Merge e343610 into merged_master (Elements PR #1414)

delta1 · delta1 · commit ed487fc09634 · 2025-02-18T16:51:36.000+02:00
diff --git a/src/test/fuzz/simplicity_tx.cpp b/src/test/fuzz/simplicity_tx.cpp
@@ -2,7 +2,6 @@
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
-#include <cstdio>
 #include <span.h>
 #include <kernel/validation_cache_sizes.h>
 #include <primitives/transaction.h>
@@ -67,14 +66,6 @@ void initialize_simplicity_tx()
     INPUT_ASSET_CONF.vchCommitment[0] = 0x0a;
 }
 
-void write_u32(FILE *fh, uint32_t val) {
-    unsigned char buf[4];
-
-    val = htole32(val);
-    memcpy(buf, &val, 4);
-    assert(fwrite(buf, 1, 4, fh) == 4);
-}
-
 FUZZ_TARGET_INIT(simplicity_tx, initialize_simplicity_tx)
 {
     simplicity_err error;
@@ -124,6 +115,7 @@ FUZZ_TARGET_INIT(simplicity_tx, initialize_simplicity_tx)
     // 3. Construct `nIn` and `spent_outs` arrays.
     bool expect_simplicity = false;
     std::vector<CTxOut> spent_outs{};
+    unsigned char last_cmr[32] = { 0 };
     for (unsigned int i = 0; i < mtx.vin.size(); i++) {
         // Null asset or value would assert in the interpreter, and are impossible
         // to hit in real transactions. Nonces are not included in the UTXO set and
@@ -162,6 +154,15 @@ FUZZ_TARGET_INIT(simplicity_tx, initialize_simplicity_tx)
                     // Compute CMR and do some sanity checks on it (and the program)
                     std::vector<unsigned char> cmr(32, 0);
                     assert(simplicity_computeCmr(&error, cmr.data(), program.data(), program.size()));
+                    if (error == SIMPLICITY_NO_ERROR) {
+                        if (memcmp(last_cmr, cmr.data(), sizeof(last_cmr)) == 0) {
+                            // If we have already seen this CMR this transaction, try mangling
+                            // it to check that this produces a CMR error and not something worse.
+                            cmr.data()[1] ^= 1;
+                        }
+                        memcpy(last_cmr, cmr.data(), sizeof(last_cmr));
+                    }
+
                     const XOnlyPubKey internal{Span{control}.subspan(1, TAPROOT_CONTROL_BASE_SIZE - 1)};
 
                     const CScript leaf_script{cmr.begin(), cmr.end()};
