,12 @@ test_fuzz_sub_net_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 test_fuzz_sub_net_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_sub_net_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 
+test_fuzz_timedata_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_timedata_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_timedata_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_timedata_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_timedata_SOURCES = $(FUZZ_SUITE) test/fuzz/timedata.cpp
+
 test_fuzz_transaction_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
 test_fuzz_transaction_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_transaction_LDADD = $(FUZZ_SUITE_LD_COMMON)
diff --git a/src/test/fuzz/addrdb.cpp b/src/test/fuzz/addrdb.cpp
new file mode 100644
index 000000000000..93970545337e
--- /dev/null
+++ b/src/test/fuzz/addrdb.cpp
@@ -0,0 +1,36 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <addrdb.h>
+#include <optional.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <cassert>
+#include <cstdint>
+#include <optional>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+
+    const CBanEntry ban_entry = [&] {
+        switch (fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 2)) {
+        case 0:
+            return CBanEntry{fuzzed_data_provider.ConsumeIntegral<int64_t>()};
+            break;
+        case 1: {
+            const Optional<CBanEntry> ban_entry = ConsumeDeserializable<CBanEntry>(fuzzed_data_provider);
+            if (ban_entry) {
+                return *ban_entry;
+            }
+            break;
+        }
+        }
+        return CBanEntry{};
+    }();
+}
diff --git a/src/test/fuzz/net_permissions.cpp b/src/test/fuzz/net_permissions.cpp
new file mode 100644
index 000000000000..6215f452a3ad
--- /dev/null
+++ b/src/test/fuzz/net_permissions.cpp
@@ -0,0 +1,52 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <net_permissions.h>
+#include <optional.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+#include <util/translation.h>
+
+#include <cassert>
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    const std::string s = fuzzed_data_provider.ConsumeRandomLengthString(32);
+    const NetPermissionFlags net_permission_flags = fuzzed_data_provider.ConsumeBool() ? fuzzed_data_provider.PickValueInArray<NetPermissionFlags>({
+                                                                                             NetPermissionFlags::PF_NONE,
+                                                                                             NetPermissionFlags::PF_BLOOMFILTER,
+                                                                                             NetPermissionFlags::PF_RELAY,
+                                                                                             NetPermissionFlags::PF_FORCERELAY,
+                                                                                             NetPermissionFlags::PF_NOBAN,
+                                                                                             NetPermissionFlags::PF_MEMPOOL,
+                                                                                             NetPermissionFlags::PF_ISIMPLICIT,
+                                                                                             NetPermissionFlags::PF_ALL,
+                                                                                         }) :
+                                                                                         static_cast<NetPermissionFlags>(fuzzed_data_provider.ConsumeIntegral<uint32_t>());
+
+    NetWhitebindPermissions net_whitebind_permissions;
+    bilingual_str error_net_whitebind_permissions;
+    if (NetWhitebindPermissions::TryParse(s, net_whitebind_permissions, error_net_whitebind_permissions)) {
+        (void)NetPermissions::ToStrings(net_whitebind_permissions.m_flags);
+        (void)NetPermissions::AddFlag(net_whitebind_permissions.m_flags, net_permission_flags);
+        assert(NetPermissions::HasFlag(net_whitebind_permissions.m_flags, net_permission_flags));
+        (void)NetPermissions::ClearFlag(net_whitebind_permissions.m_flags, net_permission_flags);
+        (void)NetPermissions::ToStrings(net_whitebind_permissions.m_flags);
+    }
+
+    NetWhitelistPermissions net_whitelist_permissions;
+    bilingual_str error_net_whitelist_permissions;
+    if (NetWhitelistPermissions::TryParse(s, net_whitelist_permissions, error_net_whitelist_permissions)) {
+        (void)NetPermissions::ToStrings(net_whitelist_permissions.m_flags);
+        (void)NetPermissions::AddFlag(net_whitelist_permissions.m_flags, net_permission_flags);
+        assert(NetPermissions::HasFlag(net_whitelist_permissions.m_flags, net_permission_flags));
+        (void)NetPermissions::ClearFlag(net_whitelist_permissions.m_flags, net_permission_flags);
+        (void)NetPermissions::ToStrings(net_whitelist_permissions.m_flags);
+    }
+}
diff --git a/src/test/fuzz/timedata.cpp b/src/test/fuzz/timedata.cpp
new file mode 100644
index 000000000000..a0e579a88f1c
--- /dev/null
+++ b/src/test/fuzz/timedata.cpp
@@ -0,0 +1,29 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+#include <timedata.h>
+
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    const unsigned int max_size = fuzzed_data_provider.ConsumeIntegralInRange<unsigned int>(0, 1000);
+    // Divide by 2 to avoid signed integer overflow in .median()
+    const int64_t initial_value = fuzzed_data_provider.ConsumeIntegral<int64_t>() / 2;
+    CMedianFilter<int64_t> median_filter{max_size, initial_value};
+    while (fuzzed_data_provider.remaining_bytes() > 0) {
+        (void)median_filter.median();
+        assert(median_filter.size() > 0);
+        assert(static_cast<size_t>(median_filter.size()) == median_filter.sorted().size());
+        assert(static_cast<unsigned int>(median_filter.size()) <= max_size || max_size == 0);
+        // Divide by 2 to avoid signed integer overflow in .median()
+        median_filter.input(fuzzed_data_provider.ConsumeIntegral<int64_t>() / 2);
+    }
+}

From 1552a1e9dc812ee59b5d1d0e5c959fa6eada094e Mon Sep 17 00:00:00 2001
From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com>
Date: Wed, 6 Jul 2022 21:53:28 +0530
Subject: [PATCH 04/11] merge bitcoin#18521: Add process_messages harness

---
 src/Makefile.test.include          |  7 +++
 src/Makefile.test_util.include     |  2 +
 src/net.h                          |  3 ++
 src/test/fuzz/process_messages.cpp | 79 ++++++++++++++++++++++++++++++
 src/test/util/net.cpp              | 39 +++++++++++++++
 src/test/util/net.h                | 33 +++++++++++++
 src/test/util/setup_common.cpp     |  5 ++
 7 files changed, 168 insertions(+)
 create mode 100644 src/test/fuzz/process_messages.cpp
 create mode 100644 src/test/util/net.cpp
 create mode 100644 src/test/util/net.h

diff --git a/src/Makefile.test.include b/src/Makefile.test.include
index 31e318016f60..755d62c9df2f 100644
--- a/src/Makefile.test.include
+++ b/src/Makefile.test.include
@@ -59,6 +59,7 @@ FUZZ_TARGETS = \
   test/fuzz/partial_merkle_tree_deserialize \
   test/fuzz/partially_signed_transaction_deserialize \
   test/fuzz/prefilled_transaction_deserialize \
+  test/fuzz/process_messages \
   test/fuzz/process_message \
   test/fuzz/psbt_input_deserialize \
   test/fuzz/psbt_output_deserialize \
@@ -603,6 +604,12 @@ test_fuzz_prefilled_transaction_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 test_fuzz_prefilled_transaction_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_prefilled_transaction_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 
+test_fuzz_process_messages_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_process_messages_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_process_messages_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_process_messages_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_process_messages_SOURCES = $(FUZZ_SUITE) test/fuzz/process_messages.cpp
+
 test_fuzz_process_message_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
 test_fuzz_process_message_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_process_message_LDADD = $(FUZZ_SUITE_LD_COMMON)
diff --git a/src/Makefile.test_util.include b/src/Makefile.test_util.include
index cf55d141b0f8..57df7ab8641d 100644
--- a/src/Makefile.test_util.include
+++ b/src/Makefile.test_util.include
@@ -10,6 +10,7 @@ EXTRA_LIBRARIES += \
 TEST_UTIL_H = \
     test/util/blockfilter.h \
     test/util/logging.h \
+    test/util/net.h \
     test/util/setup_common.h \
     test/util/str.h \
     test/util/transaction_utils.h
@@ -19,6 +20,7 @@ libtest_util_a_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 libtest_util_a_SOURCES = \
   test/util/blockfilter.cpp \
   test/util/logging.cpp \
+  test/util/net.cpp \
   test/util/setup_common.cpp \
   test/util/str.cpp \
   test/util/transaction_utils.cpp \
diff --git a/src/net.h b/src/net.h
index 2da1ba19e9f6..d3e07e6df949 100644
--- a/src/net.h
+++ b/src/net.h
@@ -685,6 +685,7 @@ friend class CNode;
     std::atomic<int64_t> m_next_send_inv_to_incoming{0};
 
