From 3517ef6513d1a9585c309f9b099a3345f4b856b0 Mon Sep 17 00:00:00 2001 From: Kirk Baird Date: Wed, 20 Feb 2019 14:16:07 +1100 Subject: [PATCH 01/11] Initialise fuzzing for ssz --- eth2/utils/ssz/fuzz/.gitignore | 4 ++++ eth2/utils/ssz/fuzz/Cargo.toml | 22 +++++++++++++++++++ .../ssz/fuzz/fuzz_targets/fuzz_target_1.rs | 7 ++++++ 3 files changed, 33 insertions(+) create mode 100644 eth2/utils/ssz/fuzz/.gitignore create mode 100644 eth2/utils/ssz/fuzz/Cargo.toml create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_1.rs diff --git a/eth2/utils/ssz/fuzz/.gitignore b/eth2/utils/ssz/fuzz/.gitignore new file mode 100644 index 000000000..572e03bdf --- /dev/null +++ b/eth2/utils/ssz/fuzz/.gitignore @@ -0,0 +1,4 @@ + +target +corpus +artifacts diff --git a/eth2/utils/ssz/fuzz/Cargo.toml b/eth2/utils/ssz/fuzz/Cargo.toml new file mode 100644 index 000000000..9c0a17f0d --- /dev/null +++ b/eth2/utils/ssz/fuzz/Cargo.toml @@ -0,0 +1,22 @@ + +[package] +name = "ssz-fuzz" +version = "0.0.1" +authors = ["Automatically generated"] +publish = false + +[package.metadata] +cargo-fuzz = true + +[dependencies.ssz] +path = ".." +[dependencies.libfuzzer-sys] +git = "https://github.com/rust-fuzz/libfuzzer-sys.git" + +# Prevent this from interfering with workspaces +[workspace] +members = ["."] + +[[bin]] +name = "fuzz_target_1" +path = "fuzz_targets/fuzz_target_1.rs" diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_1.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_1.rs new file mode 100644 index 000000000..1ca6f957d --- /dev/null +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_1.rs @@ -0,0 +1,7 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate ssz; + +fuzz_target!(|data: &[u8]| { + // fuzzed code goes here +}); From 52347d8e6d4c21f7c4ffebfa9b8e35a58c69ef2d Mon Sep 17 00:00:00 2001 From: Kirk Baird Date: Wed, 20 Feb 2019 14:46:25 +1100 Subject: [PATCH 02/11] Write a fuzz test --- eth2/utils/ssz/fuzz/Cargo.toml | 4 ++-- eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_1.rs | 7 ------- eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8.rs | 10 ++++++++++ 3 files changed, 12 insertions(+), 9 deletions(-) delete mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_1.rs create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8.rs diff --git a/eth2/utils/ssz/fuzz/Cargo.toml b/eth2/utils/ssz/fuzz/Cargo.toml index 9c0a17f0d..9ffff016c 100644 --- a/eth2/utils/ssz/fuzz/Cargo.toml +++ b/eth2/utils/ssz/fuzz/Cargo.toml @@ -18,5 +18,5 @@ git = "https://github.com/rust-fuzz/libfuzzer-sys.git" members = ["."] [[bin]] -name = "fuzz_target_1" -path = "fuzz_targets/fuzz_target_1.rs" +name = "fuzz_target_u8" +path = "fuzz_targets/fuzz_target_u8.rs" diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_1.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_1.rs deleted file mode 100644 index 1ca6f957d..000000000 --- a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_1.rs +++ /dev/null @@ -1,7 +0,0 @@ -#![no_main] -#[macro_use] extern crate libfuzzer_sys; -extern crate ssz; - -fuzz_target!(|data: &[u8]| { - // fuzzed code goes here -}); diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8.rs new file mode 100644 index 000000000..6a8fd7673 --- /dev/null +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8.rs @@ -0,0 +1,10 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate ssz; + +use ssz::{DecodeError, Decodable, Encodable}; + +// Fuzz ssz_decode(u8) +fuzz_target!(|data: &[u8]| { + let result: Result<(u8, usize), DecodeError> = Decodable::ssz_decode(data, 0); +}); From 38abcc4a240f3878c44203c783af57c66303838e Mon Sep 17 00:00:00 2001 From: Kirk Baird Date: Wed, 20 Feb 2019 15:03:32 +1100 Subject: [PATCH 03/11] Fuzz test for u8 fails --- eth2/utils/ssz/fuzz/Cargo.toml | 4 ++++ .../ssz/fuzz/fuzz_targets/fuzz_target_u16.rs | 19 +++++++++++++++++++ .../ssz/fuzz/fuzz_targets/fuzz_target_u8.rs | 9 +++++++++ 3 files changed, 32 insertions(+) create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u16.rs diff --git a/eth2/utils/ssz/fuzz/Cargo.toml b/eth2/utils/ssz/fuzz/Cargo.toml index 9ffff016c..b640cc5f0 100644 --- a/eth2/utils/ssz/fuzz/Cargo.toml +++ b/eth2/utils/ssz/fuzz/Cargo.toml @@ -20,3 +20,7 @@ members = ["."] [[bin]] name = "fuzz_target_u8" path = "fuzz_targets/fuzz_target_u8.rs" + +[[bin]] +name = "fuzz_target_u16" +path = "fuzz_targets/fuzz_target_u16.rs" diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u16.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u16.rs new file mode 100644 index 000000000..8bf2be8a4 --- /dev/null +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u16.rs @@ -0,0 +1,19 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate ssz; + +use ssz::{DecodeError, Decodable, Encodable}; + +// Fuzz ssz_decode(u8) +fuzz_target!(|data: &[u8]| { + let result: Result<(u16, usize), DecodeError> = Decodable::ssz_decode(data, 0); + if data.len() > 1 { + // Valid result + let (number_u16, index) = result.unwrap(); + assert_eq!(index, 2); + // TODO: add test for number? + } else { + // Length of 0 or 1 should return error + assert_eq!(result, Err(DecodeError::TooShort)); + } +}); diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8.rs index 6a8fd7673..afab5eab5 100644 --- a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8.rs +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8.rs @@ -7,4 +7,13 @@ use ssz::{DecodeError, Decodable, Encodable}; // Fuzz ssz_decode(u8) fuzz_target!