Fuzz test hedera_format_amount

fuzzing/CMakeLists.txt

@@ -77,6 +77,7 @@ add_executable(fuzz_proto_full
     ../tests/unit/mock/putchar.c
     ../tests/unit/mock/staking_mock.c
     ../tests/unit/mock/token_lookup_mock.c
+    ../src/hedera_format_amount.c
 )
 target_compile_definitions(fuzz_proto_full PRIVATE NO_BOLOS_SDK=1)
 target_compile_definitions(fuzz_proto_full PRIVATE PB_SYSTEM_HEADER="nanopb_system.h")
@@ -89,4 +90,11 @@ add_executable(fuzz_evm_payload
     ../src/evm_parser.c
 )
 target_compile_definitions(fuzz_evm_payload PRIVATE NO_BOLOS_SDK=1)
-target_link_libraries(fuzz_evm_payload mock_bolos)
+target_link_libraries(fuzz_evm_payload mock_bolos)
+
+add_executable(fuzz_hedera_format_amount
+    fuzzer_hedera_format_amount.c
+    ../src/hedera_format_amount.c
+)
+target_compile_definitions(fuzz_hedera_format_amount PRIVATE NO_BOLOS_SDK=1)
+target_link_libraries(fuzz_hedera_format_amount mock_bolos)

fuzzing/corpus/hedera_format_amount/52a719f9d01e6a1882f97bc011e52c80f807e955

@@ -0,0 +1 @@
+˜

fuzzing/corpus/hedera_format_amount/62399d6d1e18ce79ab91c1a3475f2b49be33500d

@@ -0,0 +1,2 @@
+
+ÿÿÿÿÿkÿ

fuzzing/corpus/hedera_format_amount/6448dcc065b65939aa646b6a9104eefdb3cf2e92

@@ -0,0 +1 @@
+ÿÿÿÿÿÿÿÿÿ

fuzzing/corpus/hedera_format_amount/a1d83033b232221ab32f5ffe8c9775ecbb6c9cb8

@@ -0,0 +1,2 @@
+ØØØØØØ
+1

fuzzing/corpus/hedera_format_amount/dabe30a519cb3bf7788cd93aee70282a29d96ee7

@@ -0,0 +1,2 @@
+ØØ
+ØØØ1Ø

fuzzing/fuzzer_hedera_format_amount.c

@@ -0,0 +1,20 @@
+#include <stdint.h>
+#include <stddef.h>
+#include <string.h>
+
+#include "hedera_format_amount.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+    if (!data || size == 0) return 0;
+
+    uint64_t amount = 0;
+    uint8_t decimals = 0;
+
+    if (size >= 8) memcpy(&amount, data, 8);
+    if (size >= 9) decimals = data[8];
+
+    (void)hedera_format_amount(amount, decimals);
+    (void)hedera_format_amount(amount, (uint8_t)(decimals % 32));
+
+    return 0;
+}

fuzzing/run_fuzzing.sh

@@ -61,6 +61,7 @@ setup_directories() {
     # Create corpus directories for each fuzzer
     mkdir -p "$CORPUS_DIR/proto_varlen_parser"
     mkdir -p "$CORPUS_DIR/evm_payload"
+    mkdir -p "$CORPUS_DIR/hedera_format_amount"
 
     print_status "Directories created"
 }
@@ -89,7 +90,9 @@ generate_corpus() {
     printf "\\xFF\\xFF\\xFF\\xFF\\x0F\\x0A\\x05Hello" > "$CORPUS_DIR/proto_varlen_parser/large_field.bin"
     printf "\\x00\\x01" > "$CORPUS_DIR/proto_varlen_parser/invalid_field.bin"
     printf "\\x0F\\x01" > "$CORPUS_DIR/proto_varlen_parser/unknown_wire.bin"
-
+    # hedera_format_amount seeds
+    printf "\x01\x00\x00\x00\x00\x00\x00\x00\x08" > "$CORPUS_DIR/hedera_format_amount/one_dec8.bin"
+    printf "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x13" > "$CORPUS_DIR/hedera_format_amount/max_dec19.bin"
     # EVM payload seeds
     # ERC20 transfer selector only
     printf "\xA9\x05\x9C\xBB" > "$CORPUS_DIR/evm_payload/selector.bin"
@@ -156,7 +159,7 @@ run_fuzzer() {
 run_all_fuzzers() {
     print_status "Starting fuzzing campaign..."
 