     friend struct CConnmanTest;
+    friend struct ConnmanTestMsg;
 };
 void Discover();
 unsigned short GetListenPort();
@@ -925,6 +926,8 @@ class V1TransportSerializer  : public TransportSerializer {
 class CNode
 {
     friend class CConnman;
+    friend struct ConnmanTestMsg;
+
 public:
     std::unique_ptr<TransportDeserializer> m_deserializer;
     std::unique_ptr<TransportSerializer> m_serializer;
diff --git a/src/test/fuzz/process_messages.cpp b/src/test/fuzz/process_messages.cpp
new file mode 100644
index 000000000000..8388183f4ce3
--- /dev/null
+++ b/src/test/fuzz/process_messages.cpp
@@ -0,0 +1,79 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <consensus/consensus.h>
+#include <net.h>
+#include <net_processing.h>
+#include <protocol.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+#include <test/util.h>
+#include <test/util/net.h>
+#include <test/util/setup_common.h>
+#include <util/memory.h>
+#include <validation.h>
+#include <validationinterface.h>
+
+const TestingSetup* g_setup;
+
+void initialize()
+{
+    static TestingSetup setup{
+        CBaseChainParams::REGTEST,
+        {
+            "-nodebuglogfile",
+        },
+    };
+    g_setup = &setup;
+
+    for (int i = 0; i < 2 * COINBASE_MATURITY; i++) {
+        MineBlock(g_setup->m_node, CScript() << OP_TRUE);
+    }
+    SyncWithValidationInterfaceQueue();
+}
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+
+    ConnmanTestMsg& connman = *(ConnmanTestMsg*)g_setup->m_node.connman.get();
+    std::vector<CNode*> peers;
+
+    const auto num_peers_to_add = fuzzed_data_provider.ConsumeIntegralInRange(1, 3);
+    for (int i = 0; i < num_peers_to_add; ++i) {
+        const ServiceFlags service_flags = ServiceFlags(fuzzed_data_provider.ConsumeIntegral<uint64_t>());
+        const bool inbound{fuzzed_data_provider.ConsumeBool()};
+        peers.push_back(MakeUnique<CNode>(i, service_flags, 0, INVALID_SOCKET, CAddress{CService{in_addr{0x0100007f}, 7777}, NODE_NETWORK}, 0, 0, CAddress{}, std::string{}, inbound).release());
+        CNode& p2p_node = *peers.back();
+
+        p2p_node.fSuccessfullyConnected = true;
+        p2p_node.fPauseSend = false;
+        p2p_node.nVersion = PROTOCOL_VERSION;
+        p2p_node.SetSendVersion(PROTOCOL_VERSION);
+        g_setup->m_node.peer_logic->InitializeNode(&p2p_node);
+
+        connman.AddTestNode(p2p_node);
+    }
+
+    while (fuzzed_data_provider.ConsumeBool()) {
+        const std::string random_message_type{fuzzed_data_provider.ConsumeBytesAsString(CMessageHeader::COMMAND_SIZE).c_str()};
+
+        CSerializedNetMsg net_msg;
+        net_msg.command = random_message_type;
+        net_msg.data = ConsumeRandomLengthByteVector(fuzzed_data_provider);
+
+        CNode& random_node = *peers.at(fuzzed_data_provider.ConsumeIntegralInRange<int>(0, peers.size() - 1));
+
+        (void)connman.ReceiveMsgFrom(random_node, net_msg);
+        random_node.fPauseSend = false;
+
+        try {
+            connman.ProcessMessagesOnce(random_node);
+        } catch (const std::ios_base::failure&) {
+        }
+    }
+    connman.ClearTestNodes();
+    SyncWithValidationInterfaceQueue();
+}
diff --git a/src/test/util/net.cpp b/src/test/util/net.cpp
new file mode 100644
index 000000000000..09f2f1807feb
--- /dev/null
+++ b/src/test/util/net.cpp
@@ -0,0 +1,39 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <test/util/net.h>
+
+#include <chainparams.h>
+#include <net.h>
+
+void ConnmanTestMsg::NodeReceiveMsgBytes(CNode& node, const char* pch, unsigned int nBytes, bool& complete) const
+{
+    assert(node.ReceiveMsgBytes(pch, nBytes, complete));
+    if (complete) {
+        size_t nSizeAdded = 0;
+        auto it(node.vRecvMsg.begin());
+        for (; it != node.vRecvMsg.end(); ++it) {
+            // vRecvMsg contains only completed CNetMessage
+            // the single possible partially deserialized message are held by TransportDeserializer
+            nSizeAdded += it->m_raw_message_size;
+        }
+        {
+            LOCK(node.cs_vProcessMsg);
+            node.vProcessMsg.splice(node.vProcessMsg.end(), node.vRecvMsg, node.vRecvMsg.begin(), it);
+            node.nProcessQueueSize += nSizeAdded;
+            node.fPauseRecv = node.nProcessQueueSize > nReceiveFloodSize;
+        }
+    }
+}
+
+bool ConnmanTestMsg::ReceiveMsgFrom(CNode& node, CSerializedNetMsg& ser_msg) const
+{
+    std::vector<unsigned char> ser_msg_header;
+    node.m_serializer->prepareForTransport(ser_msg, ser_msg_header);
+
+    bool complete;
+    NodeReceiveMsgBytes(node, (const char*)ser_msg_header.data(), ser_msg_header.size(), complete);
+    NodeReceiveMsgBytes(node, (const char*)ser_msg.data.data(), ser_msg.data.size(), complete);
+    return complete;
+}
diff --git a/src/test/util/net.h b/src/test/util/net.h
new file mode 100644
index 000000000000..ca8cb7fad5a3
--- /dev/null
+++ b/src/test/util/net.h
@@ -0,0 +1,33 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#ifndef BITCOIN_TEST_UTIL_NET_H
+#define BITCOIN_TEST_UTIL_NET_H
+
+#include <net.h>
+
+struct ConnmanTestMsg : public CConnman {
+    using CConnman::CConnman;
+    void AddTestNode(CNode& node)
+    {
+        LOCK(cs_vNodes);
+        vNodes.push_back(&node);
+    }
+    void ClearTestNodes()
+    {
+        LOCK(cs_vNodes);
+        for (CNode* node : vNodes) {
+            delete node;
+        }
+        vNodes.clear();
+    }
+
+    void ProcessMessagesOnce(CNode& node) { m_msgproc->ProcessMessages(&node, flagInterruptMsgProc); }
+
+    void NodeReceiveMsgBytes(CNode& node, const char* pch, unsigned int nBytes, bool& complete) const;
+
+    bool ReceiveMsgFrom(CNode& node, CSerializedNetMsg& ser_msg) const;
+};
+
+#endif // BITCOIN_TEST_UTIL_NET_H
diff --git a/src/test/util/setup_common.cpp b/src/test/util/setup_common.cpp
index 08836642612b..e161268cdeb3 100644
--- a/src/test/util/setup_common.cpp
+++ b/src/test/util/setup_common.cpp
@@ -183,6 +183,11 @@ TestingSetup::TestingSetup(const std::string& chainName, const std::vector<const
     m_node.banman = MakeUnique<BanMan>(GetDataDir() / "banlist.dat", nullptr, DEFAULT_MISBEHAVING_BANTIME);
     m_node.connman = MakeUnique<CConnman>(0x1337, 0x1337); // Deterministic randomness for tests.
     m_node.peer_logic = MakeUnique<PeerLogicValidation>(m_node.connman.get(), m_node.banman.get(), *m_node.scheduler, *m_node.chainman, *m_node.mempool, false);
+    {
+        CConnman::Options options;
+        options.m_msgproc = m_node.peer_logic.get();
+        m_node.connman->Init(options);
+    }
 
     deterministicMNManager.reset(new CDeterministicMNManager(*evoDb, *m_node.connman));
     llmq::InitLLMQSystem(*evoDb, *m_node.mempool, *m_node.connman, true);

From 26ea6762d352c09d7ea84417e7c2f2fba0037e27 Mon Sep 17 00:00:00 2001
From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com>
Date: Tue, 14 Jun 2022 11:57:27 +0530
Subject: [PATCH 05/11] merge bitcoin#18529: Add fuzzer version of randomized
 prevector test

---
 src/Makefile.test.include   |   7 +
 src/test/fuzz/prevector.cpp | 263 ++++++++++++++++++++++++++++++++++++
 2 files changed, 270 insertions(+)
 create mode 100644 src/test/fuzz/prevector.cpp

diff --git a/src/Makefile.test.include b/src/Makefile.test.include
index 755d62c9df2f..c81ef328d82b 100644
--- a/src/Makefile.test.include
+++ b/src/Makefile.test.include
@@ -56,6 +56,7 @@ FUZZ_TARGETS = \
   test/fuzz/parse_numbers \
   test/fuzz/parse_script \
   test/fuzz/parse_univalue \
+  test/fuzz/prevector \
   test/fuzz/partial_merkle_tree_deserialize \
   test/fuzz/partially_signed_transaction_deserialize \
   test/fuzz/prefilled_transaction_deserialize \
@@ -586,6 +587,12 @@ test_fuzz_parse_univalue_LDADD = $(FUZZ_SUITE_LD_COMMON)
 test_fuzz_parse_univalue_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_parse_univalue_SOURCES = $(FUZZ_SUITE) test/fuzz/parse_univalue.cpp
 