(|data: &[u8]| { let result: Result<(u8, usize), DecodeError> = Decodable::ssz_decode(data, 0); + if data.len() > 0 { + // Should have valid result + let (number_u8, index) = result.unwrap(); + assert_eq!(number_u8, data[0]); + assert_eq!(index, 2); + } else { + // Length of 0 should return error + assert_eq!(result, Err(DecodeError::TooShort)); + } }); From 532a854f8efbb313c75ec236acd74a283290ede3 Mon Sep 17 00:00:00 2001 From: mehdi Date: Wed, 20 Feb 2019 15:30:58 +1100 Subject: [PATCH 04/11] Fixing minor bug in assert statement --- eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8.rs index afab5eab5..0320b7c10 100644 --- a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8.rs +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8.rs @@ -11,7 +11,7 @@ fuzz_target!(|data: &[u8]| { // Should have valid result let (number_u8, index) = result.unwrap(); assert_eq!(number_u8, data[0]); - assert_eq!(index, 2); + assert_eq!(index, 1); } else { // Length of 0 should return error assert_eq!(result, Err(DecodeError::TooShort)); From d5c4771f0a3810d50334cadcaef75606065974f3 Mon Sep 17 00:00:00 2001 From: Kirk Baird Date: Wed, 20 Feb 2019 15:34:15 +1100 Subject: [PATCH 05/11] Fuzz test decodes from u8 to u64 --- eth2/utils/ssz/fuzz/Cargo.toml | 16 +++++++--- ...arget_u16.rs => fuzz_target_u16_decode.rs} | 11 ++++--- .../fuzz_targets/fuzz_target_u32_decode.rs | 22 +++++++++++++ .../fuzz_targets/fuzz_target_u64_decode.rs | 31 +++++++++++++++++++ ..._target_u8.rs => fuzz_target_u8_decode.rs} | 10 +++--- 5 files changed, 78 insertions(+), 12 deletions(-) rename eth2/utils/ssz/fuzz/fuzz_targets/{fuzz_target_u16.rs => fuzz_target_u16_decode.rs} (59%) create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u32_decode.rs create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u64_decode.rs rename eth2/utils/ssz/fuzz/fuzz_targets/{fuzz_target_u8.rs => fuzz_target_u8_decode.rs} (66%) diff --git a/eth2/utils/ssz/fuzz/Cargo.toml b/eth2/utils/ssz/fuzz/Cargo.toml index b640cc5f0..d0455a556 100644 --- a/eth2/utils/ssz/fuzz/Cargo.toml +++ b/eth2/utils/ssz/fuzz/Cargo.toml @@ -18,9 +18,17 @@ git = "https://github.com/rust-fuzz/libfuzzer-sys.git" members = ["."] [[bin]] -name = "fuzz_target_u8" -path = "fuzz_targets/fuzz_target_u8.rs" +name = "fuzz_target_u8_decode" +path = "fuzz_targets/fuzz_target_u8_decode.rs" [[bin]] -name = "fuzz_target_u16" -path = "fuzz_targets/fuzz_target_u16.rs" +name = "fuzz_target_u16_decode" +path = "fuzz_targets/fuzz_target_u16_decode.rs" + +[[bin]] +name = "fuzz_target_u32_decode" +path = "fuzz_targets/fuzz_target_u32_decode.rs" + +[[bin]] +name = "fuzz_target_u64_decode" +path = "fuzz_targets/fuzz_target_u64_decode.rs" diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u16.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u16_decode.rs similarity index 59% rename from eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u16.rs rename to eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u16_decode.rs index 8bf2be8a4..73395f3af 100644 --- a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u16.rs +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u16_decode.rs @@ -2,16 +2,19 @@ #[macro_use] extern crate libfuzzer_sys; extern crate ssz; -use ssz::{DecodeError, Decodable, Encodable}; +use ssz::{DecodeError, Decodable}; -// Fuzz ssz_decode(u8) +// Fuzz ssz_decode() fuzz_target!(|data: &[u8]| { let result: Result<(u16, usize), DecodeError> = Decodable::ssz_decode(data, 0); - if data.len() > 1 { + if data.len() >= 2 { // Valid result let (number_u16, index) = result.unwrap(); assert_eq!(index, 2); - // TODO: add test for number? + // TODO: change to little endian bytes + // https://github.com/sigp/lighthouse/issues/215 + let val = u16::from_be_bytes([data[0], data[1]]); + assert_eq!(number_u16, val); } else { // Length of 0 or 1 should return error assert_eq!(result, Err(DecodeError::TooShort)); diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u32_decode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u32_decode.rs new file mode 100644 index 000000000..e99bf2fad --- /dev/null +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u32_decode.rs @@ -0,0 +1,22 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate ssz; + +use ssz::{DecodeError, Decodable}; + +// Fuzz ssz_decode() +fuzz_target!(|data: &[u8]| { + let result: Result<(u32, usize), DecodeError> = Decodable::ssz_decode(data, 0); + if data.len() >= 4 { + // Valid result + let (number_u32, index) = result.unwrap(); + assert_eq!(index, 4); + // TODO: change to little endian bytes + // https://github.com/sigp/lighthouse/issues/215 + let val = u32::from_be_bytes([data[0], data[1], data[2], data[3]]); + assert_eq!(number_u32, val); + } else { + // Length less then 4 should return error + assert_eq!(result, Err(DecodeError::TooShort)); + } +}); diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u64_decode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u64_decode.rs new file mode 100644 index 000000000..9e13ab604 --- /dev/null +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u64_decode.rs @@ -0,0 +1,31 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate ssz; + +use ssz::{DecodeError, Decodable}; + +// Fuzz ssz_decode() +fuzz_target!