From 38abcc4a240f3878c44203c783af57c66303838e Mon Sep 17 00:00:00 2001
From: Kirk Baird <baird.k@outlook.com>
Date: Wed, 20 Feb 2019 15:03:32 +1100
Subject: [PATCH] Fuzz test for u8 fails

---
 eth2/utils/ssz/fuzz/Cargo.toml                |  4 ++++
 .../ssz/fuzz/fuzz_targets/fuzz_target_u16.rs  | 19 +++++++++++++++++++
 .../ssz/fuzz/fuzz_targets/fuzz_target_u8.rs   |  9 +++++++++
 3 files changed, 32 insertions(+)
 create mode 100644 eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u16.rs

diff --git a/eth2/utils/ssz/fuzz/Cargo.toml b/eth2/utils/ssz/fuzz/Cargo.toml
index 9ffff016c4..b640cc5f0e 100644
--- a/eth2/utils/ssz/fuzz/Cargo.toml
+++ b/eth2/utils/ssz/fuzz/Cargo.toml
@@ -20,3 +20,7 @@ members = ["."]
 [[bin]]
 name = "fuzz_target_u8"
 path = "fuzz_targets/fuzz_target_u8.rs"
+
+[[bin]]
+name = "fuzz_target_u16"
+path = "fuzz_targets/fuzz_target_u16.rs"
diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u16.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u16.rs
new file mode 100644
index 0000000000..8bf2be8a47
--- /dev/null
+++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u16.rs
@@ -0,0 +1,19 @@
+#![no_main]
+#[macro_use] extern crate libfuzzer_sys;
+extern crate ssz;
+
+use ssz::{DecodeError, Decodable, Encodable};
+
+// Fuzz ssz_decode(u8)
+fuzz_target!(|data: &[u8]| {
+    let result: Result<(u16, usize), DecodeError> = Decodable::ssz_decode(data, 0);
+    if data.len() > 1 {
+        // Valid result
+        let (number_u16, index) = result.unwrap();
+        assert_eq!(index, 2);
+        // TODO: add test for number?
+    } else {
+        // Length of 0 or 1 should return error
+        assert_eq!(result, Err(DecodeError::TooShort));
+    }
+});
diff --git a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8.rs b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8.rs
index 6a8fd7673e..afab5eab51 100644
--- a/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8.rs
+++ b/eth2/utils/ssz/fuzz/fuzz_targets/fuzz_target_u8.rs
@@ -7,4 +7,13 @@ use ssz::{DecodeError, Decodable, Encodable};
 // Fuzz ssz_decode(u8)
 fuzz_target!(|data: &[u8]| {
     let result: Result<(u8, usize), DecodeError> = Decodable::ssz_decode(data, 0);
+    if data.len() > 0 {
+        // Should have valid result
+        let (number_u8, index) = result.unwrap();
+        assert_eq!(number_u8, data[0]);
+        assert_eq!(index, 2);
+    } else {
+        // Length of 0 should return error
+        assert_eq!(result, Err(DecodeError::TooShort));
+    }
 });