+test_fuzz_prevector_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_prevector_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_prevector_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_prevector_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_prevector_SOURCES = $(FUZZ_SUITE) test/fuzz/prevector.cpp
+
 test_fuzz_partial_merkle_tree_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DPARTIAL_MERKLE_TREE_DESERIALIZE=1
 test_fuzz_partial_merkle_tree_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_partial_merkle_tree_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
diff --git a/src/test/fuzz/prevector.cpp b/src/test/fuzz/prevector.cpp
new file mode 100644
index 000000000000..0e51ee3c9586
--- /dev/null
+++ b/src/test/fuzz/prevector.cpp
@@ -0,0 +1,263 @@
+// Copyright (c) 2015-2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+
+#include <vector>
+#include <prevector.h>
+
+#include <reverse_iterator.h>
+#include <serialize.h>
+#include <streams.h>
+
+namespace {
+
+template<unsigned int N, typename T>
+class prevector_tester {
+    typedef std::vector<T> realtype;
+    realtype real_vector;
+    realtype real_vector_alt;
+
+    typedef prevector<N, T> pretype;
+    pretype pre_vector;
+    pretype pre_vector_alt;
+
+    typedef typename pretype::size_type Size;
+
+public:
+    void test() const {
+        const pretype& const_pre_vector = pre_vector;
+        assert(real_vector.size() == pre_vector.size());
+        assert(real_vector.empty() == pre_vector.empty());
+        for (Size s = 0; s < real_vector.size(); s++) {
+             assert(real_vector[s] == pre_vector[s]);
+             assert(&(pre_vector[s]) == &(pre_vector.begin()[s]));
+             assert(&(pre_vector[s]) == &*(pre_vector.begin() + s));
+             assert(&(pre_vector[s]) == &*((pre_vector.end() + s) - real_vector.size()));
+        }
+        // assert(realtype(pre_vector) == real_vector);
+        assert(pretype(real_vector.begin(), real_vector.end()) == pre_vector);
+        assert(pretype(pre_vector.begin(), pre_vector.end()) == pre_vector);
+        size_t pos = 0;
+        for (const T& v : pre_vector) {
+             assert(v == real_vector[pos]);
+             ++pos;
+        }
+        for (const T& v : reverse_iterate(pre_vector)) {
+             --pos;
+             assert(v == real_vector[pos]);
+        }
+        for (const T& v : const_pre_vector) {
+             assert(v == real_vector[pos]);
+             ++pos;
+        }
+        for (const T& v : reverse_iterate(const_pre_vector)) {
+             --pos;
+             assert(v == real_vector[pos]);
+        }
+        CDataStream ss1(SER_DISK, 0);
+        CDataStream ss2(SER_DISK, 0);
+        ss1 << real_vector;
+        ss2 << pre_vector;
+        assert(ss1.size() == ss2.size());
+        for (Size s = 0; s < ss1.size(); s++) {
+            assert(ss1[s] == ss2[s]);
+        }
+    }
+
+    void resize(Size s) {
+        real_vector.resize(s);
+        assert(real_vector.size() == s);
+        pre_vector.resize(s);
+        assert(pre_vector.size() == s);
+    }
+
+    void reserve(Size s) {
+        real_vector.reserve(s);
+        assert(real_vector.capacity() >= s);
+        pre_vector.reserve(s);
+        assert(pre_vector.capacity() >= s);
+    }
+
+    void insert(Size position, const T& value) {
+        real_vector.insert(real_vector.begin() + position, value);
+        pre_vector.insert(pre_vector.begin() + position, value);
+    }
+
+    void insert(Size position, Size count, const T& value) {
+        real_vector.insert(real_vector.begin() + position, count, value);
+        pre_vector.insert(pre_vector.begin() + position, count, value);
+    }
+
+    template<typename I>
+    void insert_range(Size position, I first, I last) {
+        real_vector.insert(real_vector.begin() + position, first, last);
+        pre_vector.insert(pre_vector.begin() + position, first, last);
+    }
+
+    void erase(Size position) {
+        real_vector.erase(real_vector.begin() + position);
+        pre_vector.erase(pre_vector.begin() + position);
+    }
+
+    void erase(Size first, Size last) {
+        real_vector.erase(real_vector.begin() + first, real_vector.begin() + last);
+        pre_vector.erase(pre_vector.begin() + first, pre_vector.begin() + last);
+    }
+
+    void update(Size pos, const T& value) {
+        real_vector[pos] = value;
+        pre_vector[pos] = value;
+    }
+
+    void push_back(const T& value) {
+        real_vector.push_back(value);
+        pre_vector.push_back(value);
+    }
+
+    void pop_back() {
+        real_vector.pop_back();
+        pre_vector.pop_back();
+    }
+
+    void clear() {
+        real_vector.clear();
+        pre_vector.clear();
+    }
+
+    void assign(Size n, const T& value) {
+        real_vector.assign(n, value);
+        pre_vector.assign(n, value);
+    }
+
+    Size size() const {
+        return real_vector.size();
+    }
+
+    Size capacity() const {
+        return pre_vector.capacity();
+    }
+
+    void shrink_to_fit() {
+        pre_vector.shrink_to_fit();
+    }
+
+    void swap() {
+        real_vector.swap(real_vector_alt);
+        pre_vector.swap(pre_vector_alt);
+    }
+
+    void move() {
+        real_vector = std::move(real_vector_alt);
+        real_vector_alt.clear();
+        pre_vector = std::move(pre_vector_alt);
+        pre_vector_alt.clear();
+    }
+
+    void copy() {
+        real_vector = real_vector_alt;
+        pre_vector = pre_vector_alt;
+    }
+
+    void resize_uninitialized(realtype values) {
+        size_t r = values.size();
+        size_t s = real_vector.size() / 2;
+        if (real_vector.capacity() < s + r) {
+            real_vector.reserve(s + r);
+        }
+        real_vector.resize(s);
+        pre_vector.resize_uninitialized(s);
+        for (auto v : values) {
+            real_vector.push_back(v);
+        }
+        auto p = pre_vector.size();
+        pre_vector.resize_uninitialized(p + r);
+        for (auto v : values) {
+            pre_vector[p] = v;
+            ++p;
+        }
+    }
+};
+
+}
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider prov(buffer.data(), buffer.size());
+    prevector_tester<8, int> test;
+
+    while (prov.remaining_bytes()) {
+        switch (prov.ConsumeIntegralInRange<int>(0, 13 + 3 * (test.size() > 0))) {
+        case 0:
+            test.insert(prov.ConsumeIntegralInRange<size_t>(0, test.size()), prov.ConsumeIntegral<int>());
+            break;
+        case 1:
+            test.resize(std::max(0, std::min(30, (int)test.size() + prov.ConsumeIntegralInRange<int>(0, 4) - 2)));
+            break;
+        case 2:
+            test.insert(prov.ConsumeIntegralInRange<size_t>(0, test.size()), 1 + prov.ConsumeBool(), prov.ConsumeIntegral<int>());
+            break;
+        case 3: {
+            int del = prov.ConsumeIntegralInRange<int>(0, test.size());
+            int beg = prov.ConsumeIntegralInRange<int>(0, test.size() - del);
+            test.erase(beg, beg + del);
+            break;
+        }
+        case 4:
+            test.push_back(prov.ConsumeIntegral<int>());
+            break;
+        case 5: {
+            int values[4];
+            int num = 1 + prov.ConsumeIntegralInRange<int>(0, 3);
+            for (int k = 0; k < num; ++k) {
+                values[k] = prov.ConsumeIntegral<int>();
+            }
+            test.insert_range(prov.ConsumeIntegralInRange<size_t>(0, test.size()), values, values + num);
+            break;
+        }
+        case 6: {
+            int num = 1 + prov.ConsumeIntegralInRange<int>(0, 15);
+            std::vector<int> values(num);
+            for (auto& v : values) {
+                v = prov.ConsumeIntegral<int>();
+            }
+            test.resize_uninitialized(values);
+            break;
+        }
+        case 7:
+            test.reserve(prov.ConsumeIntegralInRange<size_t>(0, 32767));
+            break;
+        case 8:
+            test.shrink_to_fit();
+            break;
+        case 9:
+            test.clear();
+            break;
+        case 10:
+            test.assign(prov.ConsumeIntegralInRange<size_t>(0, 32767), prov.ConsumeIntegral<int>());
+            break;
+        case 11:
+            test.swap();
+            break;
+        case 12:
+            test.copy();
+            break;
+        case 13:
+            test.move();
+            break;
+        case 14:
+            test.update(prov.ConsumeIntegralInRange<size_t>(0, test.size() - 1), prov.ConsumeIntegral<int>());
+            break;
+        case 15:
+            test.erase(prov.ConsumeIntegralInRange<size_t>(0, test.size() - 1));
+            break;
+        case 16:
+            test.pop_back();
+            break;
+        }
+    }
+
+    test.test();
+}

From f319ddbe85fb07269ae3a10348bf752e06c4dc34 Mon Sep 17 00:00:00 2001
From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com>
Date: Wed, 6 Jul 2022 21:47:32 +0530
Subject: [PATCH 06/11] merge bitcoin#18176: Add fuzzing harness for CScript
 and CScriptNum operations

---
 src/Makefile.test.include              |  14 +++
 src/test/fuzz/bloom_filter.cpp         |   2 +-
 src/test/fuzz/rolling_bloom_filter.cpp |   2 +-
 src/test/fuzz/script_ops.cpp           |  60 +++++++++++
 src/test/fuzz/scriptnum_ops.cpp        | 137 +++++++++++++++++++++++++
 src/test/fuzz/util.h                   |  21 +++-
 6 files changed, 233 insertions(+), 3 deletions(-)
 create mode 100644 src/test/fuzz/script_ops.cpp
 create mode 100644 src/test/fuzz/scriptnum_ops.cpp

diff --git a/src/Makefile.test.include b/src/Makefile.test.include
index c81ef328d82b..f4daa5175d88 100644
--- a/src/Makefile.test.include
+++ b/src/Makefile.test.include
@@ -69,6 +69,8 @@ FUZZ_TARGETS = \
   test/fuzz/script \
   test/fuzz/script_deserialize \
   test/fuzz/script_flags \
+  test/fuzz/script_ops \
+  test/fuzz/scriptnum_ops \
   test/fuzz/service_deserialize \
   test/fuzz/spanparsing \
   test/fuzz/string \
@@ -665,6 +667,18 @@ test_fuzz_script_flags_LDADD = $(FUZZ_SUITE_LD_COMMON)
 test_fuzz_script_flags_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_script_flags_SOURCES = $(FUZZ_SUITE) test/fuzz/script_flags.cpp
 