(|data: &[u8]| { + let result: Result<(u64, usize), DecodeError> = Decodable::ssz_decode(data, 0); + if data.len() >= 8 { + // Valid result + let (number_u64, index) = result.unwrap(); + assert_eq!(index, 8); + // TODO: change to little endian bytes + // https://github.com/sigp/lighthouse/issues/215 + let val = u64::from_be_bytes([ + data[0], + data[1], + data[2], + data[3], + data[4], + data[5], + data[6], + data[7], + ]); + assert_eq!(number_u64, val); + } else { + // Length less then 4 should return error + assert_eq!(result, Err(DecodeError::TooShort)); + } +}); diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8_decode.rs similarity index 66% rename from eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8.rs rename to eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8_decode.rs index afab5eab5..296b6fa3d 100644 --- a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8.rs +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8_decode.rs @@ -2,16 +2,18 @@ #[macro_use] extern crate libfuzzer_sys; extern crate ssz; -use ssz::{DecodeError, Decodable, Encodable}; +use ssz::{DecodeError, Decodable}; -// Fuzz ssz_decode(u8) +// Fuzz ssz_decode() fuzz_target!(|data: &[u8]| { let result: Result<(u8, usize), DecodeError> = Decodable::ssz_decode(data, 0); - if data.len() > 0 { + if data.len() >= 1 { // Should have valid result let (number_u8, index) = result.unwrap(); + // TODO: change to little endian bytes + // https://github.com/sigp/lighthouse/issues/215 assert_eq!(number_u8, data[0]); - assert_eq!(index, 2); + assert_eq!(index, 1); } else { // Length of 0 should return error assert_eq!(result, Err(DecodeError::TooShort)); From b98db3773ed560bb12da54df787da620136c328b Mon Sep 17 00:00:00 2001 From: Kirk Baird Date: Wed, 20 Feb 2019 16:15:30 +1100 Subject: [PATCH 06/11] Fuzz test ssz_encode for u8 to u64 --- eth2/utils/ssz/fuzz/Cargo.toml | 16 ++++++++ .../fuzz_targets/fuzz_target_u16_encode.rs | 22 ++++++++++ .../fuzz_targets/fuzz_target_u32_encode.rs | 22 ++++++++++ .../fuzz_targets/fuzz_target_u64_decode.rs | 2 +- .../fuzz_targets/fuzz_target_u64_encode.rs | 40 +++++++++++++++++++ .../fuzz_targets/fuzz_target_u8_decode.rs | 2 +- .../fuzz_targets/fuzz_target_u8_encode.rs | 22 ++++++++++ 7 files changed, 124 insertions(+), 2 deletions(-) create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u16_encode.rs create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u32_encode.rs create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u64_encode.rs create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8_encode.rs diff --git a/eth2/utils/ssz/fuzz/Cargo.toml b/eth2/utils/ssz/fuzz/Cargo.toml index d0455a556..5af3275cd 100644 --- a/eth2/utils/ssz/fuzz/Cargo.toml +++ b/eth2/utils/ssz/fuzz/Cargo.toml @@ -21,14 +21,30 @@ members = ["."] name = "fuzz_target_u8_decode" path = "fuzz_targets/fuzz_target_u8_decode.rs" +[[bin]] +name = "fuzz_target_u8_encode" +path = "fuzz_targets/fuzz_target_u8_encode.rs" + [[bin]] name = "fuzz_target_u16_decode" path = "fuzz_targets/fuzz_target_u16_decode.rs" +[[bin]] +name = "fuzz_target_u16_encode" +path = "fuzz_targets/fuzz_target_u16_encode.rs" + [[bin]] name = "fuzz_target_u32_decode" path = "fuzz_targets/fuzz_target_u32_decode.rs" +[[bin]] +name = "fuzz_target_u32_encode" +path = "fuzz_targets/fuzz_target_u32_encode.rs" + [[bin]] name = "fuzz_target_u64_decode" path = "fuzz_targets/fuzz_target_u64_decode.rs" + +[[bin]] +name = "fuzz_target_u64_encode" +path = "fuzz_targets/fuzz_target_u64_encode.rs" diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u16_encode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u16_encode.rs new file mode 100644 index 000000000..ce8a51845 --- /dev/null +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u16_encode.rs @@ -0,0 +1,22 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate ssz; + +use ssz::SszStream; + +// Fuzz ssz_encode (via ssz_append) +fuzz_target!(|data: &[u8]| { + let mut ssz = SszStream::new(); + let mut number_u16 = 0; + if data.len() >= 2 { + number_u16 = u16::from_be_bytes([data[0], data[1]]); + } + + ssz.append(&number_u16); + let ssz = ssz.drain(); + + // TODO: change to little endian bytes + // https://github.com/sigp/lighthouse/issues/215 + assert_eq!(ssz.len(), 2); + assert_eq!(number_u16, u16::from_be_bytes([ssz[0], ssz[1]])); +}); diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u32_encode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u32_encode.rs new file mode 100644 index 000000000..c71bcecaf --- /dev/null +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u32_encode.rs @@ -0,0 +1,22 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate ssz; + +use ssz::SszStream; + +// Fuzz ssz_encode (via ssz_append) +fuzz_target!(|data: &[u8]| { + let mut ssz = SszStream::new(); + let mut number_u32 = 0; + if data.len() >= 4 { + number_u32 = u32::from_be_bytes([data[0], data[1], data[2], data[3]]); + } + + ssz.append(&number_u32); + let ssz = ssz.drain(); + + // TODO: change to little endian bytes + // https://github.com/sigp/lighthouse/issues/215 + assert_eq!(ssz.len(), 4); + assert_eq!