fix: octane found bugs

[kp2pml30]

closes GVM-218

Summary by CodeRabbit

• Tests

  • Added sandbox overspend test cases to validate balance tracking and sandbox execution behavior.

• Bug Fixes / Behavior

  • Sandbox balance accounting tightened to better detect overspend scenarios.

• Chores

  • Updated fuzzing configuration paths and refreshed fuzz input artifacts.

• New Features

  • LLM input validation: prompts now reject more than 2 images and images over 5 MB with clear error responses.

[coderabbitai]

📝 Walkthrough

Walkthrough

Moved message-decrement bookkeeping from per-Context storage into a mutex-protected messages_decremented on SharedData, updated WASI/genlayer SDK to lock and update the shared counter, added sandbox overspend tests, and adjusted fuzzing settings paths. Also several fuzz input artifacts added/removed and a calldata parser refactor included.

Changes

Cohort / File(s)	Summary
Runtime Shared State executor/src/rt/mod.rs, executor/src/exe/run.rs	Added pub messages_decremented: tokio::sync::Mutex<primitive_types::U256> to SharedData and initialized it in run.
WASI / Genlayer SDK executor/src/wasi/genlayer_sdk.rs	Removed messages_decremented from Context; replaced per-context reads/writes with sd.messages_decremented.lock().await across send/call/deploy flows, adjusted balance calculations and storage copy path.
Sandbox Overspend Tests tests/cases/stable/py/balances/sandbox_overspend.*, tests/cases/stable/py/balances/sandbox_overspend_2.*	Added two test bundles (python, jsonnet, stdout, hash) that exercise sandbox overspend scenarios and capture expected outputs.
Calldata Parsing Refactor executor/sdk-rs/src/calldata/bin.rs	Rewrote encode/decode to a non-recursive, stack-driven parser supporting nested arrays/maps and new integer tags (PINT/NINT); significant internal control-flow changes.
LLM Handler Validation modules/implementation/src/llm/handler.rs	Added pre-validation on Prompt images (max 2 images, max 5 MB each) with early non-fatal ModuleError returns.
Fuzzing Settings .claude/settings.fuzzing.json	Updated two path references from ./tests/cases/stable/claude/ to ./tests/cases/claude/.
Fuzz Input Artifacts executor/common/fuzz/inputs-genvm-common-decode/*	Bulk additions and deletions of many binary fuzz-input files (cleanup and some new blobs).

Sequence Diagram(s)

mermaid
sequenceDiagram
participant Caller as Caller/Test
participant WASM as WASM Module
participant SDK as Genlayer SDK (Context)
participant SD as SharedData (messages_decremented mutex)
participant Storage as Storage/State
Caller->>WASM: invoke contract action (send/call/deploy)
WASM->>SDK: gl_call / request balance check
SDK->>SD: lock messages_decremented (await)
SD-->>SDK: locked U256 value
SDK->>Storage: read/update balances (consider locked decremented value)
SDK->>SD: update *messages_decremented and unlock
SDK-->>WASM: return result
WASM-->>Caller: return/emit events

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• Batch update #235 — Refactors runtime bookkeeping and related wasi/sdk access; directly overlaps with moving messages_decremented into SharedData.
• Batch update #253 — Alters SharedData/Context and run initialization similarly; touches same files and synchronization points.
• batch update #227 — Related runtime/genlayer SDK changes affecting bookkeeping and execution flow.

Suggested labels

test:skip:pr

Poem

🐇 I hopped through code, a tiny sleuth,

Moved counters to a shared, safe booth,
Locked the carrot chest with care,
So sandboxes can no longer snare,
Hooray — mutexed carrots everywhere! 🥕✨

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'fix: octane found bugs' is vague and does not clearly convey the specific changes in the changeset, which include image size validation, recursion-less calldata decoding, balance tracking fixes, fuzzing input management, and test additions.	Replace with a more specific title that highlights the primary change. Consider: 'fix: add image size limits and refactor calldata decoding' or focus on the main objective if one change is dominant.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/octane

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

executor/src/wasi/genlayer_sdk.rs (1)

389-417: ⚠️ Potential issue | 🟠 Major

Avoid holding messages_decremented mutex guards across awaited calls.

Lines 390, 580, and 630 acquire the guard then await on balance and host operations before releasing it. This spans the lock across external async work, creating contention and deadlock-prone lock ordering under load.

The safer pattern is to hold the lock only for the check, release before awaiting host operations, and reacquire briefly to roll back if the operation fails:

Safer pattern (reserve under lock, release before host await, rollback on failure)

- let mut messages_decremented = sd.messages_decremented.lock().await;
- if !value.is_zero() {
-     let my_balance = self.context.get_balance_impl(...).await?;
-     if value + *messages_decremented > my_balance {
-         return Err(generated::types::Errno::Inbalance.into());
-     }
- }
- let res = supervisor.host.lock().await.<send_call>(...).map_err(generated::types::Error::trap)?;
- *messages_decremented += value;

