Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Crash/Fuzzing] TypeError in ssz library during BeaconBlock deserialize #22

pventuzelo opened this issue May 18, 2020 · 1 comment · Fixed by #37

[Crash/Fuzzing] TypeError in ssz library during BeaconBlock deserialize #22

pventuzelo opened this issue May 18, 2020 · 1 comment · Fixed by #37


Copy link

@pventuzelo pventuzelo commented May 18, 2020

Describe the bug

During fuzzing with beaconfuzz, I found this TypeError crash inside ssz library when trying to deserialize a beaconblock.

Expected behavior

Should throw a custom Error.

Steps to Reproduce


var mainnet_1 = require("@chainsafe/lodestar-types/lib/ssz/presets/mainnet");

buf = Buffer.from('0100000000000000ae000000000000000a0a0a0a2a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a000000000000000000000000000000000000000000000000000000000000000054000000b69753a1c80a81b630fedc668c19ac093cbcc44fe1e294ff7164de52ef0f109a602b7065cb7b21f14a65cbcbbd4455960cef385d552e393e2d47b340cab50291ce81256c1b8239d6ebc1ab84ae2410f6b9fb3dc989e15a9fe9a4431393e1da5d0000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000dc000000dc000000dc000000dc00ddff', 'hex')



$ npm i @chainsafe/lodestar-types

$ node crash_TypeError_block_lodestar.js
      output += BigInt(data[offset + i]) << BigInt(8 * i);

TypeError: Cannot convert undefined to a BigInt
    at BigInt (<anonymous>)
    at BigIntUintType.fromBytes (XXX/lodestar/node_modules/@chainsafe/ssz/lib/types/basic/uint.js:176:17)
    at XXX/lodestar/node_modules/@chainsafe/ssz/lib/backings/structural/container.js:133:40
    at Array.forEach (<anonymous>)
    at ContainerStructuralHandler.fromBytes (XXX/lodestar/node_modules/@chainsafe/ssz/lib/backings/structural/container.js:112:39)
    at XXX/lodestar/node_modules/@chainsafe/ssz/lib/backings/structural/container.js:135:51
    at Array.forEach (<anonymous>)
    at ContainerStructuralHandler.fromBytes (XXX/lodestar/node_modules/@chainsafe/ssz/lib/backings/structural/container.js:112:39)
    at XXX/lodestar/node_modules/@chainsafe/ssz/lib/backings/structural/array.js:209:54
    at Function.from (<anonymous>)

Desktop (please complete the following information):

@mpetrunic mpetrunic transferred this issue from ChainSafe/lodestar May 18, 2020
@mpetrunic mpetrunic reopened this May 18, 2020
Copy link

@pventuzelo pventuzelo commented May 19, 2020

Extra information (zcli output):

$ zcli pretty block crash.bin
cannot load input
cannot decode ssz: cannot create scoped decoding reader, scope of 4292673536 bytes is bigger than parent scope has available space 0

@tuyennhv tuyennhv self-assigned this Jun 24, 2020
wemeetagain added a commit that referenced this issue Aug 26, 2021
wemeetagain added a commit that referenced this issue Sep 7, 2021
Add publish.yml to publish via github pages using github actions rather than travis
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet

Successfully merging a pull request may close this issue.

4 participants