fuzz-tests: Add a test for calculate_our_funding()

[Chand-ra]

Checklist

Before submitting the PR, ensure the following tasks are completed. If an item is not applicable to your PR, please mark it as checked:

• The changelog has been updated in the relevant commit(s) according to the guidelines.
• Tests have been added or modified to reflect the changes.
• Documentation has been reviewed and updated as needed.
• Related issues have been listed and linked, including any that this PR closes.

[Chand-ra]

Hey @morehouse ,

this test fails with the error:

our_funds 0 < per_channel_min 18446744073709551615

but the function under test, plugins/funder_policy.c::calculate_our_funding(), has a check that's supposed to guard against this error:

if (amount_sat_less(*our_funding, policy->per_channel_min)) {
	*our_funding = AMOUNT_SAT(0);
	return error;
...
...
...
}

What could be the cause? I tried inspecting the breakage using gdb but the values upon inspection seem to vary from the error output. I've added the breaking input as the corpus, I'd appreciate your thoughts on this.

[morehouse]

When it fails, is our_funds always 0?

The check is skipped when the returned amount is 0.

lightning/plugins/funder_policy.c

Lines 297 to 299 in ad2dc97

	/* Don't return an 'error' if we're already at 0 */
	if (amount_sat_is_zero(*our_funding))
	return NULL;

[Chand-ra]

This test is now ready to review.

[morehouse]

I'm pretty sure this multiplication overflows u32.

[Chand-ra]

I copied this over from tests/fuzz/fuzz-close_tx.c:

57     max = AMOUNT_SAT((u32)WALLY_SATOSHI_PER_BTC * WALLY_BTC_MAX);

Should I fix it there as well? Possibly by making this small change:

(u64)WALLY_SATOSHI_PER_BTC

[morehouse]

Yes, please create a separate PR for that fix and then run the fuzz target to make sure it still works.

[morehouse]

Nit: whitespace

Suggested change

	amt.satoshis %= (MAX_BTC + 1);
	amt.satoshis %= (MAX_BTC + 1);

[morehouse]

Since data is only ever read using fromwire* functions, we probably don't need to check size at all. If we run out of data, fromwire should automatically return 0 values.

[morehouse]

exp_our_funds is unused.

[morehouse]

This is the max channel size allowed.

Suggested change

	struct amount_sat channel_size;
	struct amount_sat max_channel_size;

[Chand-ra]

Hey @morehouse, I have incorporated the above suggestions. Regarding the policy->mod bounds that we discussed yesterday, I found this article that documents them and I’ve integrated that information into the test as well. The updated test no longer breaks.

[morehouse]

This target leaks memory:

==280594== ERROR: libFuzzer: out-of-memory (used: 2067Mb; limit: 2048Mb)        
   To change the out-of-memory limit use -rss_limit_mb=<N>                      
                                                                                
Live Heap Allocations: 1131892148 bytes in 20471300 chunks; quarantined: 2801018
 bytes in 29456 chunks; 1788983 other chunks; total chunks: 22289739; showing to
p 95% (at most 8 unique contexts)                                               

I think clean_tmpctx should fix it.

[morehouse]

Nit: we can reduce the scope of our_last_funds_val

Suggested change

	struct amount_sat our_last_funds_val;
	if (flag)
	{
	our_last_funds_val = fromwire_amount_sat_bounded(&data, &size);
	tcase.our_last_funds = &our_last_funds_val;
	}
	if (flag)
	{
	struct amount_sat our_last_funds_val = fromwire_amount_sat_bounded(&data, &size);
	tcase.our_last_funds = &our_last_funds_val;
	}

[morehouse]

Nit: we could improve readability by creating a helper function to populate tcase for us.

[morehouse]

It seems this isn't freeing all the memory that calculate_our_funding allocates. Let's replace this with clean_tmpctx on every iteration.