[Crash/Fuzzing] IndexError during Beaconstate SSZ parsing #2 (container empty)

Question

[Crash/Fuzzing] IndexError during Beaconstate SSZ parsing #2 (container empty)

Closed this issue 4 years ago · 2 comments

During fuzzing with beacon-fuzz, I triggered an IndexError during parsing of Beaconstate ssz file with mainnet preset.

Error: unhandled exception: index out of bounds, the container is empty [IndexError]

This bug is similar to #896 but 896 has been
fixed and this input sample is different.

Reproducing

Download: indexError_2_beaconstate_empty_container_nimbus_devel.zip

branch: devel
commit: 65ca74c

Load the file using ncli_pretty:

$ make

$ cd ncli

$ ../env.sh nim c -d:const_preset=mainnet ncli_pretty

$ ./ncli_pretty --kind=state --file= indexError_2_beaconstate_empty_container_nimbus_devel.ssz 
Traceback (most recent call last, using override)
XXX/nim-beacon-chain/vendor/nim-confutils/confutils.nim(981) confutils
XXX/nim-beacon-chain/vendor/nim-faststreams/faststreams/input_stream.nim(69) CLI
XXX/nim-beacon-chain/vendor/nimbus-build-system/vendor/Nim/lib/system/excpt.nim(418) nimLeaveFinally
XXX/nim-beacon-chain/vendor/nimbus-build-system/vendor/Nim/lib/system/excpt.nim(407) reportUnhandledError
XXX/nim-beacon-chain/vendor/nimbus-build-system/vendor/Nim/lib/system/excpt.nim(358) reportUnhandledErrorAux
Error: unhandled exception: index out of bounds, the container is empty [IndexError]

tersec commented 4 years ago

#928

Answer 1 · 2020-04-23T14:16:37.000Z

For reference, zcli:

$ zcli pretty state indexError_2_beaconstate_empty_container_nimbus_devel.ssz 
cannot load input
cannot decode ssz: expected to read to 0 bytes, got to 4