Giters

ChainSafe / discv5

A Typescript implementation of the Discv5 protocol

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[Crash/Fuzzing] "Assertion `val->IsArrayBufferView()' failed" when parsing invalid ENR string.

pventuzelo opened this issue · comments

commented

Describe the bug

When providing a specific string to discv5.ENR.decodeTxt function, an Assertion 'val->IsArrayBufferView()' failed. are triggered. This issue seems to be related to BigInt and sometime can trigger a SyntaxError: Cannot convert 0x",\,X, instead (see here)

This bug has been found by the community using beacon-fuzz and reported in our repository here. Kudos to @Daft-Wullie for the finding !!

Steps to Reproduce

enr_assert_failed_lodestar.js:

var discv5 = require("@chainsafe/discv5");
buf = Buffer.from("656e723a2d495334514b6b33ff583945717841337838334162436979416e537550444d764b353264433530486d31584744643574457951684d3356634a4c2d5062446b44673541507a5f706f76763022d48dcf992d5379716b306e616e636f4e572d656e7263713042676d6c6b676e5930676d6c77684838414141474a6332566a634449314e6d73786f514d31453579557370397638516a397476335a575843766146427672504e647a384b5049314e68576651577a494e315a4843434239410a", 'hex').toString()
console.log(buf)
discv5.ENR.decodeTxt(buf);

Run:

$ npm i @chainsafe/discv5

$ nodejs ../beacon-fuzz/enr_assert_failed_lodestar.js
WARNING: Bcrypto built for node.js v12.9.1, not v12.18.0!
enr:-K*u4II5ldHOIAAAAAAAAAACEZXRoMpAAAAAAAAAAAP__BLf22SJc2VjcDI1NmsxoQJxCnE6v_x2ekgY_uoE1rtwzvGy40mq9eD66XfHPBWGgII5ldHOIAAAMpAAAcAAAAAAAP__________gmlkgnY0gmlwhBLf22SJc2VjcDI1NmsxoQJxCnE6v_x2ekgY_uoE1rtwzvGy40mq9eD66XfHPBWOT9StqmwI5LHa
nodejs[11627]: ../src/node_buffer.cc:220:char* node::Buffer::Data(v8::Local<v8::Value>): Assertion `val->IsArrayBufferView()' failed.
 1: 0xa07f90 node::Abort() [nodejs]
 2: 0xa0800e  [nodejs]
 3: 0x9e7332  [nodejs]
 4: 0x9dd3de napi_get_buffer_info [nodejs]
 5: 0x7f8dccfa1c83 toBigInt [/XXX/node_modules/bigint-buffer/build/Release/bigint_buffer.node]
 6: 0x9c1e25  [nodejs]
 7: 0xbecd29  [nodejs]
 8: 0xbeeb17 v8::internal::Builtin_HandleApiCall(int, unsigned long*, v8::internal::Isolate*) [nodejs]
 9: 0x13cb619  [nodejs]
[1]    11627 abort (core dumped)  nodejs ../beacon-fuzz/enr_assert_failed_lodestar.js

Desktop (please complete the following information):

commented

I've updated the crashing testcase.