+test_fuzz_script_ops_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_script_ops_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_script_ops_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_script_ops_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_script_ops_SOURCES = $(FUZZ_SUITE) test/fuzz/script_ops.cpp
+
+test_fuzz_scriptnum_ops_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_scriptnum_ops_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_scriptnum_ops_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_scriptnum_ops_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_scriptnum_ops_SOURCES = $(FUZZ_SUITE) test/fuzz/scriptnum_ops.cpp
+
 test_fuzz_service_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DSERVICE_DESERIALIZE=1
 test_fuzz_service_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_service_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
diff --git a/src/test/fuzz/bloom_filter.cpp b/src/test/fuzz/bloom_filter.cpp
index b78744d9df02..d1112f8e6212 100644
--- a/src/test/fuzz/bloom_filter.cpp
+++ b/src/test/fuzz/bloom_filter.cpp
@@ -27,7 +27,7 @@ void test_one_input(const std::vector<uint8_t>& buffer)
     while (fuzzed_data_provider.remaining_bytes() > 0) {
         switch (fuzzed_data_provider.ConsumeIntegralInRange(0, 6)) {
         case 0: {
-            const std::vector<unsigned char>& b = ConsumeRandomLengthByteVector(fuzzed_data_provider);
+            const std::vector<unsigned char> b = ConsumeRandomLengthByteVector(fuzzed_data_provider);
             (void)bloom_filter.contains(b);
             bloom_filter.insert(b);
             const bool present = bloom_filter.contains(b);
diff --git a/src/test/fuzz/rolling_bloom_filter.cpp b/src/test/fuzz/rolling_bloom_filter.cpp
index ce69c4e8da38..3b3732197726 100644
--- a/src/test/fuzz/rolling_bloom_filter.cpp
+++ b/src/test/fuzz/rolling_bloom_filter.cpp
@@ -24,7 +24,7 @@ void test_one_input(const std::vector<uint8_t>& buffer)
     while (fuzzed_data_provider.remaining_bytes() > 0) {
         switch (fuzzed_data_provider.ConsumeIntegralInRange(0, 2)) {
         case 0: {
-            const std::vector<unsigned char>& b = ConsumeRandomLengthByteVector(fuzzed_data_provider);
+            const std::vector<unsigned char> b = ConsumeRandomLengthByteVector(fuzzed_data_provider);
             (void)rolling_bloom_filter.contains(b);
             rolling_bloom_filter.insert(b);
             const bool present = rolling_bloom_filter.contains(b);
diff --git a/src/test/fuzz/script_ops.cpp b/src/test/fuzz/script_ops.cpp
new file mode 100644
index 000000000000..556d6ca1e32f
--- /dev/null
+++ b/src/test/fuzz/script_ops.cpp
@@ -0,0 +1,60 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <script/script.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    CScript script = ConsumeScript(fuzzed_data_provider);
+    while (fuzzed_data_provider.remaining_bytes() > 0) {
+        switch (fuzzed_data_provider.ConsumeIntegralInRange(0, 7)) {
+        case 0:
+            script += ConsumeScript(fuzzed_data_provider);
+            break;
+        case 1:
+            script = script + ConsumeScript(fuzzed_data_provider);
+            break;
+        case 2:
+            script << fuzzed_data_provider.ConsumeIntegral<int64_t>();
+            break;
+        case 3:
+            script << ConsumeOpcodeType(fuzzed_data_provider);
+            break;
+        case 4:
+            script << ConsumeScriptNum(fuzzed_data_provider);
+            break;
+        case 5:
+            script << ConsumeRandomLengthByteVector(fuzzed_data_provider);
+            break;
+        case 6:
+            script.clear();
+            break;
+        case 7: {
+            (void)script.GetSigOpCount(false);
+            (void)script.GetSigOpCount(true);
+            (void)script.GetSigOpCount(script);
+            (void)script.IsPayToScriptHash();
+            (void)script.IsPushOnly();
+            (void)script.IsUnspendable();
+            {
+                CScript::const_iterator pc = script.begin();
+                opcodetype opcode;
+                (void)script.GetOp(pc, opcode);
+                std::vector<uint8_t> data;
+                (void)script.GetOp(pc, opcode, data);
+                (void)script.IsPushOnly(pc);
+            }
+            break;
+        }
+        }
+    }
+}
diff --git a/src/test/fuzz/scriptnum_ops.cpp b/src/test/fuzz/scriptnum_ops.cpp
new file mode 100644
index 000000000000..db44bb9e19ac
--- /dev/null
+++ b/src/test/fuzz/scriptnum_ops.cpp
@@ -0,0 +1,137 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <script/script.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <cassert>
+#include <cstdint>
+#include <limits>
+#include <vector>
+
+namespace {
+bool IsValidAddition(const CScriptNum& lhs, const CScriptNum& rhs)
+{
+    return rhs == 0 || (rhs > 0 && lhs <= CScriptNum{std::numeric_limits<int64_t>::max()} - rhs) || (rhs < 0 && lhs >= CScriptNum{std::numeric_limits<int64_t>::min()} - rhs);
+}
+
+bool IsValidSubtraction(const CScriptNum& lhs, const CScriptNum& rhs)
+{
+    return rhs == 0 || (rhs > 0 && lhs >= CScriptNum{std::numeric_limits<int64_t>::min()} + rhs) || (rhs < 0 && lhs <= CScriptNum{std::numeric_limits<int64_t>::max()} + rhs);
+}
+} // namespace
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    CScriptNum script_num = ConsumeScriptNum(fuzzed_data_provider);
+    while (fuzzed_data_provider.remaining_bytes() > 0) {
+        switch (fuzzed_data_provider.ConsumeIntegralInRange(0, 11)) {
+        case 0: {
+            const int64_t i = fuzzed_data_provider.ConsumeIntegral<int64_t>();
+            assert((script_num == i) != (script_num != i));
+            assert((script_num <= i) != script_num > i);
+            assert((script_num >= i) != (script_num < i));
+            // Avoid signed integer overflow:
+            // script/script.h:264:93: runtime error: signed integer overflow: -2261405121394637306 + -9223372036854775802 cannot be represented in type 'long'
+            if (IsValidAddition(script_num, CScriptNum{i})) {
+                assert((script_num + i) - i == script_num);
+            }
+            // Avoid signed integer overflow:
+            // script/script.h:265:93: runtime error: signed integer overflow: 9223371895120855039 - -9223372036854710486 cannot be represented in type 'long'
+            if (IsValidSubtraction(script_num, CScriptNum{i})) {
+                assert((script_num - i) + i == script_num);
+            }
+            break;
+        }
+        case 1: {
+            const CScriptNum random_script_num = ConsumeScriptNum(fuzzed_data_provider);
+            assert((script_num == random_script_num) != (script_num != random_script_num));
+            assert((script_num <= random_script_num) != (script_num > random_script_num));
+            assert((script_num >= random_script_num) != (script_num < random_script_num));
+            // Avoid signed integer overflow:
+            // script/script.h:264:93: runtime error: signed integer overflow: -9223126527765971126 + -9223372036854756825 cannot be represented in type 'long'
+            if (IsValidAddition(script_num, random_script_num)) {
+                assert((script_num + random_script_num) - random_script_num == script_num);
+            }
+            // Avoid signed integer overflow:
+            // script/script.h:265:93: runtime error: signed integer overflow: 6052837899185946624 - -9223372036854775808 cannot be represented in type 'long'
+            if (IsValidSubtraction(script_num, random_script_num)) {
+                assert((script_num - random_script_num) + random_script_num == script_num);
+            }
+            break;
+        }
+        case 2: {
+            const CScriptNum random_script_num = ConsumeScriptNum(fuzzed_data_provider);
+            if (!IsValidAddition(script_num, random_script_num)) {
+                // Avoid assertion failure:
+                // ./script/script.h:292: CScriptNum &CScriptNum::operator+=(const int64_t &): Assertion `rhs == 0 || (rhs > 0 && m_value <= std::numeric_limits<int64_t>::max() - rhs) || (rhs < 0 && m_value >= std::numeric_limits<int64_t>::min() - rhs)' failed.
+                break;
+            }
+            script_num += random_script_num;
+            break;
+        }
+        case 3: {
+            const CScriptNum random_script_num = ConsumeScriptNum(fuzzed_data_provider);
+            if (!IsValidSubtraction(script_num, random_script_num)) {
+                // Avoid assertion failure:
+                // ./script/script.h:300: CScriptNum &CScriptNum::operator-=(const int64_t &): Assertion `rhs == 0 || (rhs > 0 && m_value >= std::numeric_limits<int64_t>::min() + rhs) || (rhs < 0 && m_value <= std::numeric_limits<int64_t>::max() + rhs)' failed.
+                break;
+            }
+            script_num -= random_script_num;
+            break;
+        }
+        case 4:
+            script_num = script_num & fuzzed_data_provider.ConsumeIntegral<int64_t>();
+            break;
+        case 5:
+            script_num = script_num & ConsumeScriptNum(fuzzed_data_provider);
+            break;
+        case 6:
+            script_num &= ConsumeScriptNum(fuzzed_data_provider);
+            break;
+        case 7:
+            if (script_num == CScriptNum{std::numeric_limits<int64_t>::min()}) {
+                // Avoid assertion failure:
+                // ./script/script.h:279: CScriptNum CScriptNum::operator-() const: Assertion `m_value != std::numeric_limits<int64_t>::min()' failed.
+                break;
+            }
+            script_num = -script_num;
+            break;
+        case 8:
+            script_num = fuzzed_data_provider.ConsumeIntegral<int64_t>();
+            break;
+        case 9: {
+            const int64_t random_integer = fuzzed_data_provider.ConsumeIntegral<int64_t>();
+            if (!IsValidAddition(script_num, CScriptNum{random_integer})) {
+                // Avoid assertion failure:
+                // ./script/script.h:292: CScriptNum &CScriptNum::operator+=(const int64_t &): Assertion `rhs == 0 || (rhs > 0 && m_value <= std::numeric_limits<int64_t>::max() - rhs) || (rhs < 0 && m_value >= std::numeric_limits<int64_t>::min() - rhs)' failed.
+                break;
+            }
+            script_num += random_integer;
+            break;
+        }
+        case 10: {
+            const int64_t random_integer = fuzzed_data_provider.ConsumeIntegral<int64_t>();
+            if (!IsValidSubtraction(script_num, CScriptNum{random_integer})) {
+                // Avoid assertion failure:
+                // ./script/script.h:300: CScriptNum &CScriptNum::operator-=(const int64_t &): Assertion `rhs == 0 || (rhs > 0 && m_value >= std::numeric_limits<int64_t>::min() + rhs) || (rhs < 0 && m_value <= std::numeric_limits<int64_t>::max() + rhs)' failed.
+                break;
+            }
+            script_num -= random_integer;
+            break;
+        }
+        case 11:
+            script_num &= fuzzed_data_provider.ConsumeIntegral<int64_t>();
+            break;
+        }
+        // Avoid negation failure:
+        // script/script.h:332:35: runtime error: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself
+        if (script_num != CScriptNum{std::numeric_limits<int64_t>::min()}) {
+            (void)script_num.getvch();
+        }
+    }
+}
diff --git a/src/test/fuzz/util.h b/src/test/fuzz/util.h
index 42afcd941ed1..86b8d406f076 100644
--- a/src/test/fuzz/util.h
+++ b/src/test/fuzz/util.h
@@ -8,9 +8,11 @@
 #include <amount.h>
 #include <attributes.h>
 #include <optional.h>
+#include <script/script.h>
 #include <serialize.h>
 #include <streams.h>
 #include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
 #include <version.h>
 
 #include <cstdint>
@@ -36,7 +38,7 @@
 template <typename T>
 [[ nodiscard ]] inline Optional<T> ConsumeDeserializable(FuzzedDataProvider& fuzzed_data_provider, size_t max_length = 4096) noexcept
 {
-    const std::vector<uint8_t>& buffer = ConsumeRandomLengthByteVector(fuzzed_data_provider, max_length);
+    const std::vector<uint8_t> buffer = ConsumeRandomLengthByteVector(fuzzed_data_provider, max_length);
     CDataStream ds{buffer, SER_NETWORK, INIT_PROTO_VERSION};
     T obj;
     try {
@@ -47,11 +49,28 @@ template <typename T>
     return obj;
 }
 
+[[ nodiscard ]] inline opcodetype ConsumeOpcodeType(FuzzedDataProvider& fuzzed_data_provider) noexcept
+{
+    return static_cast<opcodetype>(fuzzed_data_provider.ConsumeIntegralInRange<uint32_t>(0, MAX_OPCODE));
+}
+
 [[ nodiscard ]] inline CAmount ConsumeMoney(FuzzedDataProvider& fuzzed_data_provider) noexcept
 {
     return fuzzed_data_provider.ConsumeIntegralInRange<CAmount>(0, MAX_MONEY);
 }
 
+[[ nodiscard ]] inline CScript ConsumeScript(FuzzedDataProvider& fuzzed_data_provider) noexcept
+{
+    const std::vector<uint8_t> b = ConsumeRandomLengthByteVector(fuzzed_data_provider);
+    return {b.begin(), b.end()};
+}
+
+[[ nodiscard ]] inline CScriptNum ConsumeScriptNum(FuzzedDataProvider& fuzzed_data_provider) noexcept
+{
+    return CScriptNum{fuzzed_data_provider.ConsumeIntegral<int64_t>()};
+}
+
+
 template <typename T>
 bool MultiplicationOverflow(T i, T j)
 {