-    local fuzzers=("proto_varlen_parser" "evm_payload")
+    local fuzzers=("proto_varlen_parser" "evm_payload" "hedera_format_amount")
 
     for fuzzer in "${fuzzers[@]}"; do
         run_fuzzer "$fuzzer" "$FUZZ_TIME"

src/hedera_format.c

@@ -1,79 +1,12 @@
 #include "hedera_format.h"
+#include "hedera_format_amount.h"
 
 #include "staking.h"
 #include "time_format.h"
 
 #define BUF_SIZE 32
 
-static char *hedera_format_amount(uint64_t amount, uint8_t decimals) {
-    static char buf[BUF_SIZE];
-
-    // NOTE: format of amounts are not sensitive
-    memset(buf, 0, BUF_SIZE);
-
-    // Quick shortcut if the amount is zero
-    // Regardless of decimals, the output is always "0"
-    if (amount == 0) {
-        buf[0] = '0';
-        buf[1] = '\0';
-
-        return buf;
-    }
-
-    // NOTE: we silently fail with a decimal value > 20
-    //  this function shuold only be called on decimal values smaller than 20
-    if (decimals >= 20) return buf;
-
-    int i = 0;
-
-    while (i < (BUF_SIZE - 1) && (amount > 0 || i < decimals)) {
-        int digit = amount % 10;
-        amount /= 10;
-
-        buf[i++] = '0' + digit;
-
-        if (i == decimals) {
-            buf[i++] = '.';
-        }
-    }
-
-    if (buf[i - 1] == '.') {
-        buf[i++] = '0';
-    }
-
-    int size = i;
-    int j = 0;
-    char tmp;
-
-    while (j < i) {
-        i -= 1;
-
-        tmp = buf[j];
-        buf[j] = buf[i];
-        buf[i] = tmp;
-
-        j += 1;
-    }
-
-    for (j = size - 1; j > 0; j--) {
-        if (buf[j] == '0') {
-            continue;
-        } else if (buf[j] == '.') {
-            break;
-        } else {
-            j += 1;
-            break;
-        }
-    }
-
-    if (j < size - 1) {
-        buf[j] = '\0';
-    }
-
-    return buf;
-}
-
-static char *hedera_format_tinybar(uint64_t tinybar) {
+static const char *hedera_format_tinybar(uint64_t tinybar) {
     return hedera_format_amount(tinybar, 8);
 }
 

src/hedera_format_amount.c

@@ -0,0 +1,66 @@
+#include <string.h>
+#include "hedera_format_amount.h"
+
+#define BUF_SIZE 32
+
+const char *hedera_format_amount(uint64_t amount, uint8_t decimals) {
+    static char buf[BUF_SIZE];
+
+    memset(buf, 0, BUF_SIZE);
+
+    if (amount == 0) {
+        buf[0] = '0';
+        buf[1] = '\0';
+        return buf;
+    }
+
+    if (decimals >= 20) return buf;
+
+    int i = 0;
+
+    while (i < (BUF_SIZE - 1) && (amount > 0 || i < decimals)) {
+        int digit = amount % 10;
+        amount /= 10;
+
+        buf[i++] = '0' + digit;
+
+        if (i == decimals) {
+            buf[i++] = '.';
+        }
+    }
+
+    if (buf[i - 1] == '.') {
+        buf[i++] = '0';
+    }
+
+    int size = i;
+    int j = 0;
+    char tmp;
+
+    while (j < i) {
+        i -= 1;
+
+        tmp = buf[j];
+        buf[j] = buf[i];
+        buf[i] = tmp;
+
+        j += 1;
+    }
+
+    for (j = size - 1; j > 0; j--) {
+        if (buf[j] == '0') {
+            continue;
+        } else if (buf[j] == '.') {
+            break;
+        } else {
+            j += 1;
+            break;
+        }
+    }
+
+    if (j < size - 1) {
+        buf[j] = '\0';
+    }
+
+    return buf;
+}

src/hedera_format_amount.h

@@ -0,0 +1,4 @@
+#pragma once
+#include <stdint.h>
+
+const char *hedera_format_amount(uint64_t amount, uint8_t decimals);

tests/unit/CMakeLists.txt

@@ -84,6 +84,7 @@ add_executable(test_sign_contract_call
     ../../src/printf.c
     ../../src/time_format.c
     ../../src/hedera_format.c
+    ../../src/hedera_format_amount.c
     ../../proto/timestamp.pb.c
     ../../proto/wrappers.pb.c
     ../../proto/contract_call.pb.c
@@ -140,6 +141,7 @@ add_executable(test_pb_decode_erc20
     ../../src/sign_contract_call.c
     ../../src/evm_parser.c
     ../../src/hedera_format.c
+    ../../src/hedera_format_amount.c
     ../../src/time_format.c
     ../../src/printf.c
     ../../src/ui/app_globals.h