[crash/fuzzing] "IllegalArgumentException: List out of bounds" during block ssz parsing
pventuzelo opened this issue · 0 comments
pventuzelo commented
Description
During fuzzing with beacon-fuzz, I triggered an java.lang.IllegalArgumentException: List out of bounds during block SSZ parsing using teku transition blocks tool.
Additional info
Other eth2 clients detects this exception and returns:
- lighthouse:
Ssz decode failed: OutOfBoundsByte { i: 0 } - nim:
SszSizeMismatchError
Related code:
Steps to Reproduce (Bug)
-
Download: list_out_of_bound_teku.zip
-
Crash:
# install
./gradlew distTar installDist
# go to build folder
cd build/install/
# Run teku
bin/teku transition blocks --pre=list_out_of_bound_state_teku.ssz --network=mainnet list_out_of_bound_block_teku.ssz
java.lang.IllegalArgumentException: List out of bounds
at tech.pegasys.artemis.ssz.SSZTypes.SSZArrayCollection.add(SSZArrayCollection.java:70)
at tech.pegasys.artemis.datastructures.util.SimpleOffsetSerializer.deserializeFixedElementList(SimpleOffsetSerializer.java:417)
at tech.pegasys.artemis.datastructures.util.SimpleOffsetSerializer.deserializeVariableParts(SimpleOffsetSerializer.java:329)
at tech.pegasys.artemis.datastructures.util.SimpleOffsetSerializer.deserializeContainer(SimpleOffsetSerializer.java:229)
at tech.pegasys.artemis.datastructures.util.SimpleOffsetSerializer.deserializeVariableParts(SimpleOffsetSerializer.java:348)
at tech.pegasys.artemis.datastructures.util.SimpleOffsetSerializer.deserializeContainer(SimpleOffsetSerializer.java:229)
at tech.pegasys.artemis.datastructures.util.SimpleOffsetSerializer.deserializeVariableParts(SimpleOffsetSerializer.java:348)
at tech.pegasys.artemis.datastructures.util.SimpleOffsetSerializer.deserializeContainer(SimpleOffsetSerializer.java:229)
at tech.pegasys.artemis.datastructures.util.SimpleOffsetSerializer.deserializeContainerErrorWrapper(SimpleOffsetSerializer.java:205)
at tech.pegasys.artemis.datastructures.util.SimpleOffsetSerializer.lambda$deserialize$1(SimpleOffsetSerializer.java:196)
at org.apache.tuweni.ssz.SSZ.decode(SSZ.java:1255)
at tech.pegasys.artemis.datastructures.util.SimpleOffsetSerializer.deserialize(SimpleOffsetSerializer.java:194)
at tech.pegasys.artemis.cli.subcommand.TransitionCommand.readBlock(TransitionCommand.java:158)
at tech.pegasys.artemis.cli.subcommand.TransitionCommand.lambda$blocks$0(TransitionCommand.java:81)
at tech.pegasys.artemis.cli.subcommand.TransitionCommand.processStateTransition(TransitionCommand.java:131)
at tech.pegasys.artemis.cli.subcommand.TransitionCommand.blocks(TransitionCommand.java:76)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at picocli.CommandLine.executeUserObject(CommandLine.java:1802)
at picocli.CommandLine.access$900(CommandLine.java:145)
at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2150)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2144)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2108)
at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:1975)
at picocli.CommandLine.execute(CommandLine.java:1904)
at tech.pegasys.artemis.cli.BeaconNodeCommand.parse(BeaconNodeCommand.java:185)
at tech.pegasys.artemis.Artemis.main(Artemis.java:31)Versions
- Github branch:
master - Github commit: 1cc3466
- Java version:
openjdk version "11.0.7" 2020-04-14 - OS Name & Version:
Ubuntu 18.04.4 LTS - Kernel Version:
4.15.0-96-generic