(number_u32, u32::from_be_bytes([ssz[0], ssz[1], ssz[2], ssz[3]])); +}); diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u64_decode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u64_decode.rs index 9e13ab604..63eb60f55 100644 --- a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u64_decode.rs +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u64_decode.rs @@ -25,7 +25,7 @@ fuzz_target!(|data: &[u8]| { ]); assert_eq!(number_u64, val); } else { - // Length less then 4 should return error + // Length less then 8 should return error assert_eq!(result, Err(DecodeError::TooShort)); } }); diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u64_encode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u64_encode.rs new file mode 100644 index 000000000..68616e0da --- /dev/null +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u64_encode.rs @@ -0,0 +1,40 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate ssz; + +use ssz::SszStream; + +// Fuzz ssz_encode (via ssz_append) +fuzz_target!(|data: &[u8]| { + let mut ssz = SszStream::new(); + let mut number_u64 = 0; + if data.len() >= 8 { + number_u64 = u64::from_be_bytes([ + data[0], + data[1], + data[2], + data[3], + data[4], + data[5], + data[6], + data[7], + ]); + } + + ssz.append(&number_u64); + let ssz = ssz.drain(); + + // TODO: change to little endian bytes + // https://github.com/sigp/lighthouse/issues/215 + assert_eq!(ssz.len(), 8); + assert_eq!(number_u64, u64::from_be_bytes([ + ssz[0], + ssz[1], + ssz[2], + ssz[3], + ssz[4], + ssz[5], + ssz[6], + ssz[7], + ])); +}); diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8_decode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8_decode.rs index 296b6fa3d..6f17a4c85 100644 --- a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8_decode.rs +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8_decode.rs @@ -12,8 +12,8 @@ fuzz_target!(|data: &[u8]| { let (number_u8, index) = result.unwrap(); // TODO: change to little endian bytes // https://github.com/sigp/lighthouse/issues/215 - assert_eq!(number_u8, data[0]); assert_eq!(index, 1); + assert_eq!(number_u8, data[0]); } else { // Length of 0 should return error assert_eq!(result, Err(DecodeError::TooShort)); diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8_encode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8_encode.rs new file mode 100644 index 000000000..a135f2cd5 --- /dev/null +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8_encode.rs @@ -0,0 +1,22 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate ssz; + +use ssz::SszStream; + +// Fuzz ssz_encode (via ssz_append) +fuzz_target!(|data: &[u8]| { + let mut ssz = SszStream::new(); + let mut number_u8 = 0; + if data.len() >= 1 { + number_u8 = data[0]; + } + + ssz.append(&number_u8); + let ssz = ssz.drain(); + + // TODO: change to little endian bytes + // https://github.com/sigp/lighthouse/issues/215 + assert_eq!(number_u8, ssz[0]); + assert_eq!(ssz.len(), 1); +}); From 00e5b571662cb2015d6977df1b812d0a5b17d876 Mon Sep 17 00:00:00 2001 From: Kirk Baird Date: Wed, 20 Feb 2019 16:43:30 +1100 Subject: [PATCH 07/11] Fuzz test ssz_encode and ssz_decode for usize --- eth2/utils/ssz/fuzz/Cargo.toml | 8 ++++ .../fuzz_targets/fuzz_target_usize_decode.rs | 32 +++++++++++++++ .../fuzz_targets/fuzz_target_usize_encode.rs | 40 +++++++++++++++++++ 3 files changed, 80 insertions(+) create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_usize_decode.rs create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_usize_encode.rs diff --git a/eth2/utils/ssz/fuzz/Cargo.toml b/eth2/utils/ssz/fuzz/Cargo.toml index 5af3275cd..6a65fb5e2 100644 --- a/eth2/utils/ssz/fuzz/Cargo.toml +++ b/eth2/utils/ssz/fuzz/Cargo.toml @@ -48,3 +48,11 @@ path = "fuzz_targets/fuzz_target_u64_decode.rs" [[bin]] name = "fuzz_target_u64_encode" path = "fuzz_targets/fuzz_target_u64_encode.rs" + +[[bin]] +name = "fuzz_target_usize_decode" +path = "fuzz_targets/fuzz_target_usize_decode.rs" + +[[bin]] +name = "fuzz_target_usize_encode" +path = "fuzz_targets/fuzz_target_usize_encode.rs" diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_usize_decode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_usize_decode.rs new file mode 100644 index 000000000..1458bfae9 --- /dev/null +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_usize_decode.rs @@ -0,0 +1,32 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate ssz; + +use ssz::{DecodeError, Decodable}; + +// Fuzz ssz_decode() +fuzz_target!(|data: &[u8]| { + // Note: we assume architecture is 64 bit -> usize == 64 bits + let result: Result<(usize, usize), DecodeError> = Decodable::ssz_decode(data, 0); + if data.len() >= 8 { + // Valid result + let (number_usize, index) = result.unwrap(); + assert_eq!(index, 8); + // TODO: change to little endian bytes + // https://github.com/sigp/lighthouse/issues/215 + let val = u64::from_be_bytes([ + data[0], + data[1], + data[2], + data[3], + data[4], + data[5], + data[6], + data[7], + ]); + assert_eq!(number_usize, val as usize); + } else { + // Length less then 8 should return error + assert_eq!(result, Err(DecodeError::TooShort)); + } +}); diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_usize_encode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_usize_encode.rs new file mode 100644 index 000000000..d5aa9751f --- /dev/null +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_usize_encode.rs @@ -0,0 +1,40 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate ssz; + +use ssz::SszStream; + +// Fuzz ssz_encode (via ssz_append) +fuzz_target!