From 7a954b8bd761149233bcf00e26aadb12de80b1dc Mon Sep 17 00:00:00 2001
From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com>
Date: Sat, 7 May 2022 13:37:54 +0530
Subject: [PATCH 07/11] merge bitcoin#18423: Add fuzzing harness for
 classes/functions in blockfilter.h. Add integer {de,}serialization fuzzing

---
 src/Makefile.test.include     |  7 ++++++
 src/test/fuzz/blockfilter.cpp | 44 +++++++++++++++++++++++++++++++++++
 src/test/fuzz/integer.cpp     | 40 +++++++++++++++++++++++++++++++
 src/test/fuzz/util.h          | 10 ++++++++
 4 files changed, 101 insertions(+)
 create mode 100644 src/test/fuzz/blockfilter.cpp

diff --git a/src/Makefile.test.include b/src/Makefile.test.include
index f4daa5175d88..6e67a3e975e6 100644
--- a/src/Makefile.test.include
+++ b/src/Makefile.test.include
@@ -20,6 +20,7 @@ FUZZ_TARGETS = \
   test/fuzz/block_filter_deserialize \
   test/fuzz/block_header \
   test/fuzz/block_header_and_short_txids_deserialize \
+  test/fuzz/blockfilter \
   test/fuzz/blockheader_deserialize \
   test/fuzz/blocklocator_deserialize \
   test/fuzz/blockmerkleroot \
@@ -373,6 +374,12 @@ test_fuzz_block_header_and_short_txids_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMO
 test_fuzz_block_header_and_short_txids_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_block_header_and_short_txids_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 
+test_fuzz_blockfilter_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_blockfilter_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_blockfilter_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_blockfilter_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_blockfilter_SOURCES = $(FUZZ_SUITE) test/fuzz/blockfilter.cpp
+
 test_fuzz_blockheader_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DBLOCKHEADER_DESERIALIZE=1
 test_fuzz_blockheader_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_blockheader_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
diff --git a/src/test/fuzz/blockfilter.cpp b/src/test/fuzz/blockfilter.cpp
new file mode 100644
index 000000000000..be9320dcbf2d
--- /dev/null
+++ b/src/test/fuzz/blockfilter.cpp
@@ -0,0 +1,44 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <blockfilter.h>
+#include <optional.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    const Optional<BlockFilter> block_filter = ConsumeDeserializable<BlockFilter>(fuzzed_data_provider);
+    if (!block_filter) {
+        return;
+    }
+    {
+        (void)block_filter->ComputeHeader(ConsumeUInt256(fuzzed_data_provider));
+        (void)block_filter->GetBlockHash();
+        (void)block_filter->GetEncodedFilter();
+        (void)block_filter->GetHash();
+    }
+    {
+        const BlockFilterType block_filter_type = block_filter->GetFilterType();
+        (void)BlockFilterTypeName(block_filter_type);
+    }
+    {
+        const GCSFilter gcs_filter = block_filter->GetFilter();
+        (void)gcs_filter.GetN();
+        (void)gcs_filter.GetParams();
+        (void)gcs_filter.GetEncoded();
+        (void)gcs_filter.Match(ConsumeRandomLengthByteVector(fuzzed_data_provider));
+        GCSFilter::ElementSet element_set;
+        while (fuzzed_data_provider.ConsumeBool()) {
+            element_set.insert(ConsumeRandomLengthByteVector(fuzzed_data_provider));
+            gcs_filter.MatchAny(element_set);
+        }
+    }
+}
diff --git a/src/test/fuzz/integer.cpp b/src/test/fuzz/integer.cpp
index d94595599203..82c5af9e027b 100644
--- a/src/test/fuzz/integer.cpp
+++ b/src/test/fuzz/integer.cpp
@@ -207,4 +207,44 @@ void test_one_input(const std::vector<uint8_t>& buffer)
         stream >> deserialized_b;
         assert(b == deserialized_b && stream.empty());
     }
+
+    {
+        CDataStream stream(SER_NETWORK, INIT_PROTO_VERSION);
+
+        ser_writedata64(stream, u64);
+        const uint64_t deserialized_u64 = ser_readdata64(stream);
+        assert(u64 == deserialized_u64 && stream.empty());
+
+        ser_writedata32(stream, u32);
+        const uint32_t deserialized_u32 = ser_readdata32(stream);
+        assert(u32 == deserialized_u32 && stream.empty());
+
+        ser_writedata32be(stream, u32);
+        const uint32_t deserialized_u32be = ser_readdata32be(stream);
+        assert(u32 == deserialized_u32be && stream.empty());
+
+        ser_writedata16(stream, u16);
+        const uint16_t deserialized_u16 = ser_readdata16(stream);
+        assert(u16 == deserialized_u16 && stream.empty());
+
+        ser_writedata16be(stream, u16);
+        const uint16_t deserialized_u16be = ser_readdata16be(stream);
+        assert(u16 == deserialized_u16be && stream.empty());
+
+        ser_writedata8(stream, u8);
+        const uint8_t deserialized_u8 = ser_readdata8(stream);
+        assert(u8 == deserialized_u8 && stream.empty());
+    }
+
+    {
+        CDataStream stream(SER_NETWORK, INIT_PROTO_VERSION);
+
+        WriteCompactSize(stream, u64);
+        try {
+            const uint64_t deserialized_u64 = ReadCompactSize(stream);
+            assert(u64 == deserialized_u64 && stream.empty());
+        }
+        catch (const std::ios_base::failure&) {
+        }
+    }
 }
diff --git a/src/test/fuzz/util.h b/src/test/fuzz/util.h
index 86b8d406f076..a163dbac8467 100644
--- a/src/test/fuzz/util.h
+++ b/src/test/fuzz/util.h
@@ -13,6 +13,7 @@
 #include <streams.h>
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
+#include <uint256.h>
 #include <version.h>
 
 #include <cstdint>
@@ -71,6 +72,15 @@ template <typename T>
 }
 
 
+[[ nodiscard ]] inline uint256 ConsumeUInt256(FuzzedDataProvider& fuzzed_data_provider) noexcept
+{
+    const std::vector<unsigned char> v256 = fuzzed_data_provider.ConsumeBytes<unsigned char>(sizeof(uint256));
+    if (v256.size() != sizeof(uint256)) {
+        return {};
+    }
+    return uint256{v256};
+}
+
 template <typename T>
 bool MultiplicationOverflow(T i, T j)
 {

From 1b424f6b3b0e85cfe105390091828de2e9e1acdd Mon Sep 17 00:00:00 2001
From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com>
Date: Sat, 7 May 2022 13:38:39 +0530
Subject: [PATCH 08/11] merge bitcoin#18407: Add proof-of-work fuzzing harness

---
 src/Makefile.test.include |  7 ++++
 src/test/fuzz/pow.cpp     | 81 +++++++++++++++++++++++++++++++++++++++
 src/test/fuzz/util.h      |  6 +++
 3 files changed, 94 insertions(+)
 create mode 100644 src/test/fuzz/pow.cpp

diff --git a/src/Makefile.test.include b/src/Makefile.test.include
index 6e67a3e975e6..b7715b03a9ba 100644
--- a/src/Makefile.test.include
+++ b/src/Makefile.test.include
@@ -60,6 +60,7 @@ FUZZ_TARGETS = \
   test/fuzz/prevector \
   test/fuzz/partial_merkle_tree_deserialize \
   test/fuzz/partially_signed_transaction_deserialize \
+  test/fuzz/pow \
   test/fuzz/prefilled_transaction_deserialize \
   test/fuzz/process_messages \
   test/fuzz/process_message \
@@ -614,6 +615,12 @@ test_fuzz_partially_signed_transaction_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMO
 test_fuzz_partially_signed_transaction_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_partially_signed_transaction_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 
+test_fuzz_pow_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_pow_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_pow_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_pow_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_pow_SOURCES = $(FUZZ_SUITE) test/fuzz/pow.cpp
+
 test_fuzz_prefilled_transaction_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DPREFILLED_TRANSACTION_DESERIALIZE=1
 test_fuzz_prefilled_transaction_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_prefilled_transaction_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
diff --git a/src/test/fuzz/pow.cpp b/src/test/fuzz/pow.cpp
new file mode 100644
index 000000000000..0343d33401db
--- /dev/null
+++ b/src/test/fuzz/pow.cpp
@@ -0,0 +1,81 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <chain.h>
+#include <chainparams.h>
+#include <optional.h>
+#include <pow.h>
+#include <primitives/block.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void initialize()
+{
+    SelectParams(CBaseChainParams::MAIN);
+}
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    const Consensus::Params& consensus_params = Params().GetConsensus();
+    std::vector<CBlockIndex> blocks;
+    const uint32_t fixed_time = fuzzed_data_provider.ConsumeIntegral<uint32_t>();
+    const uint32_t fixed_bits = fuzzed_data_provider.ConsumeIntegral<uint32_t>();
+    while (fuzzed_data_provider.remaining_bytes() > 0) {
+        const Optional<CBlockHeader> block_header = ConsumeDeserializable<CBlockHeader>(fuzzed_data_provider);
+        if (!block_header) {
+            continue;
+        }
+        CBlockIndex current_block{*block_header};
+        {
+            CBlockIndex* previous_block = !blocks.empty() ? &blocks[fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, blocks.size() - 1)] : nullptr;
+            const int current_height = (previous_block != nullptr && previous_block->nHeight != std::numeric_limits<int>::max()) ? previous_block->nHeight + 1 : 0;
+            if (fuzzed_data_provider.ConsumeBool()) {
+                current_block.pprev = previous_block;
+            }
+            if (fuzzed_data_provider.ConsumeBool()) {
+                current_block.nHeight = current_height;
+            }
+            if (fuzzed_data_provider.ConsumeBool()) {
+                current_block.nTime = fixed_time + current_height * consensus_params.nPowTargetSpacing;
+            }
+            if (fuzzed_data_provider.ConsumeBool()) {
+                current_block.nBits = fixed_bits;
+            }
+            if (fuzzed_data_provider.ConsumeBool()) {
+                current_block.nChainWork = previous_block != nullptr ? previous_block->nChainWork + GetBlockProof(*previous_block) : arith_uint256{0};
+            } else {
+                current_block.nChainWork = ConsumeArithUInt256(fuzzed_data_provider);
+            }
+            blocks.push_back(current_block);
+        }
+        {
+            (void)GetBlockProof(current_block);
+            (void)CalculateNextWorkRequired(&current_block, fuzzed_data_provider.ConsumeIntegralInRange<int64_t>(0, std::numeric_limits<int64_t>::max()), consensus_params);
+            if (current_block.nHeight != std::numeric_limits<int>::max() && current_block.nHeight - (consensus_params.DifficultyAdjustmentInterval() - 1) >= 0) {
+                (void)GetNextWorkRequired(&current_block, &(*block_header), consensus_params);
+            }
+        }
+        {
+            const CBlockIndex* to = &blocks[fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, blocks.size() - 1)];
+            const CBlockIndex* from = &blocks[fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, blocks.size() - 1)];
+            const CBlockIndex* tip = &blocks[fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, blocks.size() - 1)];
+            try {
+                (void)GetBlockProofEquivalentTime(*to, *from, *tip, consensus_params);
+            } catch (const uint_error&) {
+            }
+        }
+        {
+            const Optional<uint256> hash = ConsumeDeserializable<uint256>(fuzzed_data_provider);
+            if (hash) {
+                (void)CheckProofOfWork(*hash, fuzzed_data_provider.ConsumeIntegral<unsigned int>(), consensus_params);
+            }
+        }
+    }
+}
diff --git a/src/test/fuzz/util.h b/src/test/fuzz/util.h
index a163dbac8467..c19e3373c584 100644
--- a/src/test/fuzz/util.h
+++ b/src/test/fuzz/util.h
@@ -6,6 +6,7 @@
 #define BITCOIN_TEST_FUZZ_UTIL_H
 
