From e38b3a2d60517c98e6fa569b8b96ddf78b5f7a83 Mon Sep 17 00:00:00 2001 From: hatef Date: Wed, 5 Jun 2024 12:04:10 +0300 Subject: [PATCH] :bug: Fix some bugs regarding fuzzing --- src/handle_provide_parameter.c | 144 ++++++++++++++++++++------------- 1 file changed, 90 insertions(+), 54 deletions(-) diff --git a/src/handle_provide_parameter.c b/src/handle_provide_parameter.c index ae788265..a7e5b52b 100644 --- a/src/handle_provide_parameter.c +++ b/src/handle_provide_parameter.c @@ -119,14 +119,18 @@ static void handle_lock_ids_array(ethPluginProvideParameter_t *msg, context_t *c context->next_param = ID; break; case ID: - copy_parameter(context->lisk.body.reward.lock_id[counter].value, - msg->parameter, - INT256_LENGTH); - if (counter == context->lisk.body.reward.lock_ids_len - 1) { - counter = 0; - context->next_param = NONE; + if (counter < context->lisk.body.reward.lock_ids_len) { + copy_parameter(context->lisk.body.reward.lock_id[counter].value, + msg->parameter, + INT256_LENGTH); + if (counter == context->lisk.body.reward.lock_ids_len - 1) { + counter = 0; + context->next_param = NONE; + } else { + counter++; + } } else { - counter++; + msg->result = ETH_PLUGIN_RESULT_ERROR; } break; case NONE: @@ -154,21 +158,29 @@ static void handle_increase_locking_amount(ethPluginProvideParameter_t *msg, con context->next_param = ID; break; case ID: - copy_parameter(context->lisk.body.rewardIncLockingAmount.first[counter].value, - msg->parameter, - INT256_LENGTH); - context->next_param = AMOUNT; + if (counter < context->lisk.body.rewardIncLockingAmount.len) { + copy_parameter(context->lisk.body.rewardIncLockingAmount.first[counter].value, + msg->parameter, + INT256_LENGTH); + context->next_param = AMOUNT; + } else { + msg->result = ETH_PLUGIN_RESULT_ERROR; + } break; case AMOUNT: - copy_parameter(context->lisk.body.rewardIncLockingAmount.second[counter].value, - msg->parameter, - INT256_LENGTH); - if (context->lisk.body.rewardIncLockingAmount.len > 1 && - counter < context->lisk.body.rewardIncLockingAmount.len - 1) { - counter++; - context->next_param = ID; + if (counter < context->lisk.body.rewardIncLockingAmount.len) { + copy_parameter(context->lisk.body.rewardIncLockingAmount.second[counter].value, + msg->parameter, + INT256_LENGTH); + if (context->lisk.body.rewardIncLockingAmount.len > 1 && + counter < context->lisk.body.rewardIncLockingAmount.len - 1) { + counter++; + context->next_param = ID; + } else { + context->next_param = NONE; + } } else { - context->next_param = NONE; + msg->result = ETH_PLUGIN_RESULT_ERROR; } break; case NONE: @@ -196,21 +208,29 @@ static void handle_extend_duration(ethPluginProvideParameter_t *msg, context_t * context->next_param = ID; break; case ID: - copy_parameter(context->lisk.body.rewardExtendDuration.first[counter].value, - msg->parameter, - INT256_LENGTH); - context->next_param = DURATION; + if (counter < context->lisk.body.rewardExtendDuration.len) { + copy_parameter(context->lisk.body.rewardExtendDuration.first[counter].value, + msg->parameter, + INT256_LENGTH); + context->next_param = DURATION; + } else { + msg->result = ETH_PLUGIN_RESULT_ERROR; + } break; case DURATION: - copy_parameter(context->lisk.body.rewardExtendDuration.second[counter].value, - msg->parameter, - INT256_LENGTH); - if (context->lisk.body.rewardExtendDuration.len > 1 && - counter < context->lisk.body.rewardExtendDuration.len - 1) { - counter++; - context->next_param = ID; + if (counter < context->lisk.body.rewardExtendDuration.len) { + copy_parameter(context->lisk.body.rewardExtendDuration.second[counter].value, + msg->parameter, + INT256_LENGTH); + if (context->lisk.body.rewardExtendDuration.len > 1 && + counter < context->lisk.body.rewardExtendDuration.len - 1) { + counter++; + context->next_param = ID; + } else { + context->next_param = NONE; + } } else { - context->next_param = NONE; + msg->result = ETH_PLUGIN_RESULT_ERROR; } break; case NONE: @@ -384,22 +404,30 @@ static void handle_governor_propose(ethPluginProvideParameter_t *msg, context_t context->next_param = TARGET_ADDRESS; break; case TARGET_ADDRESS: - copy_address(context->lisk.body.governorPropose.data.first[counter].value, - msg->parameter, - sizeof(context->lisk.body.governorPropose.data.first[counter].value)); - if (counter + 1 < context->lisk.body.governorPropose.data.len) { - counter++; - context->next_param = SECOND_TARGET_ADDRESS; + if (counter < context->lisk.body.governorPropose.data.len) { + copy_address(context->lisk.body.governorPropose.data.first[counter].value, + msg->parameter, + sizeof(context->lisk.body.governorPropose.data.first[counter].value)); + if (counter + 1 < context->lisk.body.governorPropose.data.len) { + counter++; + context->next_param = SECOND_TARGET_ADDRESS; + } else { + context->next_param = PROPOSE_VALUE_LEN; + } } else { - context->next_param = PROPOSE_VALUE_LEN; + msg->result = ETH_PLUGIN_RESULT_ERROR; } break; case SECOND_TARGET_ADDRESS: - copy_address(context->lisk.body.governorPropose.data.first[counter].value, - msg->parameter, - sizeof(context->lisk.body.governorPropose.data.first[counter].value)); - counter = 0; - context->next_param = PROPOSE_VALUE_LEN; + if (counter < context->lisk.body.governorPropose.data.len) { + copy_address(context->lisk.body.governorPropose.data.first[counter].value, + msg->parameter, + sizeof(context->lisk.body.governorPropose.data.first[counter].value)); + counter = 0; + context->next_param = PROPOSE_VALUE_LEN; + } else { + msg->result = ETH_PLUGIN_RESULT_ERROR; + } break; case PROPOSE_VALUE_LEN: if (!U2BE_from_parameter(msg->parameter, @@ -413,21 +441,29 @@ static void handle_governor_propose(ethPluginProvideParameter_t *msg, context_t context->next_param = VALUE; break; case VALUE: - copy_parameter(context->lisk.body.governorPropose.data.second[counter].value, - msg->parameter, - INT256_LENGTH); - if (counter + 1 < context->lisk.body.governorPropose.value_len) { - counter++; - context->next_param = SECOND_VALUE; + if (counter < context->lisk.body.governorPropose.value_len) { + copy_parameter(context->lisk.body.governorPropose.data.second[counter].value, + msg->parameter, + INT256_LENGTH); + if (counter + 1 < context->lisk.body.governorPropose.value_len) { + counter++; + context->next_param = SECOND_VALUE; + } else { + context->next_param = NONE; + } } else { - context->next_param = NONE; + msg->result = ETH_PLUGIN_RESULT_ERROR; } break; case SECOND_VALUE: - copy_parameter(context->lisk.body.governorPropose.data.second[counter].value, - msg->parameter, - INT256_LENGTH); - context->next_param = NONE; + if (counter < context->lisk.body.governorPropose.value_len) { + copy_parameter(context->lisk.body.governorPropose.data.second[counter].value, + msg->parameter, + INT256_LENGTH); + context->next_param = NONE; + } else { + msg->result = ETH_PLUGIN_RESULT_ERROR; + } break; case NONE: break;