(|data: &[u8]| { + let mut ssz = SszStream::new(); + let mut number_usize = 0; + if data.len() >= 8 { + number_usize = u64::from_be_bytes([ + data[0], + data[1], + data[2], + data[3], + data[4], + data[5], + data[6], + data[7], + ]) as usize; + } + + ssz.append(&number_usize); + let ssz = ssz.drain(); + + // TODO: change to little endian bytes + // https://github.com/sigp/lighthouse/issues/215 + assert_eq!(ssz.len(), 8); + assert_eq!(number_usize, u64::from_be_bytes([ + ssz[0], + ssz[1], + ssz[2], + ssz[3], + ssz[4], + ssz[5], + ssz[6], + ssz[7], + ]) as usize); +}); From 274bdd491dcfa0d74b6ceb51f0b63d03cb14cce3 Mon Sep 17 00:00:00 2001 From: Kirk Baird Date: Thu, 21 Feb 2019 13:43:09 +1100 Subject: [PATCH 08/11] Fuzz for address and Hash256 --- eth2/utils/ssz/fuzz/Cargo.toml | 27 ++++++++++++++++++ .../fuzz_target_address_decode.rs | 21 ++++++++++++++ .../fuzz_target_address_encode.rs | 20 +++++++++++++ .../fuzz_targets/fuzz_target_bool_decode.rs | 28 +++++++++++++++++++ .../fuzz_targets/fuzz_target_bool_encode.rs | 22 +++++++++++++++ .../fuzz_target_hash256_decode.rs | 21 ++++++++++++++ .../fuzz_target_hash256_encode.rs | 20 +++++++++++++ 7 files changed, 159 insertions(+) create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_address_decode.rs create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_address_encode.rs create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_bool_decode.rs create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_bool_encode.rs create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_hash256_decode.rs create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_hash256_encode.rs diff --git a/eth2/utils/ssz/fuzz/Cargo.toml b/eth2/utils/ssz/fuzz/Cargo.toml index 6a65fb5e2..081afdcb9 100644 --- a/eth2/utils/ssz/fuzz/Cargo.toml +++ b/eth2/utils/ssz/fuzz/Cargo.toml @@ -8,6 +8,9 @@ publish = false [package.metadata] cargo-fuzz = true +[dependencies] +ethereum-types = "0.4.0" + [dependencies.ssz] path = ".." [dependencies.libfuzzer-sys] @@ -17,6 +20,14 @@ git = "https://github.com/rust-fuzz/libfuzzer-sys.git" [workspace] members = ["."] +[[bin]] +name = "fuzz_target_bool_decode" +path = "fuzz_targets/fuzz_target_bool_decode.rs" + +[[bin]] +name = "fuzz_target_bool_encode" +path = "fuzz_targets/fuzz_target_bool_encode.rs" + [[bin]] name = "fuzz_target_u8_decode" path = "fuzz_targets/fuzz_target_u8_decode.rs" @@ -56,3 +67,19 @@ path = "fuzz_targets/fuzz_target_usize_decode.rs" [[bin]] name = "fuzz_target_usize_encode" path = "fuzz_targets/fuzz_target_usize_encode.rs" + +[[bin]] +name = "fuzz_target_hash256_decode" +path = "fuzz_targets/fuzz_target_hash256_decode.rs" + +[[bin]] +name = "fuzz_target_hash256_encode" +path = "fuzz_targets/fuzz_target_hash256_encode.rs" + +[[bin]] +name = "fuzz_target_address_decode" +path = "fuzz_targets/fuzz_target_address_decode.rs" + +[[bin]] +name = "fuzz_target_address_encode" +path = "fuzz_targets/fuzz_target_address_encode.rs" diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_address_decode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_address_decode.rs new file mode 100644 index 000000000..c49be500a --- /dev/null +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_address_decode.rs @@ -0,0 +1,21 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate ethereum_types; +extern crate ssz; + +use ethereum_types::Address; +use ssz::{DecodeError, Decodable}; + +// Fuzz ssz_decode() +fuzz_target!(|data: &[u8]| { + let result: Result<(Address, usize), DecodeError> = Decodable::ssz_decode(data, 0); + if data.len() >= 20 { + // Should have valid result + let (address, index) = result.unwrap(); + assert_eq!(index, 20); + assert_eq!(address, Address::from_slice(&data[..20])); + } else { + // Length of less than 32 should return error + assert_eq!(result, Err(DecodeError::TooShort)); + } +}); diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_address_encode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_address_encode.rs new file mode 100644 index 000000000..0e51e00ac --- /dev/null +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_address_encode.rs @@ -0,0 +1,20 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate ethereum_types; +extern crate ssz; + +use ethereum_types::Address; +use ssz::SszStream; + +// Fuzz ssz_encode (via ssz_append) +fuzz_target!(|data: &[u8]| { + let mut ssz = SszStream::new(); + if data.len() >= 20 { + let hash = Address::from_slice(&data[..20]); + ssz.append(&hash); + let ssz = ssz.drain(); + + assert_eq!(data[..20], ssz[..20]); + assert_eq!(ssz.len(), 20); + } +}); diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_bool_decode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_bool_decode.rs new file mode 100644 index 000000000..4fb1052b1 --- /dev/null +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_bool_decode.rs @@ -0,0 +1,28 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate ssz; + +use ssz::{DecodeError, Decodable}; + +// Fuzz ssz_decode() +fuzz_target!(|data: &[u8]| { + let result: Result<(bool, usize), DecodeError> = Decodable::ssz_decode(data, 0); + if data.len() >= 1 { + // TODO: change to little endian bytes + // https://github.com/sigp/lighthouse/issues/215 + if data[0] == u8::pow(2,7) { + let (val_bool, index) = result.unwrap(); + assert!