🐛 Fix some bugs regarding fuzzing

LiskHQ · Jun 5, 2024 · e38b3a2 · e38b3a2
1 parent 9fa07dc
commit e38b3a2
Showing 1 changed file with 90 additions and 54 deletions.
diff --git a/src/handle_provide_parameter.c b/src/handle_provide_parameter.c
@@ -119,14 +119,18 @@ static void handle_lock_ids_array(ethPluginProvideParameter_t *msg, context_t *c
             context->next_param = ID;
             break;
         case ID:
-            copy_parameter(context->lisk.body.reward.lock_id[counter].value,
-                           msg->parameter,
-                           INT256_LENGTH);
-            if (counter == context->lisk.body.reward.lock_ids_len - 1) {
-                counter = 0;
-                context->next_param = NONE;
+            if (counter < context->lisk.body.reward.lock_ids_len) {
+                copy_parameter(context->lisk.body.reward.lock_id[counter].value,
+                               msg->parameter,
+                               INT256_LENGTH);
+                if (counter == context->lisk.body.reward.lock_ids_len - 1) {
+                    counter = 0;
+                    context->next_param = NONE;
+                } else {
+                    counter++;
+                }
             } else {
-                counter++;
+                msg->result = ETH_PLUGIN_RESULT_ERROR;
             }
             break;
         case NONE:
@@ -154,21 +158,29 @@ static void handle_increase_locking_amount(ethPluginProvideParameter_t *msg, con
             context->next_param = ID;
             break;
         case ID:
-            copy_parameter(context->lisk.body.rewardIncLockingAmount.first[counter].value,
-                           msg->parameter,
-                           INT256_LENGTH);
-            context->next_param = AMOUNT;
+            if (counter < context->lisk.body.rewardIncLockingAmount.len) {
+                copy_parameter(context->lisk.body.rewardIncLockingAmount.first[counter].value,
+                               msg->parameter,
+                               INT256_LENGTH);
+                context->next_param = AMOUNT;
+            } else {
+                msg->result = ETH_PLUGIN_RESULT_ERROR;
+            }
             break;
         case AMOUNT:
-            copy_parameter(context->lisk.body.rewardIncLockingAmount.second[counter].value,
-                           msg->parameter,
-                           INT256_LENGTH);
-            if (context->lisk.body.rewardIncLockingAmount.len > 1 &&
-                counter < context->lisk.body.rewardIncLockingAmount.len - 1) {
-                counter++;
-                context->next_param = ID;
+            if (counter < context->lisk.body.rewardIncLockingAmount.len) {
+                copy_parameter(context->lisk.body.rewardIncLockingAmount.second[counter].value,
+                               msg->parameter,
+                               INT256_LENGTH);
+                if (context->lisk.body.rewardIncLockingAmount.len > 1 &&
+                    counter < context->lisk.body.rewardIncLockingAmount.len - 1) {
+                    counter++;
+                    context->next_param = ID;
+                } else {
+                    context->next_param = NONE;
+                }
             } else {
-                context->next_param = NONE;
+                msg->result = ETH_PLUGIN_RESULT_ERROR;
             }
             break;
         case NONE:
@@ -196,21 +208,29 @@ static void handle_extend_duration(ethPluginProvideParameter_t *msg, context_t *
             context->next_param = ID;
             break;
         case ID:
-            copy_parameter(context->lisk.body.rewardExtendDuration.first[counter].value,
-                           msg->parameter,
-                           INT256_LENGTH);
-            context->next_param = DURATION;
+            if (counter < context->lisk.body.rewardExtendDuration.len) {
+                copy_parameter(context->lisk.body.rewardExtendDuration.first[counter].value,
+                               msg->parameter,
+                               INT256_LENGTH);
+                context->next_param = DURATION;
+            } else {
+                msg->result = ETH_PLUGIN_RESULT_ERROR;
+            }
             break;
         case DURATION:
-            copy_parameter(context->lisk.body.rewardExtendDuration.second[counter].value,
-                           msg->parameter,
-                           INT256_LENGTH);
-            if (context->lisk.body.rewardExtendDuration.len > 1 &&
-                counter < context->lisk.body.rewardExtendDuration.len - 1) {
-                counter++;
-                context->next_param = ID;
+            if (counter < context->lisk.body.rewardExtendDuration.len) {
+                copy_parameter(context->lisk.body.rewardExtendDuration.second[counter].value,
