[Crash/Fuzzing] RangeError in ssz library when parsing empty BeaconBlock
pventuzelo opened this issue · 0 comments
pventuzelo commented
Describe the bug
During fuzzing with beaconfuzz, I found this RangeError crash inside the ssz library when providing an empty beaconblock.
Expected behavior
Should detect and throw an Error.
Steps to Reproduce
crash_RangeError_block_lodestar.js:
var mainnet_1 = require("@chainsafe/lodestar-types/lib/ssz/presets/mainnet");
buf = Buffer.from('', 'hex')
mainnet_1.types.BeaconBlock.deserialize(buf);Run:
$ npm i @chainsafe/lodestar-types
$ node crash_RangeError_block_lodestar.js
/home/scop/node_modules/@chainsafe/ssz/lib/backings/structural/container.js:99
offsets.push(start + fixedSection.getUint32(index, true));
^
RangeError: Offset is outside the bounds of the DataView
at DataView.getUint32 (<anonymous>)
at /home/scop/node_modules/@chainsafe/ssz/lib/backings/structural/container.js:99:43
at Array.reduce (<anonymous>)
at ContainerStructuralHandler.fromBytes (/home/scop/node_modules/@chainsafe/ssz/lib/backings/structural/container.js:97:33)
at ContainerStructuralHandler.deserialize (/home/scop/node_modules/@chainsafe/ssz/lib/backings/structural/abstract.js:55:17)
at ContainerType.deserialize (/home/scop/node_modules/@chainsafe/ssz/lib/types/composite/abstract.js:112:28)
at Object.<anonymous> (XXX/crash_RangeError_block_lodestar.js:6:29)
at Module._compile (internal/modules/cjs/loader.js:936:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:947:10)
at Module.load (internal/modules/cjs/loader.js:790:32)
Desktop (please complete the following information):
- OS:
Ubuntu 18.04 - @chainsafe/lodestar-types:
0.8.0 - nodejs:
v12.9.1