 #include <amount.h>
+#include <arith_uint256.h>
 #include <attributes.h>
 #include <optional.h>
 #include <script/script.h>
@@ -81,6 +82,11 @@ template <typename T>
     return uint256{v256};
 }
 
+[[ nodiscard ]] inline arith_uint256 ConsumeArithUInt256(FuzzedDataProvider& fuzzed_data_provider) noexcept
+{
+    return UintToArith256(ConsumeUInt256(fuzzed_data_provider));
+}
+
 template <typename T>
 bool MultiplicationOverflow(T i, T j)
 {

From ee7e37ae01e0557eb2f0d8f16e5bf98666ac4e25 Mon Sep 17 00:00:00 2001
From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com>
Date: Mon, 13 Jun 2022 23:59:08 +0530
Subject: [PATCH 09/11] merge bitcoin#18455: Add fuzzing harness for
 functions/classes in flatfile.h, merkleblock.h, random.h, serialize.h and
 span.h

---
 src/Makefile.test.include     | 28 +++++++++++++++++++++++++
 src/random.h                  | 14 ++++++++-----
 src/test/fuzz/flatfile.cpp    | 30 +++++++++++++++++++++++++++
 src/test/fuzz/merkleblock.cpp | 27 ++++++++++++++++++++++++
 src/test/fuzz/random.cpp      | 31 ++++++++++++++++++++++++++++
 src/test/fuzz/span.cpp        | 39 +++++++++++++++++++++++++++++++++++
 src/test/fuzz/string.cpp      | 29 ++++++++++++++++++++++++++
 src/test/fuzz/util.h          | 19 +++++++++++++----
 8 files changed, 208 insertions(+), 9 deletions(-)
 create mode 100644 src/test/fuzz/flatfile.cpp
 create mode 100644 src/test/fuzz/merkleblock.cpp
 create mode 100644 src/test/fuzz/random.cpp
 create mode 100644 src/test/fuzz/span.cpp

diff --git a/src/Makefile.test.include b/src/Makefile.test.include
index b7715b03a9ba..f4ed000f8b9d 100644
--- a/src/Makefile.test.include
+++ b/src/Makefile.test.include
@@ -37,6 +37,7 @@ FUZZ_TARGETS = \
   test/fuzz/fee_rate \
   test/fuzz/fee_rate_deserialize \
   test/fuzz/flat_file_pos_deserialize \
+  test/fuzz/flatfile \
   test/fuzz/float \
   test/fuzz/hex \
   test/fuzz/integer \
@@ -46,6 +47,7 @@ FUZZ_TARGETS = \
   test/fuzz/key_origin_info_deserialize \
   test/fuzz/locale \
   test/fuzz/merkle_block_deserialize \
+  test/fuzz/merkleblock \
   test/fuzz/messageheader_deserialize \
   test/fuzz/multiplication_overflow \
   test/fuzz/net_permissions \
@@ -67,6 +69,7 @@ FUZZ_TARGETS = \
   test/fuzz/psbt_input_deserialize \
   test/fuzz/psbt_output_deserialize \
   test/fuzz/pub_key_deserialize \
+  test/fuzz/random \
   test/fuzz/rolling_bloom_filter \
   test/fuzz/script \
   test/fuzz/script_deserialize \
@@ -74,6 +77,7 @@ FUZZ_TARGETS = \
   test/fuzz/script_ops \
   test/fuzz/scriptnum_ops \
   test/fuzz/service_deserialize \
+  test/fuzz/span \
   test/fuzz/spanparsing \
   test/fuzz/string \
   test/fuzz/strprintf \
@@ -477,6 +481,12 @@ test_fuzz_flat_file_pos_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 test_fuzz_flat_file_pos_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_flat_file_pos_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 
+test_fuzz_flatfile_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_flatfile_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_flatfile_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_flatfile_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_flatfile_SOURCES = $(FUZZ_SUITE) test/fuzz/flatfile.cpp
+
 test_fuzz_float_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
 test_fuzz_float_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_float_LDADD = $(FUZZ_SUITE_LD_COMMON)
@@ -531,6 +541,12 @@ test_fuzz_merkle_block_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 test_fuzz_merkle_block_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_merkle_block_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 
+test_fuzz_merkleblock_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_merkleblock_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_merkleblock_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_merkleblock_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_merkleblock_SOURCES = $(FUZZ_SUITE) test/fuzz/merkleblock.cpp
+
 test_fuzz_messageheader_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DMESSAGEHEADER_DESERIALIZE=1
 test_fuzz_messageheader_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_messageheader_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
@@ -657,6 +673,12 @@ test_fuzz_pub_key_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 test_fuzz_pub_key_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_pub_key_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 
+test_fuzz_random_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_random_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_random_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_random_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_random_SOURCES = $(FUZZ_SUITE) test/fuzz/random.cpp
+
 test_fuzz_rolling_bloom_filter_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
 test_fuzz_rolling_bloom_filter_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_rolling_bloom_filter_LDADD = $(FUZZ_SUITE_LD_COMMON)
@@ -699,6 +721,12 @@ test_fuzz_service_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 test_fuzz_service_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_service_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 
+test_fuzz_span_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_span_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_span_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_span_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_span_SOURCES = $(FUZZ_SUITE) test/fuzz/span.cpp
+
 test_fuzz_spanparsing_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
 test_fuzz_spanparsing_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_spanparsing_LDADD = $(FUZZ_SUITE_LD_COMMON)
diff --git a/src/random.h b/src/random.h
index 648aa16e2383..cd61693b656c 100644
--- a/src/random.h
+++ b/src/random.h
@@ -106,7 +106,8 @@ void RandAddEvent(const uint32_t event_info) noexcept;
  *
  * This class is not thread-safe.
  */
-class FastRandomContext {
+class FastRandomContext
+{
 private:
     bool requires_seed;
     ChaCha20 rng;
@@ -158,7 +159,8 @@ class FastRandomContext {
     }
 
     /** Generate a random (bits)-bit integer. */
-    uint64_t randbits(int bits) noexcept {
+    uint64_t randbits(int bits) noexcept
+    {
         if (bits == 0) {
             return 0;
         } else if (bits > 32) {
@@ -172,7 +174,9 @@ class FastRandomContext {
         }
     }
 
-    /** Generate a random integer in the range [0..range). */
+    /** Generate a random integer in the range [0..range).
+     * Precondition: range > 0.
+     */
     uint64_t randrange(uint64_t range) noexcept
     {
         assert(range);
@@ -221,7 +225,7 @@ class FastRandomContext {
  * debug mode detects and panics on. This is a known issue, see
  * https://stackoverflow.com/questions/22915325/avoiding-self-assignment-in-stdshuffle
  */
-template<typename I, typename R>
+template <typename I, typename R>
 void Shuffle(I first, I last, R&& rng)
 {
     while (first != last) {
@@ -244,7 +248,7 @@ static const int NUM_OS_RANDOM_BYTES = 32;
 /** Get 32 bytes of system entropy. Do not use this in application code: use
  * GetStrongRandBytes instead.
  */
-void GetOSRand(unsigned char *ent32);
+void GetOSRand(unsigned char* ent32);
 