(val_bool); + assert_eq!(index, 1); + } else if data[0] == 0 { + let (val_bool, index) = result.unwrap(); + assert!(!val_bool); + assert_eq!(index, 1); + } else { + assert_eq!(result, Err(DecodeError::Invalid)); + } + } else { + // Length of 0 should return error + assert_eq!(result, Err(DecodeError::TooShort)); + } +}); diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_bool_encode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_bool_encode.rs new file mode 100644 index 000000000..4f344cb7d --- /dev/null +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_bool_encode.rs @@ -0,0 +1,22 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate ssz; + +use ssz::SszStream; + +// Fuzz ssz_encode (via ssz_append) +fuzz_target!(|data: &[u8]| { + let mut ssz = SszStream::new(); + let mut val_bool = 0; + if data.len() >= 1 { + val_bool = data[0] % u8::pow(2, 6); + } + + ssz.append(&val_bool); + let ssz = ssz.drain(); + + // TODO: change to little endian bytes + // https://github.com/sigp/lighthouse/issues/215 + assert_eq!(val_bool, ssz[0] % u8::pow(2, 6)); + assert_eq!(ssz.len(), 1); +}); diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_hash256_decode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_hash256_decode.rs new file mode 100644 index 000000000..e4ccc56a4 --- /dev/null +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_hash256_decode.rs @@ -0,0 +1,21 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate ethereum_types; +extern crate ssz; + +use ethereum_types::H256; +use ssz::{DecodeError, Decodable}; + +// Fuzz ssz_decode() +fuzz_target!(|data: &[u8]| { + let result: Result<(H256, usize), DecodeError> = Decodable::ssz_decode(data, 0); + if data.len() >= 32 { + // Should have valid result + let (hash, index) = result.unwrap(); + assert_eq!(index, 32); + assert_eq!(hash, H256::from_slice(&data[..32])); + } else { + // Length of less than 32 should return error + assert_eq!(result, Err(DecodeError::TooShort)); + } +}); diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_hash256_encode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_hash256_encode.rs new file mode 100644 index 000000000..537d9cdf9 --- /dev/null +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_hash256_encode.rs @@ -0,0 +1,20 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate ethereum_types; +extern crate ssz; + +use ethereum_types::H256; +use ssz::SszStream; + +// Fuzz ssz_encode (via ssz_append) +fuzz_target!(|data: &[u8]| { + let mut ssz = SszStream::new(); + if data.len() >= 32 { + let hash = H256::from_slice(&data[..32]); + ssz.append(&hash); + let ssz = ssz.drain(); + + assert_eq!(data[..32], ssz[..32]); + assert_eq!(ssz.len(), 32); + } +}); From 68017b66fdbcc1ea5b19876252ce813d20cab60c Mon Sep 17 00:00:00 2001 From: Kirk Baird Date: Thu, 21 Feb 2019 14:23:21 +1100 Subject: [PATCH 09/11] Fuzzing for Vec --- eth2/utils/ssz/fuzz/Cargo.toml | 8 +++++++ .../fuzz_targets/fuzz_target_vec_decode.rs | 21 +++++++++++++++++++ .../fuzz_targets/fuzz_target_vec_encode.rs | 15 +++++++++++++ 3 files changed, 44 insertions(+) create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_decode.rs create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_encode.rs diff --git a/eth2/utils/ssz/fuzz/Cargo.toml b/eth2/utils/ssz/fuzz/Cargo.toml index 081afdcb9..c76cbbbde 100644 --- a/eth2/utils/ssz/fuzz/Cargo.toml +++ b/eth2/utils/ssz/fuzz/Cargo.toml @@ -83,3 +83,11 @@ path = "fuzz_targets/fuzz_target_address_decode.rs" [[bin]] name = "fuzz_target_address_encode" path = "fuzz_targets/fuzz_target_address_encode.rs" + +[[bin]] +name = "fuzz_target_vec_decode" +path = "fuzz_targets/fuzz_target_vec_decode.rs" + +[[bin]] +name = "fuzz_target_vec_encode" +path = "fuzz_targets/fuzz_target_vec_encode.rs" diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_decode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_decode.rs new file mode 100644 index 000000000..048d19ee5 --- /dev/null +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_decode.rs @@ -0,0 +1,21 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate ethereum_types; +extern crate ssz; + +use ethereum_types::{Address, H256}; +use ssz::{DecodeError, Decodable}; + +// Fuzz ssz_decode() +fuzz_target!(|data: &[u8]| { + let _result: Result<(Vec, usize), DecodeError> = Decodable::ssz_decode(data, 0); + /* + let _result: Result<(Vec, usize), DecodeError> = Decodable::ssz_decode(data, 0); + let _result: Result<(Vec, usize), DecodeError> = Decodable::ssz_decode(data, 0); + let _result: Result<(Vec, usize), DecodeError> = Decodable::ssz_decode(data, 0); + let _result: Result<(Vec, usize), DecodeError> = Decodable::ssz_decode(data, 0); + let _result: Result<(Vec
