From 00e5b571662cb2015d6977df1b812d0a5b17d876 Mon Sep 17 00:00:00 2001
From: Kirk Baird <baird.k@outlook.com>
Date: Wed, 20 Feb 2019 16:43:30 +1100
Subject: [PATCH] Fuzz test ssz_encode and ssz_decode for usize

---
 eth2/utils/ssz/fuzz/Cargo.toml                |  8 ++++
 .../fuzz_targets/fuzz_target_usize_decode.rs  | 32 +++++++++++++++
 .../fuzz_targets/fuzz_target_usize_encode.rs  | 40 +++++++++++++++++++
 3 files changed, 80 insertions(+)
 create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_usize_decode.rs
 create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_usize_encode.rs

diff --git a/eth2/utils/ssz/fuzz/Cargo.toml b/eth2/utils/ssz/fuzz/Cargo.toml
index 5af3275cd..6a65fb5e2 100644
--- a/eth2/utils/ssz/fuzz/Cargo.toml
+++ b/eth2/utils/ssz/fuzz/Cargo.toml
@@ -48,3 +48,11 @@ path = "fuzz_targets/fuzz_target_u64_decode.rs"
 [[bin]]
 name = "fuzz_target_u64_encode"
 path = "fuzz_targets/fuzz_target_u64_encode.rs"
+
+[[bin]]
+name = "fuzz_target_usize_decode"
+path = "fuzz_targets/fuzz_target_usize_decode.rs"
+
+[[bin]]
+name = "fuzz_target_usize_encode"
+path = "fuzz_targets/fuzz_target_usize_encode.rs"
diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_usize_decode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_usize_decode.rs
new file mode 100644
index 000000000..1458bfae9
--- /dev/null
+++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_usize_decode.rs
@@ -0,0 +1,32 @@
+#![no_main]
+#[macro_use] extern crate libfuzzer_sys;
+extern crate ssz;
+
+use ssz::{DecodeError, Decodable};
+
+// Fuzz ssz_decode()
+fuzz_target!(|data: &[u8]| {
+    // Note: we assume architecture is 64 bit -> usize == 64 bits
+    let result: Result<(usize, usize), DecodeError> = Decodable::ssz_decode(data, 0);
+    if data.len() >= 8 {
+        // Valid result
+        let (number_usize, index) = result.unwrap();
+        assert_eq!(index, 8);
+        // TODO: change to little endian bytes
+        // https://github.com/sigp/lighthouse/issues/215
+        let val = u64::from_be_bytes([
+            data[0],
+            data[1],
+            data[2],
+            data[3],
+            data[4],
+            data[5],
+            data[6],
+            data[7],
+            ]);
+        assert_eq!(number_usize, val as usize);
+    } else {
+        // Length less then 8 should return error
+        assert_eq!(result, Err(DecodeError::TooShort));
+    }
+});
diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_usize_encode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_usize_encode.rs
new file mode 100644
index 000000000..d5aa9751f
--- /dev/null
+++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_usize_encode.rs
@@ -0,0 +1,40 @@
+#![no_main]
+#[macro_use] extern crate libfuzzer_sys;
+extern crate ssz;
+
+use ssz::SszStream;
+
+// Fuzz ssz_encode (via ssz_append)
+fuzz_target!(|data: &[u8]| {
+    let mut ssz = SszStream::new();
+    let mut number_usize = 0;
+    if data.len() >= 8 {
+        number_usize = u64::from_be_bytes([
+            data[0],
+            data[1],
+            data[2],
+            data[3],
+            data[4],
+            data[5],
+            data[6],
+            data[7],
+            ]) as usize;
+    }
+
+    ssz.append(&number_usize);
+    let ssz = ssz.drain();
+
+    // TODO: change to little endian bytes
+    // https://github.com/sigp/lighthouse/issues/215
+    assert_eq!(ssz.len(), 8);
+    assert_eq!(number_usize, u64::from_be_bytes([
+        ssz[0],
+        ssz[1],
+        ssz[2],
+        ssz[3],
+        ssz[4],
+        ssz[5],
+        ssz[6],
+        ssz[7],
+        ]) as usize);
+});