From d5c4771f0a3810d50334cadcaef75606065974f3 Mon Sep 17 00:00:00 2001 From: Kirk Baird Date: Wed, 20 Feb 2019 15:34:15 +1100 Subject: [PATCH] Fuzz test decodes from u8 to u64 --- eth2/utils/ssz/fuzz/Cargo.toml | 16 +++++++--- ...arget_u16.rs => fuzz_target_u16_decode.rs} | 11 ++++--- .../fuzz_targets/fuzz_target_u32_decode.rs | 22 +++++++++++++ .../fuzz_targets/fuzz_target_u64_decode.rs | 31 +++++++++++++++++++ ..._target_u8.rs => fuzz_target_u8_decode.rs} | 10 +++--- 5 files changed, 78 insertions(+), 12 deletions(-) rename eth2/utils/ssz/fuzz/fuzz_targets/{fuzz_target_u16.rs => fuzz_target_u16_decode.rs} (59%) create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u32_decode.rs create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u64_decode.rs rename eth2/utils/ssz/fuzz/fuzz_targets/{fuzz_target_u8.rs => fuzz_target_u8_decode.rs} (66%) diff --git a/eth2/utils/ssz/fuzz/Cargo.toml b/eth2/utils/ssz/fuzz/Cargo.toml index b640cc5f0..d0455a556 100644 --- a/eth2/utils/ssz/fuzz/Cargo.toml +++ b/eth2/utils/ssz/fuzz/Cargo.toml @@ -18,9 +18,17 @@ git = "https://github.com/rust-fuzz/libfuzzer-sys.git" members = ["."] [[bin]] -name = "fuzz_target_u8" -path = "fuzz_targets/fuzz_target_u8.rs" +name = "fuzz_target_u8_decode" +path = "fuzz_targets/fuzz_target_u8_decode.rs" [[bin]] -name = "fuzz_target_u16" -path = "fuzz_targets/fuzz_target_u16.rs" +name = "fuzz_target_u16_decode" +path = "fuzz_targets/fuzz_target_u16_decode.rs" + +[[bin]] +name = "fuzz_target_u32_decode" +path = "fuzz_targets/fuzz_target_u32_decode.rs" + +[[bin]] +name = "fuzz_target_u64_decode" +path = "fuzz_targets/fuzz_target_u64_decode.rs" diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u16.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u16_decode.rs similarity index 59% rename from eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u16.rs rename to eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u16_decode.rs index 8bf2be8a4..73395f3af 100644 --- a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u16.rs +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u16_decode.rs @@ -2,16 +2,19 @@ #[macro_use] extern crate libfuzzer_sys; extern crate ssz; -use ssz::{DecodeError, Decodable, Encodable}; +use ssz::{DecodeError, Decodable}; -// Fuzz ssz_decode(u8) +// Fuzz ssz_decode() fuzz_target!(|data: &[u8]| { let result: Result<(u16, usize), DecodeError> = Decodable::ssz_decode(data, 0); - if data.len() > 1 { + if data.len() >= 2 { // Valid result let (number_u16, index) = result.unwrap(); assert_eq!(index, 2); - // TODO: add test for number? + // TODO: change to little endian bytes + // https://github.com/sigp/lighthouse/issues/215 + let val = u16::from_be_bytes([data[0], data[1]]); + assert_eq!(number_u16, val); } else { // Length of 0 or 1 should return error assert_eq!(result, Err(DecodeError::TooShort)); diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u32_decode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u32_decode.rs new file mode 100644 index 000000000..e99bf2fad --- /dev/null +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u32_decode.rs @@ -0,0 +1,22 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate ssz; + +use ssz::{DecodeError, Decodable}; + +// Fuzz ssz_decode() +fuzz_target!(|data: &[u8]| { + let result: Result<(u32, usize), DecodeError> = Decodable::ssz_decode(data, 0); + if data.len() >= 4 { + // Valid result + let (number_u32, index) = result.unwrap(); + assert_eq!(index, 4); + // TODO: change to little endian bytes + // https://github.com/sigp/lighthouse/issues/215 + let val = u32::from_be_bytes([data[0], data[1], data[2], data[3]]); + assert_eq!(number_u32, val); + } else { + // Length less then 4 should return error + assert_eq!(result, Err(DecodeError::TooShort)); + } +}); diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u64_decode.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u64_decode.rs new file mode 100644 index 000000000..9e13ab604 --- /dev/null +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u64_decode.rs @@ -0,0 +1,31 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate ssz; + +use ssz::{DecodeError, Decodable}; + +// Fuzz ssz_decode() +fuzz_target!(|data: &[u8]| { + let result: Result<(u64, usize), DecodeError> = Decodable::ssz_decode(data, 0); + if data.len() >= 8 { + // Valid result + let (number_u64, index) = result.unwrap(); + assert_eq!(index, 8); + // TODO: change to little endian bytes + // https://github.com/sigp/lighthouse/issues/215 + let val = u64::from_be_bytes([ + data[0], + data[1], + data[2], + data[3], + data[4], + data[5], + data[6], + data[7], + ]); + assert_eq!(number_u64, val); + } else { + // Length less then 4 should return error + assert_eq!(result, Err(DecodeError::TooShort)); + } +}); diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8_decode.rs similarity index 66% rename from eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8.rs rename to eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8_decode.rs index afab5eab5..296b6fa3d 100644 --- a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8.rs +++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8_decode.rs @@ -2,16 +2,18 @@ #[macro_use] extern crate libfuzzer_sys; extern crate ssz; -use ssz::{DecodeError, Decodable, Encodable}; +use ssz::{DecodeError, Decodable}; -// Fuzz ssz_decode(u8) +// Fuzz ssz_decode() fuzz_target!(|data: &[u8]| { let result: Result<(u8, usize), DecodeError> = Decodable::ssz_decode(data, 0); - if data.len() > 0 { + if data.len() >= 1 { // Should have valid result let (number_u8, index) = result.unwrap(); + // TODO: change to little endian bytes + // https://github.com/sigp/lighthouse/issues/215 assert_eq!(number_u8, data[0]); - assert_eq!(index, 2); + assert_eq!(index, 1); } else { // Length of 0 should return error assert_eq!(result, Err(DecodeError::TooShort));