From 66814768f8c172d6996d037064924c908245a951 Mon Sep 17 00:00:00 2001
From: Daniel Schadt <kingdread@gmx.de>
Date: Wed, 16 Apr 2025 19:21:29 +0200
Subject: fuzz against aez crate

I just want to ensure that we get the same encrypted values as the
reference (which seems fine), but for some reason, I get a lot of
crashes in aez:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==15467==ERROR: AddressSanitizer: SEGV on unknown address 0x7b34b0420000 (pc 0x6371fcd8f682 bp 0x7ffceb91abf0 sp 0x7ffceb91a950 T0)
==15467==The signal is caused by a READ memory access.
    #0 0x6371fcd8f682 in _mm_loadu_si128 /usr/lib/gcc/x86_64-pc-linux-gnu/14.2.1/include/emmintrin.h:706:10
    #1 0x6371fcd8f682 in loadu /home/daniel/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/aez-0.0.7/aez5-impls/aesni/encrypt.c:107:46
    #2 0x6371fcd8f682 in cipher_aez_core /home/daniel/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/aez-0.0.7/aez5-impls/aesni/encrypt.c:572:32
    #3 0x6371fcd8d581 in aez::Aez::encrypt::h56048920113a17d9 /home/daniel/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/aez-0.0.7/src/lib.rs:118:13

The crash
---
 src/lib.rs | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src')

diff --git a/src/lib.rs b/src/lib.rs
index 49a83d6..5a2e205 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -895,4 +895,12 @@ mod test {
         let aez = Aez::new(b"");
         aez.encrypt(b"", &[], 673261693, &[]);
     }
+
+    #[test]
+    fn test_fuzzed_3() {
+        // AEZ crashes if given an empty message and empty tau
+        let aez = Aez::new(&[0, 110, 109, 0]);
+        let value = aez.encrypt(&[0], &[], 0, &[]);
+        assert_eq!(&value, &[]);
+    }
 }
-- 
cgit v1.2.3