, usize), DecodeError> = Decodable::ssz_decode(data, 0); + let _result: Result<(Vec, usize), DecodeError> = Decodable::ssz_decode(data, 0); + let _result: Result<(Vec, usize), DecodeError> = Decodable::ssz_decode(data, 0); + */ +}); diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_encode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_encode.rs new file mode 100644 index 000000000..6980e5d20 --- /dev/null +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_encode.rs @@ -0,0 +1,15 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate ethereum_types; +extern crate ssz; + +use ethereum_types::{Address, H256}; +use ssz::SszStream; + +// Fuzz ssz_decode() +fuzz_target!(|data: &[u8]| { + + let mut ssz = SszStream::new(); + let data_vec = data.to_vec(); + ssz.append(&data_vec); +}); From ab1dc7bfceceb45a8d272bdfdeab870531fce285 Mon Sep 17 00:00:00 2001 From: Kirk Baird Date: Fri, 22 Feb 2019 16:50:14 +1100 Subject: [PATCH 10/11] Add simple fuzz tests for hashing and boolean-bitfield --- eth2/utils/boolean-bitfield/fuzz/.gitignore | 4 +++ eth2/utils/boolean-bitfield/fuzz/Cargo.toml | 33 +++++++++++++++++++ .../fuzz_targets/fuzz_target_from_bytes.rs | 9 +++++ .../fuzz_targets/fuzz_target_ssz_decode.rs | 11 +++++++ .../fuzz_targets/fuzz_target_ssz_encode.rs | 13 ++++++++ eth2/utils/hashing/fuzz/.gitignore | 4 +++ eth2/utils/hashing/fuzz/Cargo.toml | 22 +++++++++++++ .../fuzz/fuzz_targets/fuzz_target_hash.rs | 9 +++++ 8 files changed, 105 insertions(+) create mode 100644 eth2/utils/boolean-bitfield/fuzz/.gitignore create mode 100644 eth2/utils/boolean-bitfield/fuzz/Cargo.toml create mode 100644 eth2/utils/boolean-bitfield/fuzz/fuzz_targets/fuzz_target_from_bytes.rs create mode 100644 eth2/utils/boolean-bitfield/fuzz/fuzz_targets/fuzz_target_ssz_decode.rs create mode 100644 eth2/utils/boolean-bitfield/fuzz/fuzz_targets/fuzz_target_ssz_encode.rs create mode 100644 eth2/utils/hashing/fuzz/.gitignore create mode 100644 eth2/utils/hashing/fuzz/Cargo.toml create mode 100644 eth2/utils/hashing/fuzz/fuzz_targets/fuzz_target_hash.rs diff --git a/eth2/utils/boolean-bitfield/fuzz/.gitignore b/eth2/utils/boolean-bitfield/fuzz/.gitignore new file mode 100644 index 000000000..572e03bdf --- /dev/null +++ b/eth2/utils/boolean-bitfield/fuzz/.gitignore @@ -0,0 +1,4 @@ + +target +corpus +artifacts diff --git a/eth2/utils/boolean-bitfield/fuzz/Cargo.toml b/eth2/utils/boolean-bitfield/fuzz/Cargo.toml new file mode 100644 index 000000000..9769fc50e --- /dev/null +++ b/eth2/utils/boolean-bitfield/fuzz/Cargo.toml @@ -0,0 +1,33 @@ + +[package] +name = "boolean-bitfield-fuzz" +version = "0.0.1" +authors = ["Automatically generated"] +publish = false + +[package.metadata] +cargo-fuzz = true + +[dependencies] +ssz = { path = "../../ssz" } + +[dependencies.boolean-bitfield] +path = ".." +[dependencies.libfuzzer-sys] +git = "https://github.com/rust-fuzz/libfuzzer-sys.git" + +# Prevent this from interfering with workspaces +[workspace] +members = ["."] + +[[bin]] +name = "fuzz_target_from_bytes" +path = "fuzz_targets/fuzz_target_from_bytes.rs" + +[[bin]] +name = "fuzz_target_ssz_decode" +path = "fuzz_targets/fuzz_target_ssz_decode.rs" + +[[bin]] +name = "fuzz_target_ssz_encode" +path = "fuzz_targets/fuzz_target_ssz_encode.rs" diff --git a/eth2/utils/boolean-bitfield/fuzz/fuzz_targets/fuzz_target_from_bytes.rs b/eth2/utils/boolean-bitfield/fuzz/fuzz_targets/fuzz_target_from_bytes.rs new file mode 100644 index 000000000..0c71c6d68 --- /dev/null +++ b/eth2/utils/boolean-bitfield/fuzz/fuzz_targets/fuzz_target_from_bytes.rs @@ -0,0 +1,9 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate boolean_bitfield; + +use boolean_bitfield::BooleanBitfield; + +fuzz_target!(|data: &[u8]| { + let _result = BooleanBitfield::from_bytes(data); +}); diff --git a/eth2/utils/boolean-bitfield/fuzz/fuzz_targets/fuzz_target_ssz_decode.rs b/eth2/utils/boolean-bitfield/fuzz/fuzz_targets/fuzz_target_ssz_decode.rs new file mode 100644 index 000000000..14ddbb0a9 --- /dev/null +++ b/eth2/utils/boolean-bitfield/fuzz/fuzz_targets/fuzz_target_ssz_decode.rs @@ -0,0 +1,11 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate boolean_bitfield; +extern crate ssz; + +use boolean_bitfield::BooleanBitfield; +use ssz::{Decodable, DecodeError}; + +fuzz_target!(|data: &[u8]| { + let result: Result<(BooleanBitfield, usize), DecodeError> = <_>::ssz_decode(data, 0); +}); diff --git a/eth2/utils/boolean-bitfield/fuzz/fuzz_targets/fuzz_target_ssz_encode.rs b/eth2/utils/boolean-bitfield/fuzz/fuzz_targets/fuzz_target_ssz_encode.rs new file mode 100644 index 000000000..0626e5db7 --- /dev/null +++ b/eth2/utils/boolean-bitfield/fuzz/fuzz_targets/fuzz_target_ssz_encode.rs @@ -0,0 +1,13 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate boolean_bitfield; +extern crate ssz; + +use boolean_bitfield::BooleanBitfield; +use ssz::SszStream; + +fuzz_target!(|data: &[u8]| { + let bitfield = BooleanBitfield::from_bytes(data); + let mut ssz = SszStream::new(); + ssz.append(&bitfield); +}); diff --git a/eth2/utils/hashing/fuzz/.gitignore b/eth2/utils/hashing/fuzz/.gitignore new file mode 100644 index 000000000..572e03bdf --- /dev/null +++ b/eth2/utils/hashing/fuzz/.gitignore @@ -0,0 +1,4 @@ + +target +corpus +artifacts diff --git a/eth2/utils/hashing/fuzz/Cargo.toml b/eth2/utils/hashing/fuzz/Cargo.toml new file mode 100644 index 000000000..57e0172eb --- /dev/null +++ b/eth2/utils/hashing/fuzz/Cargo.toml @@ -0,0 +1,22 @@ + +[package] +name = "hashing-fuzz" +version = "0.0.1" +authors = ["Automatically generated"] +publish = false + +[package.metadata] +cargo-fuzz = true + +[dependencies.hashing] +path = ".." +[dependencies.libfuzzer-sys] +git = "https://github.com/rust-fuzz/libfuzzer-sys.git" + +# Prevent this from interfering with workspaces +[workspace] +members = ["."] + +[[bin]] +name = "fuzz_target_hash" +path = "fuzz_targets/fuzz_target_hash.rs" diff --git a/eth2/utils/hashing/fuzz/fuzz_targets/fuzz_target_hash.rs b/eth2/utils/hashing/fuzz/fuzz_targets/fuzz_target_hash.rs new file mode 100644 index 000000000..dd78d1ac8 --- /dev/null +++ b/eth2/utils/hashing/fuzz/fuzz_targets/fuzz_target_hash.rs @@ -0,0 +1,9 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate hashing; + +use hashing::hash; + +fuzz_target!