+                               msg->parameter,
+                               INT256_LENGTH);
+                if (context->lisk.body.rewardExtendDuration.len > 1 &&
+                    counter < context->lisk.body.rewardExtendDuration.len - 1) {
+                    counter++;
+                    context->next_param = ID;
+                } else {
+                    context->next_param = NONE;
+                }
             } else {
-                context->next_param = NONE;
+                msg->result = ETH_PLUGIN_RESULT_ERROR;
             }
             break;
         case NONE:
@@ -384,22 +404,30 @@ static void handle_governor_propose(ethPluginProvideParameter_t *msg, context_t
             context->next_param = TARGET_ADDRESS;
             break;
         case TARGET_ADDRESS:
-            copy_address(context->lisk.body.governorPropose.data.first[counter].value,
-                         msg->parameter,
-                         sizeof(context->lisk.body.governorPropose.data.first[counter].value));
-            if (counter + 1 < context->lisk.body.governorPropose.data.len) {
-                counter++;
-                context->next_param = SECOND_TARGET_ADDRESS;
+            if (counter < context->lisk.body.governorPropose.data.len) {
+                copy_address(context->lisk.body.governorPropose.data.first[counter].value,
+                             msg->parameter,
+                             sizeof(context->lisk.body.governorPropose.data.first[counter].value));
+                if (counter + 1 < context->lisk.body.governorPropose.data.len) {
+                    counter++;
+                    context->next_param = SECOND_TARGET_ADDRESS;
+                } else {
+                    context->next_param = PROPOSE_VALUE_LEN;
+                }
             } else {
-                context->next_param = PROPOSE_VALUE_LEN;
+                msg->result = ETH_PLUGIN_RESULT_ERROR;
             }
             break;
         case SECOND_TARGET_ADDRESS:
-            copy_address(context->lisk.body.governorPropose.data.first[counter].value,
-                         msg->parameter,
-                         sizeof(context->lisk.body.governorPropose.data.first[counter].value));
-            counter = 0;
-            context->next_param = PROPOSE_VALUE_LEN;
+            if (counter < context->lisk.body.governorPropose.data.len) {
+                copy_address(context->lisk.body.governorPropose.data.first[counter].value,
+                             msg->parameter,
+                             sizeof(context->lisk.body.governorPropose.data.first[counter].value));
+                counter = 0;
+                context->next_param = PROPOSE_VALUE_LEN;
+            } else {
+                msg->result = ETH_PLUGIN_RESULT_ERROR;
+            }
             break;
         case PROPOSE_VALUE_LEN:
             if (!U2BE_from_parameter(msg->parameter,
@@ -413,21 +441,29 @@ static void handle_governor_propose(ethPluginProvideParameter_t *msg, context_t
             context->next_param = VALUE;
             break;
         case VALUE:
-            copy_parameter(context->lisk.body.governorPropose.data.second[counter].value,
-                           msg->parameter,
-                           INT256_LENGTH);
-            if (counter + 1 < context->lisk.body.governorPropose.value_len) {
-                counter++;
-                context->next_param = SECOND_VALUE;
+            if (counter < context->lisk.body.governorPropose.value_len) {
+                copy_parameter(context->lisk.body.governorPropose.data.second[counter].value,
+                               msg->parameter,
+                               INT256_LENGTH);
+                if (counter + 1 < context->lisk.body.governorPropose.value_len) {
+                    counter++;
+                    context->next_param = SECOND_VALUE;
+                } else {
+                    context->next_param = NONE;
+                }
             } else {
-                context->next_param = NONE;
+                msg->result = ETH_PLUGIN_RESULT_ERROR;
             }
             break;
         case SECOND_VALUE:
-            copy_parameter(context->lisk.body.governorPropose.data.second[counter].value,
-                           msg->parameter,
-                           INT256_LENGTH);
-            context->next_param = NONE;
+            if (counter < context->lisk.body.governorPropose.value_len) {
+                copy_parameter(context->lisk.body.governorPropose.data.second[counter].value,
+                               msg->parameter,
+                               INT256_LENGTH);
+                context->next_param = NONE;
+            } else {
+                msg->result = ETH_PLUGIN_RESULT_ERROR;
+            }
             break;
         case NONE:
             break;