Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Crash/Fuzzing] "Assertion `val->IsArrayBufferView()' failed" when parsing invalid ENR string. #71

Closed
pventuzelo opened this issue Jul 15, 2020 · 1 comment · Fixed by #90
Closed

[Crash/Fuzzing] "Assertion `val->IsArrayBufferView()' failed" when parsing invalid ENR string. #71

pventuzelo opened this issue Jul 15, 2020 · 1 comment · Fixed by #90

Comments

@pventuzelo
Copy link

pventuzelo commented Jul 15, 2020
edited
Loading

Describe the bug

When providing a specific string to discv5.ENR.decodeTxt function, an Assertion 'val->IsArrayBufferView()' failed. are triggered. This issue seems to be related to BigInt and sometime can trigger a SyntaxError: Cannot convert 0x",\,X, instead (see here)

This bug has been found by the community using beacon-fuzz and reported in our repository here. Kudos to @Daft-Wullie for the finding !!

Steps to Reproduce

enr_assert_failed_lodestar.js:

var discv5 = require("@chainsafe/discv5");
buf = Buffer.from("656e723a2d495334514b6b33ff583945717841337838334162436979416e537550444d764b353264433530486d31584744643574457951684d3356634a4c2d5062446b44673541507a5f706f76763022d48dcf992d5379716b306e616e636f4e572d656e7263713042676d6c6b676e5930676d6c77684838414141474a6332566a634449314e6d73786f514d31453579557370397638516a397476335a575843766146427672504e647a384b5049314e68576651577a494e315a4843434239410a", 'hex').toString()
console.log(buf)
discv5.ENR.decodeTxt(buf);

Run:

$ npm i @chainsafe/discv5

$ nodejs ../beacon-fuzz/enr_assert_failed_lodestar.js
WARNING: Bcrypto built for node.js v12.9.1, not v12.18.0!
enr:-K*u4II5ldHOIAAAAAAAAAACEZXRoMpAAAAAAAAAAAP__BLf22SJc2VjcDI1NmsxoQJxCnE6v_x2ekgY_uoE1rtwzvGy40mq9eD66XfHPBWGgII5ldHOIAAAMpAAAcAAAAAAAP__________gmlkgnY0gmlwhBLf22SJc2VjcDI1NmsxoQJxCnE6v_x2ekgY_uoE1rtwzvGy40mq9eD66XfHPBWOT9StqmwI5LHa
nodejs[11627]: ../src/node_buffer.cc:220:char* node::Buffer::Data(v8::Local<v8::Value>): Assertion `val->IsArrayBufferView()' failed.
 1: 0xa07f90 node::Abort() [nodejs]
 2: 0xa0800e  [nodejs]
 3: 0x9e7332  [nodejs]
 4: 0x9dd3de napi_get_buffer_info [nodejs]
 5: 0x7f8dccfa1c83 toBigInt [/XXX/node_modules/bigint-buffer/build/Release/bigint_buffer.node]
 6: 0x9c1e25  [nodejs]
 7: 0xbecd29  [nodejs]
 8: 0xbeeb17 v8::internal::Builtin_HandleApiCall(int, unsigned long*, v8::internal::Isolate*) [nodejs]
 9: 0x13cb619  [nodejs]
[1]    11627 abort (core dumped)  nodejs ../beacon-fuzz/enr_assert_failed_lodestar.js

Desktop (please complete the following information):
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix bugs found with fuzzing ChainSafe/discv5
1 participant
@pventuzelo