search

status-im / nimbus-eth2

Nim implementation of the Ethereum Beacon Chain
https://nimbus.guide
Other
536 stars 231 forks source link

[Crash/Fuzzing] IndexError during Beaconstate SSZ parsing #2 (container empty) #920

Closed pventuzelo closed 4 years ago

pventuzelo commented 4 years ago

During fuzzing with beacon-fuzz, I triggered an IndexError during parsing of Beaconstate ssz file with mainnet preset.

Error: unhandled exception: index out of bounds, the container is empty [IndexError]

This bug is similar to https://github.com/status-im/nim-beacon-chain/issues/896 but 896 has been fixed and this input sample is different.

Reproducing

Download: indexError_2_beaconstate_empty_container_nimbus_devel.zip

branch: devel commit: 65ca74c9807dd53a6a9d4a5ec0f6204065f700fa

Load the file using ncli_pretty:

$ make

$ cd ncli

$ ../env.sh nim c -d:const_preset=mainnet ncli_pretty

$ ./ncli_pretty --kind=state --file= indexError_2_beaconstate_empty_container_nimbus_devel.ssz 
Traceback (most recent call last, using override)
XXX/nim-beacon-chain/vendor/nim-confutils/confutils.nim(981) confutils
XXX/nim-beacon-chain/vendor/nim-faststreams/faststreams/input_stream.nim(69) CLI
XXX/nim-beacon-chain/vendor/nimbus-build-system/vendor/Nim/lib/system/excpt.nim(418) nimLeaveFinally
XXX/nim-beacon-chain/vendor/nimbus-build-system/vendor/Nim/lib/system/excpt.nim(407) reportUnhandledError
XXX/nim-beacon-chain/vendor/nimbus-build-system/vendor/Nim/lib/system/excpt.nim(358) reportUnhandledErrorAux
Error: unhandled exception: index out of bounds, the container is empty [IndexError]
tersec commented 4 years ago

For reference, zcli:

$ zcli pretty state indexError_2_beaconstate_empty_container_nimbus_devel.ssz 
cannot load input
cannot decode ssz: expected to read to 0 bytes, got to 4
tersec commented 4 years ago

https://github.com/status-im/nim-beacon-chain/pull/928