 /** Check that OS randomness is available and returning the requested number
  * of bytes.
diff --git a/src/test/fuzz/flatfile.cpp b/src/test/fuzz/flatfile.cpp
new file mode 100644
index 000000000000..a55de77df77d
--- /dev/null
+++ b/src/test/fuzz/flatfile.cpp
@@ -0,0 +1,30 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <flatfile.h>
+#include <optional.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <cassert>
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    Optional<FlatFilePos> flat_file_pos = ConsumeDeserializable<FlatFilePos>(fuzzed_data_provider);
+    if (!flat_file_pos) {
+        return;
+    }
+    Optional<FlatFilePos> another_flat_file_pos = ConsumeDeserializable<FlatFilePos>(fuzzed_data_provider);
+    if (another_flat_file_pos) {
+        assert((*flat_file_pos == *another_flat_file_pos) != (*flat_file_pos != *another_flat_file_pos));
+    }
+    (void)flat_file_pos->ToString();
+    flat_file_pos->SetNull();
+    assert(flat_file_pos->IsNull());
+}
diff --git a/src/test/fuzz/merkleblock.cpp b/src/test/fuzz/merkleblock.cpp
new file mode 100644
index 000000000000..eb8fa1d421d4
--- /dev/null
+++ b/src/test/fuzz/merkleblock.cpp
@@ -0,0 +1,27 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <merkleblock.h>
+#include <optional.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+#include <uint256.h>
+
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    Optional<CPartialMerkleTree> partial_merkle_tree = ConsumeDeserializable<CPartialMerkleTree>(fuzzed_data_provider);
+    if (!partial_merkle_tree) {
+        return;
+    }
+    (void)partial_merkle_tree->GetNumTransactions();
+    std::vector<uint256> matches;
+    std::vector<unsigned int> indices;
+    (void)partial_merkle_tree->ExtractMatches(matches, indices);
+}
diff --git a/src/test/fuzz/random.cpp b/src/test/fuzz/random.cpp
new file mode 100644
index 000000000000..7df6594ad691
--- /dev/null
+++ b/src/test/fuzz/random.cpp
@@ -0,0 +1,31 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <random.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <algorithm>
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    FastRandomContext fast_random_context{ConsumeUInt256(fuzzed_data_provider)};
+    (void)fast_random_context.rand64();
+    (void)fast_random_context.randbits(fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 64));
+    (void)fast_random_context.randrange(fuzzed_data_provider.ConsumeIntegralInRange<uint64_t>(FastRandomContext::min() + 1, FastRandomContext::max()));
+    (void)fast_random_context.randbytes(fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 1024));
+    (void)fast_random_context.rand32();
+    (void)fast_random_context.rand256();
+    (void)fast_random_context.randbool();
+    (void)fast_random_context();
+
+    std::vector<int64_t> integrals = ConsumeRandomLengthIntegralVector<int64_t>(fuzzed_data_provider);
+    Shuffle(integrals.begin(), integrals.end(), fast_random_context);
+    std::shuffle(integrals.begin(), integrals.end(), fast_random_context);
+}
diff --git a/src/test/fuzz/span.cpp b/src/test/fuzz/span.cpp
new file mode 100644
index 000000000000..4aea530ef25d
--- /dev/null
+++ b/src/test/fuzz/span.cpp
@@ -0,0 +1,39 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <span.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <cassert>
+#include <cstddef>
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+
+    std::string str = fuzzed_data_provider.ConsumeBytesAsString(32);
+    const Span<const char> span = MakeSpan(str);
+    (void)span.data();
+    (void)span.begin();
+    (void)span.end();
+    if (span.size() > 0) {
+        const std::ptrdiff_t idx = fuzzed_data_provider.ConsumeIntegralInRange<std::ptrdiff_t>(0U, span.size() - 1U);
+        (void)span.first(idx);
+        (void)span.last(idx);
+        (void)span.subspan(idx);
+        (void)span.subspan(idx, span.size() - idx);
+        (void)span[idx];
+    }
+
+    std::string another_str = fuzzed_data_provider.ConsumeBytesAsString(32);
+    const Span<const char> another_span = MakeSpan(another_str);
+    assert((span <= another_span) != (span > another_span));
+    assert((span == another_span) != (span != another_span));
+    assert((span >= another_span) != (span < another_span));
+}
diff --git a/src/test/fuzz/string.cpp b/src/test/fuzz/string.cpp
index a7bc2cb4407e..0a333f1a691e 100644
--- a/src/test/fuzz/string.cpp
+++ b/src/test/fuzz/string.cpp
@@ -11,6 +11,8 @@
 #include <rpc/server.h>
 #include <rpc/util.h>
 #include <script/descriptor.h>
+#include <serialize.h>
+#include <streams.h>
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
 #include <test/fuzz/util.h>
@@ -22,6 +24,7 @@
 #include <util/system.h>
 #include <util/translation.h>
 #include <util/url.h>
+#include <version.h>
 
 #include <cstdint>
 #include <string>
@@ -81,4 +84,30 @@ void test_one_input(const std::vector<uint8_t>& buffer)
     (void)urlDecode(random_string_1);
     (void)ValidAsCString(random_string_1);
     (void)_(random_string_1.c_str());
+
+    {
+        CDataStream data_stream{SER_NETWORK, INIT_PROTO_VERSION};
+        std::string s;
+        auto limited_string = LIMITED_STRING(s, 10);
+        data_stream << random_string_1;
+        try {
+            data_stream >> limited_string;
+            assert(data_stream.empty());
+            assert(s.size() <= random_string_1.size());
+            assert(s.size() <= 10);
+            if (!random_string_1.empty()) {
+                assert(!s.empty());
+            }
+        } catch (const std::ios_base::failure&) {
+        }
+    }
+    {
+        CDataStream data_stream{SER_NETWORK, INIT_PROTO_VERSION};
+        const auto limited_string = LIMITED_STRING(random_string_1, 10);
+        data_stream << limited_string;
+        std::string deserialized_string;
+        data_stream >> deserialized_string;
+        assert(data_stream.empty());
+        assert(deserialized_string == random_string_1);
+    }
 }
diff --git a/src/test/fuzz/util.h b/src/test/fuzz/util.h
index c19e3373c584..7012a8947906 100644
--- a/src/test/fuzz/util.h
+++ b/src/test/fuzz/util.h
@@ -21,13 +21,13 @@
 #include <string>
 #include <vector>
 
-[[ nodiscard ]] inline std::vector<uint8_t> ConsumeRandomLengthByteVector(FuzzedDataProvider& fuzzed_data_provider, size_t max_length = 4096) noexcept
+[[ nodiscard ]] inline std::vector<uint8_t> ConsumeRandomLengthByteVector(FuzzedDataProvider& fuzzed_data_provider, const size_t max_length = 4096) noexcept
 {
     const std::string s = fuzzed_data_provider.ConsumeRandomLengthString(max_length);
     return {s.begin(), s.end()};
 }
 
-[[ nodiscard ]] inline std::vector<std::string> ConsumeRandomLengthStringVector(FuzzedDataProvider& fuzzed_data_provider, size_t max_vector_size = 16, size_t max_string_length = 16) noexcept
+[[ nodiscard ]] inline std::vector<std::string> ConsumeRandomLengthStringVector(FuzzedDataProvider& fuzzed_data_provider, const size_t max_vector_size = 16, const size_t max_string_length = 16) noexcept
 {
     const size_t n_elements = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, max_vector_size);
     std::vector<std::string> r;
@@ -38,7 +38,18 @@
 }
 
 template <typename T>
-[[ nodiscard ]] inline Optional<T> ConsumeDeserializable(FuzzedDataProvider& fuzzed_data_provider, size_t max_length = 4096) noexcept
+[[ nodiscard ]] inline std::vector<T> ConsumeRandomLengthIntegralVector(FuzzedDataProvider& fuzzed_data_provider, const size_t max_vector_size = 16) noexcept
+{
+    const size_t n_elements = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, max_vector_size);
+    std::vector<T> r;
+    for (size_t i = 0; i < n_elements; ++i) {
+        r.push_back(fuzzed_data_provider.ConsumeIntegral<T>());
+    }
+    return r;
+}
+
+template <typename T>
+[[ nodiscard ]] inline Optional<T> ConsumeDeserializable(FuzzedDataProvider& fuzzed_data_provider, const size_t max_length = 4096) noexcept
 {
     const std::vector<uint8_t> buffer = ConsumeRandomLengthByteVector(fuzzed_data_provider, max_length);
     CDataStream ds{buffer, SER_NETWORK, INIT_PROTO_VERSION};
@@ -88,7 +99,7 @@ template <typename T>
 }
 
 template <typename T>
-bool MultiplicationOverflow(T i, T j)
+[[ nodiscard ]] bool MultiplicationOverflow(const T i, const T j) noexcept
 {
     static_assert(std::is_integral<T>::value, "Integral required.");
     if (std::numeric_limits<T>::is_signed) {

From d016ccd0658b46ad1e5d50406da6a57b1ae1b6f8 Mon Sep 17 00:00:00 2001
From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com>
Date: Wed, 6 Jul 2022 21:57:21 +0530
Subject: [PATCH 10/11] merge bitcoin#18565: Add fuzzing harnesses for
 classes/functions in checkqueue.h and cuckoocache.h. Add fuzzing coverage.

---
 src/Makefile.test.include           | 21 ++++++++++
 src/test/fuzz/addition_overflow.cpp | 55 ++++++++++++++++++++++++
 src/test/fuzz/checkqueue.cpp        | 65 +++++++++++++++++++++++++++++
 src/test/fuzz/cuckoocache.cpp       | 49 ++++++++++++++++++++++
 src/test/fuzz/integer.cpp           | 16 ++++++-
 src/test/fuzz/util.h                | 11 +++++
 6 files changed, 215 insertions(+), 2 deletions(-)
 create mode 100644 src/test/fuzz/addition_overflow.cpp
 create mode 100644 src/test/fuzz/checkqueue.cpp
 create mode 100644 src/test/fuzz/cuckoocache.cpp

diff --git a/src/Makefile.test.include b/src/Makefile.test.include
index f4ed000f8b9d..a76e31de2e25 100644
--- a/src/Makefile.test.include
+++ b/src/Makefile.test.include
@@ -5,6 +5,7 @@
 
 
 FUZZ_TARGETS = \
+  test/fuzz/addition_overflow \
   test/fuzz/addr_info_deserialize \
   test/fuzz/addrdb \
   test/fuzz/address_deserialize \
@@ -29,7 +30,9 @@ FUZZ_TARGETS = \
   test/fuzz/blockundo_deserialize \
   test/fuzz/bloom_filter \
   test/fuzz/bloomfilter_deserialize \
+  test/fuzz/checkqueue \
   test/fuzz/coins_deserialize \
+  test/fuzz/cuckoocache \
   test/fuzz/decode_tx \
   test/fuzz/descriptor_parse \
   test/fuzz/diskblockindex_deserialize \
@@ -289,6 +292,12 @@ test_test_dash_LDADD += $(LIBBITCOIN_ZMQ) $(ZMQ_LIBS)
 endif
 
