Merge pull request #37 from ChainSafe/tuyen/fix-fuzzing-tests

Validation for fromBytes

Author: wemeetagain

src/backings/structural/abstract.ts

@@ -34,13 +34,37 @@ export class StructuralHandler<T extends object> {
   equals(target: T, other: T): boolean {
     throw new Error("Not implemented");
   }
+  validateBytes(data: Uint8Array, start: number, end: number): void {
+    if (!data) {
+      throw new Error("Data is null or undefined");
+    }
+    if (data.length === 0) {
+      throw new Error("Data is empty");
+    }
+    if (start < 0) {
+      throw new Error(`Start param is negative: ${start}`);
+    }
+    if (start >= data.length) {
+      throw new Error(`Start param: ${start} is greater than length: ${data.length}`);
+    }
+    if (end < 0) {
+      throw new Error(`End param is negative: ${end}`);
+    }
+    if (end > data.length) {
+      throw new Error(`End param: ${end} is greater than length: ${data.length}`);
+    }
+    const length = end - start;
+    if (!this._type.isVariableSize() && length !== this.size(null)) {
+      throw new Error(`Incorrect data length ${length}, expect ${this.size(null)}`);
+    }
+    if (end - start < this.minSize()) {
+      throw new Error(`Data length ${length} is too small, expect at least ${this.minSize()}`);
+    }
+  }
   fromBytes(data: Uint8Array, start: number, end: number): T {
     throw new Error("Not implemented");
   }
   deserialize(data: Uint8Array): T {
-    if (!this._type.isVariableSize() && this.size(null) !== data.length) {
-      throw new Error("Incorrect data length");
-    }
     return this.fromBytes(data, 0, data.length);
   }
   serialize(target: T): Uint8Array {

src/backings/structural/array.ts

@@ -48,6 +48,7 @@ export class BasicArrayStructuralHandler<T extends ArrayLike<unknown>> extends S
     return newValue;
   }
   fromBytes(data: Uint8Array, start: number, end: number): T {
+    this.validateBytes(data, start, end);
     const elementSize = this._type.elementType.size();
     return Array.from(
       {length: (end - start) / elementSize},
@@ -151,6 +152,7 @@ export class CompositeArrayStructuralHandler<T extends ArrayLike<object>> extend
     return newValue;
   }
   fromBytes(data: Uint8Array, start: number, end: number): T {
+    this.validateBytes(data, start, end);
     if (start === end) {
       return [] as unknown as T;
     }

src/backings/structural/bitList.ts

@@ -38,6 +38,7 @@ export class BitListStructuralHandler extends BasicListStructuralHandler<BitList
     return 1;
   }
   fromBytes(data: Uint8Array, start: number, end: number): BitList {
+    this.validateBytes(data, start, end);
     const value = [];
     const toBool = (c: string): boolean => c === "1" ? true : false;
     for (let i = start; i < end-1; i++) {

src/backings/structural/bitVector.ts

@@ -35,6 +35,7 @@ export class BitVectorStructuralHandler extends BasicVectorStructuralHandler<Bit
     return Number(bitstring);
   }
   fromBytes(data: Uint8Array, start: number, end: number): BitVector {
+    this.validateBytes(data, start, end);
     if ((end - start) !== this.size(null)) {
       throw new Error("Invalid bitvector: length not equal to vector length");
     }

src/backings/structural/byteVector.ts

@@ -13,6 +13,7 @@ export class ByteVectorStructuralHandler extends BasicVectorStructuralHandler<By
     return new Uint8Array(this._type.length);
   }
   fromBytes(data: Uint8Array, start: number, end: number): ByteVector {
+    this.validateBytes(data, start, end);
     const length = end - start;
     if (length !== this._type.length) {
       throw new Error(`Invalid deserialized vector length: expected ${this._type.length}, actual: ${length}`);

