Is this a vulnerability to move VM-2

Stack BackTrace of Crash
thread ‘main’ panicked at ‘index out of bounds: the len is 0 but the index is 0’, /home/user/diem-fuzz/diem-main/language/bytecode-verifier/src/type_safety.rs:735:13
stack backtrace:
0: rust_begin_unwind at /rustc/07e0e2ec268c140e607e1ac7f49f145612d0f597/library/std/src/panicking.rs:493:5

6: bytecode_verifier::type_safety::instantiate at /home/user/diem-fuzz/diem-main/language/bytecode-verifier/src/type_safety.rs:735:13
7: bytecode_verifier::type_safety::instantiate at /home/user/diem-fuzz/diem-main/language/bytecode-verifier/src/type_safety.rs:729:45
8: bytecode_verifier::type_safety::call at /home/user/diem-fuzz/diem-main/language/bytecode-verifier/src/type_safety.rs:203:19
9: bytecode_verifier::type_safety::verify_instr at /home/user/diem-fuzz/diem-main/language/bytecode-verifier/src/type_safety.rs:489:13
10: bytecode_verifier::type_safety::verify at /home/user/diem-fuzz/diem-main/language/bytecode-verifier/src/type_safety.rs:93:13
11: bytecode_verifier::code_unit_verifier::CodeUnitVerifier::verify_common at /home/user/diem-fuzz/diem-main/language/bytecode-verifier/src/code_unit_verifier.rs:94:9
12: bytecode_verifier::code_unit_verifier::CodeUnitVerifier::verify_script_impl at /home/user/diem-fuzz/diem-main/language/bytecode-verifier/src/code_unit_verifier.rs:59:9
13: bytecode_verifier::code_unit_verifier::CodeUnitVerifier::verify_script at /home/user/diem-fuzz/diem-main/language/bytecode-verifier/src/code_unit_verifier.rs:46:9
14: bytecode_verifier::verifier::verify_scrip at /home/user/diem-fuzz/diem-main/language/bytecode-verifier/src/verifier.rs:53:5
15: move_vm_runtime::loader::Loader::verify_script at /home/user/diem-fuzz/diem-main/language/move-vm/runtime/src/loader.rs:529:9
16: move_vm_runtime::loader::Loader::deserialize_and_verify_script at /home/user/diem-fuzz/diem-main/language/move-vm/runtime/src/loader.rs:503:15
17: move_vm_runtime::loader::Loader::load_script at /home/user/diem-fuzz/diem-main/language/move-vm/runtime/src/loader.rs:461:21
18: move_vm_runtime::runtime::VMRuntime::execute_script at /home/user/diem-fuzz/diem-main/language/move-vm/runtime/src/runtime.rs:245:13
19: move_vm_runtime::session::Session::execute_script at /home/user/diem-fuzz/diem-main/language/move-vm/runtime/src/session.rs:130:9

A crash occurred while calling the interface script_run.The input sample is in the github repository GitHub - suirui17/input_samples: Input files that can trigger the crash of move VM

1 Like

Thank you for the report. Unfortunately, I cannot reproduce the crash on the latest main branch with the sample provided. Could it be that the sample is overly minimized by the fuzzer?

Also, we are interested in how these samples are found. Would you mind sharing a bit more about your fuzzer and how it is designed?