feat(fuzz): add SharpFuzz-based fuzzing for untrusted-input parsers
New tests/PalladiumWallet.Fuzz project: one target per parser that consumes untrusted input (block headers, Merkle proofs, peer lists, wallet files, user-pasted mnemonics/keys/addresses/amounts), each encoding the parser's documented error contract - any exception beyond that contract is a finding, reported as a crash. Three ways to run: the seed corpus (with regression inputs for every crash found so far, including the two fixed in prior commits) replays automatically inside dotnet test via FuzzCorpusTests, so a fixed contract violation can't silently return; a built-in random-mutation mode needs no external tooling (dotnet run -- <target> --random N); and fuzz.sh drives real coverage-guided campaigns via afl++ + SharpFuzz instrumentation for pre-release or post-parser-change runs.
This commit is contained in:
@@ -0,0 +1 @@
|
||||
[[1,2,3],{"a":1},"x",[["h","n",[42,"t"]]]]
|
||||
@@ -0,0 +1 @@
|
||||
[["1.2.3.4","peer.example",["v1.4.2","p10","t50001","‡50002"]]]
|
||||
@@ -0,0 +1 @@
|
||||
[["1.2.3.4","peer.example",["v1.4.2","p10","t50001","s50002"]]]
|
||||
Reference in New Issue
Block a user