src/backings/structural/container.ts

@@ -82,6 +82,7 @@ export class ContainerStructuralHandler<T extends ObjectLike> extends Structural
     return newValue;
   }
   fromBytes(data: Uint8Array, start: number, end: number): T {
+    this.validateBytes(data, start, end);
     let currentIndex = start;
     let nextIndex = currentIndex;
     const value = {} as T;

src/backings/structural/list.ts

@@ -21,10 +21,14 @@ export class BasicListStructuralHandler<T extends List<unknown>> extends BasicAr
   getMinLength(): number {
     return 0;
   }
-  fromBytes(data: Uint8Array, start: number, end: number): T {
+  validateBytes(data: Uint8Array, start: number, end: number): void {
+    super.validateBytes(data, start, end);
     if ((end - start) / this._type.elementType.size() > this._type.limit) {
       throw new Error("Deserialized list length greater than limit");
     }
+  }
+  fromBytes(data: Uint8Array, start: number, end: number): T {
+    this.validateBytes(data, start, end);
     return super.fromBytes(data, start, end);
   }
   nonzeroChunkCount(value: T): number {
@@ -64,6 +68,7 @@ export class CompositeListStructuralHandler<T extends List<object>> extends Comp
     return 0;
   }
   fromBytes(data: Uint8Array, start: number, end: number): T {
+    this.validateBytes(data, start, end);
     const value = super.fromBytes(data, start, end);
     if (value.length > this._type.limit) {
       throw new Error("Deserialized list length greater than limit");

src/backings/structural/vector.ts

@@ -23,10 +23,14 @@ export class BasicVectorStructuralHandler<T extends Vector<unknown>> extends Bas
   getMinLength(): number {
     return this._type.length;
   }
-  fromBytes(data: Uint8Array, start: number, end: number): T {
+  validateBytes(data: Uint8Array, start: number, end: number): void {
+    super.validateBytes(data, start, end);
     if ((end - start) / this._type.elementType.size() !== this._type.length) {
       throw new Error("Incorrect deserialized vector length");
     }
+  }
+  fromBytes(data: Uint8Array, start: number, end: number): T {
+    this.validateBytes(data, start, end);
     return super.fromBytes(data, start, end);
   }
   assertValidValue(value: unknown): asserts value is T {
@@ -71,6 +75,7 @@ export class CompositeVectorStructuralHandler<T extends Vector<object>> extends
     return this._type.length;
   }
   fromBytes(data: Uint8Array, start: number, end: number): T {
+    this.validateBytes(data, start, end);
     const value = super.fromBytes(data, start, end);
     if (value.length !== this._type.length) {
       throw new Error("Incorrect deserialized vector length");

src/types/basic/abstract.ts

@@ -97,6 +97,25 @@ export class BasicType<T> {
     return this.size();
   }
 
+  /**
+   * Validate bytes before calling fromBytes
+   * @param data
+   * @param offset
+   */
+  validateBytes(data: Uint8Array, offset: number): void {
+    if (!data) {
+      throw new Error("Data is null or undefined");
+    }
+    if (data.length === 0) {
+      throw new Error("Data is empty");
+    }
+    const length = data.length - offset;
+    if (length < this.size()) {
+      throw new Error(`Data length of ${length} is too small, expect ${this.size()}`);
+    }
+    // accept data length > this.size()
+  }
+
   /**
    * Low-level deserialization
    */

src/types/basic/boolean.ts

@@ -31,6 +31,7 @@ export class BooleanType extends BasicType<boolean> {
     return offset + 1;
   }
   fromBytes(data: Uint8Array, offset: number): boolean {
+    this.validateBytes(data, offset);
     if (data[offset] === 1) {
       return true;
     } else if (data[offset] === 0) {

