[Crash/Fuzzing] IndexError during Beaconstate SSZ parsing (container empty)

Question

[Crash/Fuzzing] IndexError during Beaconstate SSZ parsing (container empty)

pventuzelo opened this issue 4 years ago · 3 comments

During fuzzing with beacon-fuzz, I triggered an IndexError during parsing of Beaconstate ssz file with mainnet preset.

Error:
Error: unhandled exception: index out of bounds, the container is empty [IndexError]

Reproducing

Download:
indexError_beaconstate_empty_container_nimbus_devel.zip

branch: devel
commit: 7b8d6ea61c46ceb0edce1418a38275d7859f1334

Load the file using ncli_pretty:

$ make

$ cd ncli

$ ../env.sh nim c -d:const_preset=mainnet ncli_pretty

$ ./ncli_pretty --kind=state --file= indexError_beaconstate_empty_container_nimbus_devel.ssz 
Traceback (most recent call last, using override)
XXX/nim-beacon-chain/vendor/nim-confutils/confutils.nim(981) confutils
XXX/nim-beacon-chain/vendor/nim-faststreams/faststreams/input_stream.nim(68) CLI
XXX/nim-beacon-chain/vendor/nimbus-build-system/vendor/Nim/lib/system/excpt.nim(418) nimLeaveFinally
XXX/nim-beacon-chain/vendor/nimbus-build-system/vendor/Nim/lib/system/excpt.nim(407) reportUnhandledError
XXX/nim-beacon-chain/vendor/nimbus-build-system/vendor/Nim/lib/system/excpt.nim(358) reportUnhandledErrorAux
Error: unhandled exception: index out of bounds, the container is empty [IndexError]

Answer 1 · 2020-04-16T13:29:44.000Z

I can confirm I see the same error/result.

Answer 2 · 2020-04-16T20:54:40.000Z

For reference, zcli:

$ zcli_mainnet pretty state indexError_beaconstate_empty_container_nimbus_devel.ssz 
cannot load input
cannot decode ssz: expected to be at 0 bytes, but currently at 2687377

Answer 3 · 2020-04-17T13:38:14.000Z

Fixed by #898