Description
Running this fuzzer generated test case with assertions enabled and test.c:testTx1 as the transaction context:
test: primitive/elements/../../frame.h:93: skipBits: Assertion `n <= frame->offset' failed.
Program received signal SIGABRT, Aborted.
0x00007ffff7e17e35 in raise () from /lib64/libc.so.6
(gdb) bt
#0 0x00007ffff7e17e35 in raise () from /lib64/libc.so.6
#1 0x00007ffff7e02895 in abort () from /lib64/libc.so.6
#2 0x00007ffff7e02769 in __assert_fail_base.cold () from /lib64/libc.so.6
#3 0x00007ffff7e10566 in __assert_fail () from /lib64/libc.so.6
#4 0x0000000000422435 in skipBits (frame=, n=253) at primitive/elements/../../frame.h:93
#5 0x000000000042718d in skipBits (frame=, n=) at primitive/elements/jets.c:339
#6 outputNullDatum (dst=0x43cbd0, src=..., env=) at primitive/elements/jets.c:334
#7 0x00000000004141c9 in runTCO (env=0x7fffffffd560, len=, type_dag=0x43d070, dag=0x43c570, stack=, state=...) at eval.c:368
#8 evalTCOExpression (evalSuccess=evalSuccess@entry=0x7fffffffd644, output=output@entry=0x0, outputSize=outputSize@entry=0, input=input@entry=0x0,
inputSize=inputSize@entry=0, dag=0x43c570, type_dag=0x43d070, len=, env=0x7fffffffd560) at eval.c:686
#9 0x000000000040ce2b in evalTCOProgram (env=0x7fffffffd560, len=7, type_dag=, dag=, evalSuccess=0x7fffffffd644)
at primitive/../eval.h:47
#10 elements_simplicity_execSimplicity (success=success@entry=0x7fffffffd644, tx=, ix=ix@entry=0, cmr=cmr@entry=0x0, wmr=wmr@entry=0x0,
file=) at primitive/elements.c:491
The program is:
unsigned char t3out_139_crashes_id_000000_sig_06_src_002450_op_havoc_rep_2[] = {
0xce, 0x02, 0x00, 0x44, 0xd0, 0x42, 0x41, 0x09
};
unsigned int t3out_139_crashes_id_000000_sig_06_src_002450_op_havoc_rep_2_len = 8;