(|data: &[u8]| { + let _result = hash(data); +}); From 08b803b6e7d24ddb85eb4e6678647509eb562af0 Mon Sep 17 00:00:00 2001 From: Kirk Baird Date: Thu, 7 Mar 2019 17:50:00 +1100 Subject: [PATCH 11/11] Modifications to fuzz tests --- eth2/utils/ssz/fuzz/Cargo.toml | 12 ++++++++++++ .../fuzz_targets/fuzz_target_vec_address_decode.rs | 12 ++++++++++++ .../fuzz/fuzz_targets/fuzz_target_vec_bool_decode.rs | 10 ++++++++++ .../ssz/fuzz/fuzz_targets/fuzz_target_vec_decode.rs | 9 --------- .../ssz/fuzz/fuzz_targets/fuzz_target_vec_encode.rs | 2 +- .../fuzz/fuzz_targets/fuzz_target_vec_u64_decode.rs | 10 ++++++++++ 6 files changed, 45 insertions(+), 10 deletions(-) create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_address_decode.rs create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_bool_decode.rs create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_u64_decode.rs diff --git a/eth2/utils/ssz/fuzz/Cargo.toml b/eth2/utils/ssz/fuzz/Cargo.toml index c76cbbbde..055d031a0 100644 --- a/eth2/utils/ssz/fuzz/Cargo.toml +++ b/eth2/utils/ssz/fuzz/Cargo.toml @@ -88,6 +88,18 @@ path = "fuzz_targets/fuzz_target_address_encode.rs" name = "fuzz_target_vec_decode" path = "fuzz_targets/fuzz_target_vec_decode.rs" +[[bin]] +name = "fuzz_target_vec_address_decode" +path = "fuzz_targets/fuzz_target_vec_address_decode.rs" + +[[bin]] +name = "fuzz_target_vec_u64_decode" +path = "fuzz_targets/fuzz_target_vec_u64_decode.rs" + +[[bin]] +name = "fuzz_target_vec_bool_decode" +path = "fuzz_targets/fuzz_target_vec_bool_decode.rs" + [[bin]] name = "fuzz_target_vec_encode" path = "fuzz_targets/fuzz_target_vec_encode.rs" diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_address_decode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_address_decode.rs new file mode 100644 index 000000000..6c686df1a --- /dev/null +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_address_decode.rs @@ -0,0 +1,12 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate ethereum_types; +extern crate ssz; + +use ethereum_types::{Address}; +use ssz::{DecodeError, Decodable}; + +// Fuzz ssz_decode() +fuzz_target!(|data: &[u8]| { + let _result: Result<(Vec
, usize), DecodeError> = Decodable::ssz_decode(data, 0); +}); diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_bool_decode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_bool_decode.rs new file mode 100644 index 000000000..25017ef25 --- /dev/null +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_bool_decode.rs @@ -0,0 +1,10 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate ssz; + +use ssz::{DecodeError, Decodable}; + +// Fuzz ssz_decode() +fuzz_target!(|data: &[u8]| { + let _result: Result<(Vec, usize), DecodeError> = Decodable::ssz_decode(data, 0); +}); diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_decode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_decode.rs index 048d19ee5..cc1dc09f5 100644 --- a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_decode.rs +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_decode.rs @@ -9,13 +9,4 @@ use ssz::{DecodeError, Decodable}; // Fuzz ssz_decode() fuzz_target!(|data: &[u8]| { let _result: Result<(Vec, usize), DecodeError> = Decodable::ssz_decode(data, 0); - /* - let _result: Result<(Vec, usize), DecodeError> = Decodable::ssz_decode(data, 0); - let _result: Result<(Vec, usize), DecodeError> = Decodable::ssz_decode(data, 0); - let _result: Result<(Vec, usize), DecodeError> = Decodable::ssz_decode(data, 0); - let _result: Result<(Vec, usize), DecodeError> = Decodable::ssz_decode(data, 0); - let _result: Result<(Vec
, usize), DecodeError> = Decodable::ssz_decode(data, 0); - let _result: Result<(Vec, usize), DecodeError> = Decodable::ssz_decode(data, 0); - let _result: Result<(Vec, usize), DecodeError> = Decodable::ssz_decode(data, 0); - */ }); diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_encode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_encode.rs index 6980e5d20..39500b782 100644 --- a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_encode.rs +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_encode.rs @@ -6,7 +6,7 @@ extern crate ssz; use ethereum_types::{Address, H256}; use ssz::SszStream; -// Fuzz ssz_decode() +// Fuzz ssz_encode() fuzz_target!(|data: &[u8]| { let mut ssz = SszStream::new(); diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_u64_decode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_u64_decode.rs new file mode 100644 index 000000000..ee25a6378 --- /dev/null +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_vec_u64_decode.rs @@ -0,0 +1,10 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate ssz; + +use ssz::{DecodeError, Decodable}; + +// Fuzz ssz_decode() +fuzz_target!(|data: &[u8]| { + let _result: Result<(Vec, usize), DecodeError> = Decodable::ssz_decode(data, 0); +});