src/types/basic/uint.ts

@@ -71,6 +71,7 @@ export class NumberUintType extends UintType<number> {
     return offset + this.byteLength;
   }
   fromBytes(data: Uint8Array, offset: number): number {
+    this.validateBytes(data, offset);
     let isInfinity = true;
     let output = BigInt(0);
     for (let i = 0; i < this.byteLength; i++) {
@@ -139,6 +140,7 @@ export class BigIntUintType extends UintType<bigint> {
     return offset + this.byteLength;
   }
   fromBytes(data: Uint8Array, offset: number): bigint {
+    this.validateBytes(data, offset);
     let output = BigInt(0);
     for (let i = 0; i < this.byteLength; i++) {
       output += BigInt(data[offset + i]) << BigInt(8 * i);

test/unit/deserialize.test.ts

@@ -1,11 +1,11 @@
-import {assert} from "chai";
+import {assert, expect} from "chai";
 import {describe, it} from "mocha";
 
 import {booleanType, byteType, ContainerType} from "../../src";
 import {
-  ArrayObject, ArrayObject2, bigint16Type, bigint64Type, bigint128Type, bigint256Type, bitList100Type, bitVector100Type, byteVector100Type,
-  bytes2Type, bytes8Type, bytes32Type,
-  number16Type, number32Type, number64Type, number16Vector6Type, number16List100Type, OuterObject, SimpleObject
+  ArrayObject, ArrayObject2, bigint64Type, bigint128Type, bigint256Type,
+  bytes8Type, bytes32Type,
+  number16Type, number32Type, number64Type, number16Vector6Type, number16List100Type, OuterObject, SimpleObject, VariableSizeSimpleObject
 } from "./objects";
 
 
@@ -69,6 +69,32 @@ describe("deserialize", () => {
       assert.deepEqual(actual, expected);
     });
   }
+  const invalidDataTestCases: {
+    value: string;
+    type: any;
+    expectedError: string;
+  }[] = [
+    {value: "", type: number16Type, expectedError: "Data is empty"},
+    {value: "00", type: number16Type, expectedError: "Data length of 1 is too small, expect 2"},
+    {value: "", type: number16Vector6Type, expectedError: "Data is empty"},
+    {value: "00", type: number16Vector6Type, expectedError: "Incorrect data length 1, expect 12"},
+    {value: "", type: number16List100Type, expectedError: "Data is empty"},
+    {value: "", type: SimpleObject, expectedError: "Data is empty"},
+    {value: "00", type: SimpleObject, expectedError: "Incorrect data length 1, expect 3"},
+    {value: "", type: VariableSizeSimpleObject, expectedError: "Data is empty"},
+    {value: "00", type: VariableSizeSimpleObject, expectedError: "Data length 1 is too small, expect at least 7"},
+  ];
+  for (const {type, value, expectedError} of invalidDataTestCases) {
+    it(`should throw error deserializing invalid data for ${type.constructor.name}`, () => {
+      try {
+        type.deserialize(Buffer.from(value, "hex"));
+        assert.fail("Expect error here");
+      } catch (e) {
+        expect(e.message).to.be.equal(expectedError);
+      }
+    });
+  }
+
 });
 
 interface ITestType {

test/unit/objects.ts

@@ -25,7 +25,7 @@ export const bytes8Type = new ByteVectorType({
 });
 
 export const bytes32Type = new ByteVectorType({
-  length: 32 
+  length: 32
 });
 
 export const byteVector100Type = new ByteVectorType({length: 100});
@@ -55,7 +55,7 @@ export const number16Vector6Type = new VectorType({
 
 export const number16List100Type = new ListType({
   elementType: number16Type,
-  limit:100 
+  limit:100
 });
 
 export const SimpleObject = new ContainerType({
@@ -65,6 +65,14 @@ export const SimpleObject = new ContainerType({
   },
 });
 
+export const VariableSizeSimpleObject = new ContainerType({
+  fields: {
+    b: number16Type,
+    a: byteType,
+    list: number16List100Type,
+  },
+});
+
 export const CamelCaseFieldObject = new ContainerType({
   fields: {
     someValue: new NumberUintType({byteLength: 4}),