Container SSZ deserialize on short/empty inputs throws RangeError #502
Description
Describe the bug
When deserializing empty/short SSZ buffers for container types on the latest fork (electra), @chainsafe/ssz throws a raw RangeError from DataView (e.g., Attestation, AttesterSlashing, BeaconBlock) instead of a typed decode error. This was found via fuzzing Lodestar.
Expected behavior
Detect invalid/short input and throw a stable, typed decode error (not a DataView RangeError).
Steps to Reproduce
- Empty BeaconBlock:
node -e "(async()=>{const {ssz}=await import('@lodestar/types/electra');
ssz.BeaconBlock.deserialize(Buffer.from('','hex'));})()"- Short BeaconBlock:
node -e "(async()=>{const {ssz}=await import('@lodestar/types/electra');
ssz.BeaconBlock.deserialize(Buffer.from('64000000a8ea7673','hex'));})()"- Short Attestation:
node -e "(async()=>{const {ssz}=await import('@lodestar/types/electra');
ssz.Attestation.deserialize(Buffer.from('04ff','hex'));})()"- Short AttesterSlashing:
node -e "(async()=>{const {ssz}=await import('@lodestar/types/electra');
ssz.AttesterSlashing.deserialize(Buffer.from('01ff','hex'));})()"- Observed (common):
RangeError: Offset is outside the bounds of the DataView
at DataView.prototype.getUint32 (<anonymous>)
at readVariableOffsets (.../node_modules/@chainsafe/ssz/lib/type/container.js:341:29)
at ContainerType.getFieldRanges (.../node_modules/@chainsafe/ssz/lib/type/container.js:310:25)
at ContainerType.value_deserializeFromBytes (file:///Users/hanzhi/node_modules/@chainsafe/ssz/lib/type/container.js:145:34)
at ContainerType.deserialize (.../node_modules/@chainsafe/ssz/lib/type/abstract.js:42:21)
at [eval]:2:19
Desktop:
- OS: Ubuntu 22.04
- Version: Node v20.x; @lodestar/types 1.34.1; @chainsafe/ssz 1.2.2
- Branch: ssz-v1.2.2
- Commit hash: 7f5580c