From f919d919eb8425ef2bb25aa0ebf61c90ab9b07fa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C5=91rinc?= <pap.lorinc@gmail.com>
Date: Fri, 27 Dec 2024 22:16:25 +0100
Subject: [PATCH] fuzz: Add fuzzing for max_ret_len in
 DecodeBase58/DecodeBase58Check

Different values are used for max_ret_len throughout the codebase (e.g., 21, 34, 78).
Theoretically, negative and zero values are also permitted. Let's stress-test those as well.

Co-authored-by: brunoerg <brunoely.gc@gmail.com>
---
 src/test/fuzz/base_encode_decode.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/test/fuzz/base_encode_decode.cpp b/src/test/fuzz/base_encode_decode.cpp
index df3c10b4b1d..06b249fb8d3 100644
--- a/src/test/fuzz/base_encode_decode.cpp
+++ b/src/test/fuzz/base_encode_decode.cpp
@@ -21,10 +21,11 @@ FUZZ_TARGET(base58_encode_decode)
 {
     FuzzedDataProvider provider(buffer.data(), buffer.size());
     const std::string random_string{provider.ConsumeRandomLengthString(1000)};
+    const int max_ret_len{provider.ConsumeIntegralInRange<int>(-1, 1000)};
 
     // Decode/Encode roundtrip
     std::vector<unsigned char> decoded;
-    if (DecodeBase58(random_string, decoded, 100)) {
+    if (DecodeBase58(random_string, decoded, max_ret_len)) {
         const auto encoded_string{EncodeBase58(decoded)};
         assert(encoded_string == TrimStringView(random_string));
         assert(encoded_string.empty() || !DecodeBase58(encoded_string, decoded, provider.ConsumeIntegralInRange<int>(0, decoded.size() - 1)));
@@ -40,10 +41,11 @@ FUZZ_TARGET(base58check_encode_decode)
 {
     FuzzedDataProvider provider(buffer.data(), buffer.size());
     const std::string random_string{provider.ConsumeRandomLengthString(1000)};
+    const int max_ret_len{provider.ConsumeIntegralInRange<int>(-1, 1000)};
 
     // Decode/Encode roundtrip
     std::vector<unsigned char> decoded;
-    if (DecodeBase58Check(random_string, decoded, 100)) {
+    if (DecodeBase58Check(random_string, decoded, max_ret_len)) {
         const auto encoded_string{EncodeBase58Check(decoded)};
         assert(encoded_string == TrimStringView(random_string));
         assert(encoded_string.empty() || !DecodeBase58Check(encoded_string, decoded, provider.ConsumeIntegralInRange<int>(0, decoded.size() - 1)));