Skip to content

feat(fuzz): add state KV decode fuzz target with roundtrip check#831

Open
wangzishuai1987 wants to merge 1 commit into
jarchain:masterfrom
wangzishuai1987:feat/fuzz-store-decode
Open

feat(fuzz): add state KV decode fuzz target with roundtrip check#831
wangzishuai1987 wants to merge 1 commit into
jarchain:masterfrom
wangzishuai1987:feat/fuzz-store-decode

Conversation

@wangzishuai1987
Copy link
Copy Markdown

@wangzishuai1987 wangzishuai1987 commented May 2, 2026

Summary

Adds a fuzz_store_decode fuzz target that feeds arbitrary bytes into the state KV decoding logic (mirroring grey_store::decode_state_kvs).

What it tests:

  • Decoding arbitrary bytes never panics — only Some or None
  • Successful decode roundtrips through re-encode → re-decode
  • Includes the same OOM guard as the real implementation (bounding count by remaining bytes / 35)

Why it matters:
decode_state_kvs parses untrusted data from the database. A panic here would crash the node. This fuzz target ensures the decoder handles all edge cases including:

  • Truncated count prefix
  • Oversized count prefix (OOM attack vector)
  • Truncated keys or value lengths
  • Zero-length values
  • Values spanning to the end of input

Refs: #229

@wangzishuai1987
feat(fuzz): add state KV decode fuzz target with roundtrip check
80e24a5 
Add fuzz_store_decode target that feeds arbitrary bytes into the
state KV decoding logic (mirroring grey_store::decode_state_kvs).
Verifies that decoding never panics and that successful decode
roundtrips through re-encode.

This fuzz target includes the same OOM guard as the real
implementation (bounding count by remaining bytes / 35).

Refs: jarchain#229
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 2, 2026

Genesis Review

Comparison targets:

How to review

Post a comment with the following format (rank from best to worst):

/review
difficulty: <commit1>, <commit2>, ..., <commitN>, currentPR
novelty: <commit1>, <commit2>, ..., <commitN>, currentPR
design: <commit1>, <commit2>, ..., <commitN>, currentPR
verdict: merge

Use the short commit hashes above and currentPR for this PR.
Each line ranks all comparison targets + this PR from best to worst.

To meta-review another reviewer's comment, react with 👍 or 👎.

@johandroid
Copy link
Copy Markdown
Contributor

johandroid commented May 11, 2026

/review
difficulty: 204e93a, 9b74f92, 8a8aa7e, 9eb2037, 34d3e3e, 4b62216, currentPR, 5058117
novelty: 9b74f92, 8a8aa7e, currentPR, 204e93a, 9eb2037, 34d3e3e, 4b62216, 5058117
design: 204e93a, 9b74f92, 9eb2037, 8a8aa7e, 34d3e3e, 4b62216, 5058117, currentPR
verdict: notMerge

The intent is useful, but the fuzz target reimplements grey_store::decode_state_kvs instead of exercising the production decoder, and its copy adds an OOM guard that the production function does not have. That means the target can pass while the real decoder regresses or remains vulnerable, so design ranks last despite some novelty as fuzz coverage. Fix by testing the actual decoder, or exposing a narrow internal test/fuzz entry point.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 11, 2026

JAR Bot: Review recorded from @johandroid (1 reviews, 0 meta-reviews).
Merge weight: 0/37665 (need >50%).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@wangzishuai1987 @johandroid