 if ENABLE_FUZZ
+test_fuzz_addition_overflow_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_addition_overflow_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_addition_overflow_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_addition_overflow_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_addition_overflow_SOURCES = $(FUZZ_SUITE) test/fuzz/addition_overflow.cpp
+
 test_fuzz_addr_info_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DADDR_INFO_DESERIALIZE=1
 test_fuzz_addr_info_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_addr_info_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
@@ -433,12 +442,24 @@ test_fuzz_bloomfilter_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 test_fuzz_bloomfilter_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_bloomfilter_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 
+test_fuzz_checkqueue_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_checkqueue_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_checkqueue_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_checkqueue_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_checkqueue_SOURCES = $(FUZZ_SUITE) test/fuzz/checkqueue.cpp
+
 test_fuzz_coins_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DCOINS_DESERIALIZE=1
 test_fuzz_coins_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_coins_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 test_fuzz_coins_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_coins_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 
+test_fuzz_cuckoocache_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_cuckoocache_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_cuckoocache_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_cuckoocache_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_cuckoocache_SOURCES = $(FUZZ_SUITE) test/fuzz/cuckoocache.cpp
+
 test_fuzz_decode_tx_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
 test_fuzz_decode_tx_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_decode_tx_LDADD = $(FUZZ_SUITE_LD_COMMON)
diff --git a/src/test/fuzz/addition_overflow.cpp b/src/test/fuzz/addition_overflow.cpp
new file mode 100644
index 000000000000..a455992b137f
--- /dev/null
+++ b/src/test/fuzz/addition_overflow.cpp
@@ -0,0 +1,55 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <cstdint>
+#include <string>
+#include <vector>
+
+#if defined(__has_builtin)
+#if __has_builtin(__builtin_add_overflow)
+#define HAVE_BUILTIN_ADD_OVERFLOW
+#endif
+#elif defined(__GNUC__) && (__GNUC__ >= 5)
+#define HAVE_BUILTIN_ADD_OVERFLOW
+#endif
+
+namespace {
+template <typename T>
+void TestAdditionOverflow(FuzzedDataProvider& fuzzed_data_provider)
+{
+    const T i = fuzzed_data_provider.ConsumeIntegral<T>();
+    const T j = fuzzed_data_provider.ConsumeIntegral<T>();
+    const bool is_addition_overflow_custom = AdditionOverflow(i, j);
+#if defined(HAVE_BUILTIN_ADD_OVERFLOW)
+    T result_builtin;
+    const bool is_addition_overflow_builtin = __builtin_add_overflow(i, j, &result_builtin);
+    assert(is_addition_overflow_custom == is_addition_overflow_builtin);
+    if (!is_addition_overflow_custom) {
+        assert(i + j == result_builtin);
+    }
+#else
+    if (!is_addition_overflow_custom) {
+        (void)(i + j);
+    }
+#endif
+}
+} // namespace
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    TestAdditionOverflow<int64_t>(fuzzed_data_provider);
+    TestAdditionOverflow<uint64_t>(fuzzed_data_provider);
+    TestAdditionOverflow<int32_t>(fuzzed_data_provider);
+    TestAdditionOverflow<uint32_t>(fuzzed_data_provider);
+    TestAdditionOverflow<int16_t>(fuzzed_data_provider);
+    TestAdditionOverflow<uint16_t>(fuzzed_data_provider);
+    TestAdditionOverflow<char>(fuzzed_data_provider);
+    TestAdditionOverflow<unsigned char>(fuzzed_data_provider);
+    TestAdditionOverflow<signed char>(fuzzed_data_provider);
+}
diff --git a/src/test/fuzz/checkqueue.cpp b/src/test/fuzz/checkqueue.cpp
new file mode 100644
index 000000000000..2ed097b82758
--- /dev/null
+++ b/src/test/fuzz/checkqueue.cpp
@@ -0,0 +1,65 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <checkqueue.h>
+#include <optional.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <cstdint>
+#include <string>
+#include <vector>
+
+namespace {
+struct DumbCheck {
+    const bool result = false;
+
+    DumbCheck() = default;
+
+    explicit DumbCheck(const bool _result) : result(_result)
+    {
+    }
+
+    bool operator()() const
+    {
+        return result;
+    }
+
+    void swap(DumbCheck& x)
+    {
+    }
+};
+} // namespace
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+
+    const unsigned int batch_size = fuzzed_data_provider.ConsumeIntegralInRange<unsigned int>(0, 1024);
+    CCheckQueue<DumbCheck> check_queue_1{batch_size};
+    CCheckQueue<DumbCheck> check_queue_2{batch_size};
+    std::vector<DumbCheck> checks_1;
+    std::vector<DumbCheck> checks_2;
+    const int size = fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 1024);
+    for (int i = 0; i < size; ++i) {
+        const bool result = fuzzed_data_provider.ConsumeBool();
+        checks_1.emplace_back(result);
+        checks_2.emplace_back(result);
+    }
+    if (fuzzed_data_provider.ConsumeBool()) {
+        check_queue_1.Add(checks_1);
+    }
+    if (fuzzed_data_provider.ConsumeBool()) {
+        (void)check_queue_1.Wait();
+    }
+
+    CCheckQueueControl<DumbCheck> check_queue_control{&check_queue_2};
+    if (fuzzed_data_provider.ConsumeBool()) {
+        check_queue_control.Add(checks_2);
+    }
+    if (fuzzed_data_provider.ConsumeBool()) {
+        (void)check_queue_control.Wait();
+    }
+}
diff --git a/src/test/fuzz/cuckoocache.cpp b/src/test/fuzz/cuckoocache.cpp
new file mode 100644
index 000000000000..f674efe1b12a
--- /dev/null
+++ b/src/test/fuzz/cuckoocache.cpp
@@ -0,0 +1,49 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <cuckoocache.h>
+#include <optional.h>
+#include <script/sigcache.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+#include <test/util/setup_common.h>
+
+#include <cstdint>
+#include <string>
+#include <vector>
+
+namespace {
+FuzzedDataProvider* fuzzed_data_provider_ptr = nullptr;
+
+struct RandomHasher {
+    template <uint8_t>
+    uint32_t operator()(const bool& /* unused */) const
+    {
+        assert(fuzzed_data_provider_ptr != nullptr);
+        return fuzzed_data_provider_ptr->ConsumeIntegral<uint32_t>();
+    }
+};
+} // namespace
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    fuzzed_data_provider_ptr = &fuzzed_data_provider;
+    CuckooCache::cache<bool, RandomHasher> cuckoo_cache{};
+    if (fuzzed_data_provider.ConsumeBool()) {
+        const size_t megabytes = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 16);
+        cuckoo_cache.setup_bytes(megabytes << 20);
+    } else {
+        cuckoo_cache.setup(fuzzed_data_provider.ConsumeIntegralInRange<uint32_t>(0, 4096));
+    }
+    while (fuzzed_data_provider.ConsumeBool()) {
+        if (fuzzed_data_provider.ConsumeBool()) {
+            cuckoo_cache.insert(fuzzed_data_provider.ConsumeBool());
+        } else {
+            cuckoo_cache.contains(fuzzed_data_provider.ConsumeBool(), fuzzed_data_provider.ConsumeBool());
+        }
+    }
+    fuzzed_data_provider_ptr = nullptr;
+}
diff --git a/src/test/fuzz/integer.cpp b/src/test/fuzz/integer.cpp
index 82c5af9e027b..21061e08ac9a 100644
--- a/src/test/fuzz/integer.cpp
+++ b/src/test/fuzz/integer.cpp
@@ -22,6 +22,7 @@
 #include <streams.h>
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
 #include <time.h>
 #include <uint256.h>
 #include <util/moneystr.h>
@@ -33,6 +34,7 @@
 #include <cassert>
 #include <chrono>
 #include <limits>
+#include <set>
 #include <vector>
 
 void initialize()
@@ -81,8 +83,12 @@ void test_one_input(const std::vector<uint8_t>& buffer)
     }
     (void)GetSizeOfCompactSize(u64);
     (void)GetSpecialScriptSize(u32);
-    // (void)GetVirtualTransactionSize(i64, i64); // function defined only for a subset of int64_t inputs
-    // (void)GetVirtualTransactionSize(i64, i64, u32); // function defined only for a subset of int64_t/uint32_t inputs
+    if (!MultiplicationOverflow(i64, static_cast<int64_t>(::nBytesPerSigOp)) && !AdditionOverflow(i64 * ::nBytesPerSigOp, static_cast<int64_t>(4))) {
+        (void)GetVirtualTransactionSize(i64, i64);
+    }
+    if (!MultiplicationOverflow(i64, static_cast<int64_t>(u32)) && !AdditionOverflow(i64, static_cast<int64_t>(4)) && !AdditionOverflow(i64 * u32, static_cast<int64_t>(4))) {
+        (void)GetVirtualTransactionSize(i64, i64, u32);
+    }
     (void)HexDigit(ch);
     (void)MoneyRange(i64);
     (void)i64tostr(i64);
@@ -101,6 +107,12 @@ void test_one_input(const std::vector<uint8_t>& buffer)
     (void)memusage::DynamicUsage(u8);
     const unsigned char uch = static_cast<unsigned char>(u8);
     (void)memusage::DynamicUsage(uch);
+    {
+        const std::set<int64_t> i64s{i64, static_cast<int64_t>(u64)};
+        const size_t dynamic_usage = memusage::DynamicUsage(i64s);
+        const size_t incremental_dynamic_usage = memusage::IncrementalDynamicUsage(i64s);
+        assert(dynamic_usage == incremental_dynamic_usage * i64s.size());
+    }
     (void)MillisToTimeval(i64);
     const double d = ser_uint64_to_double(u64);
     assert(ser_double_to_uint64(d) == u64);
diff --git a/src/test/fuzz/util.h b/src/test/fuzz/util.h
index 7012a8947906..a18b91eb5dd0 100644
--- a/src/test/fuzz/util.h
+++ b/src/test/fuzz/util.h
@@ -121,4 +121,15 @@ template <typename T>
     }
 }
 
+template <class T>
+[[ nodiscard ]] bool AdditionOverflow(const T i, const T j) noexcept
+{
+    static_assert(std::is_integral<T>::value, "Integral required.");
+    if (std::numeric_limits<T>::is_signed) {
+        return (i > 0 && j > std::numeric_limits<T>::max() - i) ||
+               (i < 0 && j < std::numeric_limits<T>::min() - i);
+    }
+    return std::numeric_limits<T>::max() - i < j;
+}
+
 #endif // BITCOIN_TEST_FUZZ_UTIL_H

From 571584218771bfcbc85a282dc2e5eb3786d6b722 Mon Sep 17 00:00:00 2001
From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com>
Date: Wed, 3 Mar 2021 12:22:34 +0200
Subject: [PATCH 11/11] merge bitcoin#21349: Fix fuzz-cuckoocache
 cross-compiling for Windows with DEBUG=1

---
 src/test/fuzz/cuckoocache.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/fuzz/cuckoocache.cpp b/src/test/fuzz/cuckoocache.cpp
index f674efe1b12a..0c4a29f9667b 100644
--- a/src/test/fuzz/cuckoocache.cpp
+++ b/src/test/fuzz/cuckoocache.cpp
@@ -31,7 +31,7 @@ void test_one_input(const std::vector<uint8_t>& buffer)
 {
     FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
     fuzzed_data_provider_ptr = &fuzzed_data_provider;
-    CuckooCache::cache<bool, RandomHasher> cuckoo_cache{};
+    CuckooCache::cache<int, RandomHasher> cuckoo_cache{};
     if (fuzzed_data_provider.ConsumeBool()) {
         const size_t megabytes = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 16);
         cuckoo_cache.setup_bytes(megabytes << 20);