[FUZZ]unhandled exception IndexError in nimbus_proposer_slashing

[Daft-Wullie]

I've identified a fuzzer crash and am contributing to the security of Ethereum 2!

I've done and provided the following:

• Checked to see if any other [FUZZ] issue already refers to that crasher
• Attached the crashing input (either attached to the issue as a .zip or .gz, or as a link to a file sharing service)
• Noted the beacon-fuzz version or commit used.
• Provided crash output
• Noted the command or fuzzer used to generate the crash
• Name of the original crash file
• (Optional but optimal) Checked if the crash can be consistently replicated by re-running the input.

Info to Reproduce

• Command run: make fuzz-all

• Crasher file name: crash-9e55b136b7a0332c3bf329ba85837407c4086d9c
  crash-9e55b136b7a0332c3bf329ba85837407c4086d9c-nimbus.zip

• Client exercised: nimbus

• Fuzzing engine used (if applicable): nimlibfuzzer

Crash output and stacktrace

[eth2fuzz] Starting fuzzing of nimbus_proposer_slashing with libfuzzer
testing - ETH2FUZZ_BEACONSTATE
/eth2fuzz/workspace/corpora/beaconstate/75fc11e1b460b5ef46a94371571172bb.ssz
OK
5572192
INFO: Seed: 2382870661
INFO: Loaded 1 modules   (16670 inline 8-bit counters): 16670 [0x85b898, 0x85f9b6),
INFO: Loaded 1 PC tables (16670 PCs): 16670 [0x5f3308,0x6344e8),
INFO:      282 files found in /eth2fuzz/workspace/corpora/proposer_slashing
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
INFO: seed corpus: files: 282 min: 4b max: 4096b total: 119322b rss: 38Mb
fatal.nim(49)            sysFatal
Error: unhandled exception: index -6293595036912670552 not in 0 .. 255 [IndexError]
==7043== ERROR: libFuzzer: fuzz target exited
    #0 0x4612f3  (/eth2fuzz/workspace/nimlibfuzzer/nimbus_proposer_slashing+0x4612f3)
    #1 0x406836  (/eth2fuzz/workspace/nimlibfuzzer/nimbus_proposer_slashing+0x406836)
    #2 0x418227  (/eth2fuzz/workspace/nimlibfuzzer/nimbus_proposer_slashing+0x418227)
    #3 0x7f2484d180f0  (/lib/x86_64-linux-gnu/libc.so.6+0x430f0)
    #4 0x7f2484d181e9  (/lib/x86_64-linux-gnu/libc.so.6+0x431e9)
    #5 0x56291f  (/eth2fuzz/workspace/nimlibfuzzer/nimbus_proposer_slashing+0x56291f)
    #6 0x5bf777  (/eth2fuzz/workspace/nimlibfuzzer/nimbus_proposer_slashing+0x5bf777)
    #7 0x5c04e2  (/eth2fuzz/workspace/nimlibfuzzer/nimbus_proposer_slashing+0x5c04e2)
    #8 0x4188d7  (/eth2fuzz/workspace/nimlibfuzzer/nimbus_proposer_slashing+0x4188d7)
    #9 0x420fd0  (/eth2fuzz/workspace/nimlibfuzzer/nimbus_proposer_slashing+0x420fd0)
    #10 0x4225d6  (/eth2fuzz/workspace/nimlibfuzzer/nimbus_proposer_slashing+0x4225d6)
    #11 0x424682  (/eth2fuzz/workspace/nimlibfuzzer/nimbus_proposer_slashing+0x424682)
    #12 0x413b6c  (/eth2fuzz/workspace/nimlibfuzzer/nimbus_proposer_slashing+0x413b6c)
    #13 0x406a52  (/eth2fuzz/workspace/nimlibfuzzer/nimbus_proposer_slashing+0x406a52)
    #14 0x7f2484cf6b96  (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #15 0x406aa9  (/eth2fuzz/workspace/nimlibfuzzer/nimbus_proposer_slashing+0x406aa9)

SUMMARY: libFuzzer: fuzz target exited
MS: 0 ; base unit: 0000000000000000000000000000000000000000
artifact_prefix='./'; Test unit written to ./crash-9e55b136b7a0332c3bf329ba85837407c4086d9c
Fuzzer failed so we'll continue with the next one

Your Environment

• Fuzzer ran: eth2fuzzer
• Version/Commit used: e55cdfe
• Operating System and version: Ubuntu 20.04

[pventuzelo]

Thanks for reporting ;)

After verification, this bug is a duplicated of #40 and has been reported here.