+ if !value.is_zero() {
+     let my_balance = self.context.get_balance_impl(...).await?;
+     {
+         let mut messages_decremented = sd.messages_decremented.lock().await;
+         if value + *messages_decremented > my_balance {
+             return Err(generated::types::Errno::Inbalance.into());
+         }
+         *messages_decremented += value; // reserve
+     }
+ }
+
+ let call_result = supervisor.host.lock().await.<send_call>(...);
+ if let Err(e) = call_result {
+     if !value.is_zero() {
+         let mut messages_decremented = sd.messages_decremented.lock().await;
+         *messages_decremented -= value; // rollback reservation
+     }
+     return Err(generated::types::Error::trap(e));
+ }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@executor/src/wasi/genlayer_sdk.rs` around lines 389 - 417, You are holding
the messages_decremented mutex
(self.context.data.supervisor.shared_data.messages_decremented) across awaits
(get_balance_impl and supervisor.host.lock().await.eth_send), which can
deadlock; instead, under the messages_decremented lock read/compute the reserved
amount (e.g., let reserved = *messages_decremented; check value + reserved <=
my_balance or return Inbalance), then drop the lock before calling awaitable
functions (get_balance_impl and eth_send). After the external await succeeds,
reacquire the messages_decremented lock briefly to add value (with checked_add
to avoid overflow); if the external call fails, reacquire the lock and do not
modify messages_decremented (or roll back any tentative reservation if you chose
to reserve earlier). Apply this pattern around calls in this file where
messages_decremented is held across awaits (notably around get_balance_impl and
supervisor.host.eth_send) so the mutex is only held for the quick check/update
and never across await points.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@executor/src/wasi/genlayer_sdk.rs`:
- Around line 389-417: You are holding the messages_decremented mutex
(self.context.data.supervisor.shared_data.messages_decremented) across awaits
(get_balance_impl and supervisor.host.lock().await.eth_send), which can
deadlock; instead, under the messages_decremented lock read/compute the reserved
amount (e.g., let reserved = *messages_decremented; check value + reserved <=
my_balance or return Inbalance), then drop the lock before calling awaitable
functions (get_balance_impl and eth_send). After the external await succeeds,
reacquire the messages_decremented lock briefly to add value (with checked_add
to avoid overflow); if the external call fails, reacquire the lock and do not
modify messages_decremented (or roll back any tentative reservation if you chose
to reserve earlier). Apply this pattern around calls in this file where
messages_decremented is held across awaits (notably around get_balance_impl and
supervisor.host.eth_send) so the mutex is only held for the quick check/update
and never across await points.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 74feb27 and c828362.

📒 Files selected for processing (12)

• .claude/settings.fuzzing.json
• executor/src/exe/run.rs
• executor/src/rt/mod.rs
• executor/src/wasi/genlayer_sdk.rs
• tests/cases/stable/py/balances/sandbox_overspend.0.hash
• tests/cases/stable/py/balances/sandbox_overspend.0.stdout
• tests/cases/stable/py/balances/sandbox_overspend.jsonnet
• tests/cases/stable/py/balances/sandbox_overspend.py
• tests/cases/stable/py/balances/sandbox_overspend_2.0.hash
• tests/cases/stable/py/balances/sandbox_overspend_2.0.stdout
• tests/cases/stable/py/balances/sandbox_overspend_2.jsonnet
• tests/cases/stable/py/balances/sandbox_overspend_2.py

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

executor/src/wasi/genlayer_sdk.rs (1)

389-417: ⚠️ Potential issue | 🟠 Major

Avoid holding messages_decremented lock across awaited host operations.

The mutex guard is held across multiple .await points—balance fetch (lines 395–396, 585–586, 635–636) and host I/O (lines 409–414, 606–609, 657–660)—which serializes concurrent access under slow I/O. Acquire lock, reserve/debit, drop guard, execute host call, and rollback on failure.

Applies to: lines 389–417, 579–613, 629–664

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@executor/src/wasi/genlayer_sdk.rs` around lines 389 - 417, Do not hold the
messages_decremented mutex across awaits: fetch any awaited data (call
get_balance_impl) before taking the lock, then lock
shared_data.messages_decremented only to check and reserve the increment
(compare value + *messages_decremented against my_balance and, if allowed, add
value to *messages_decremented), drop the guard, perform the awaited host call
(supervisor.host.lock().await.eth_send), and if that call fails reacquire the
messages_decremented lock and subtract value to rollback; use the existing
symbols (self.context.get_balance_impl,
self.context.data.supervisor.shared_data.messages_decremented,
supervisor.host.lock().await.eth_send, and file_fd_none()) to locate and
implement this reserve-before-await / rollback-on-failure pattern.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@executor/src/wasi/genlayer_sdk.rs`:
- Around line 900-907: The code constructs an uninitialized buffer with
vec_buf.set_len(mem_size) which is unsafe; instead allocate and initialize the
buffer with a zeroed Vec using vec![0u8; mem_size] and use its as_mut_slice(),
replacing the unsafe block around vec_buf and the occurrences near the
mem.as_slice_mut(...) branch (the first instance using vec_buf.set_len and the
similar use at lines ~927-929); keep the should_copy logic and pass the mutable
slice to storage_read/read_exact as before but remove any unsafe set_len usage.

---

Outside diff comments:
In `@executor/src/wasi/genlayer_sdk.rs`:
- Around line 389-417: Do not hold the messages_decremented mutex across awaits:
fetch any awaited data (call get_balance_impl) before taking the lock, then lock
shared_data.messages_decremented only to check and reserve the increment
(compare value + *messages_decremented against my_balance and, if allowed, add
value to *messages_decremented), drop the guard, perform the awaited host call
(supervisor.host.lock().await.eth_send), and if that call fails reacquire the
messages_decremented lock and subtract value to rollback; use the existing
symbols (self.context.get_balance_impl,
self.context.data.supervisor.shared_data.messages_decremented,
supervisor.host.lock().await.eth_send, and file_fd_none()) to locate and
implement this reserve-before-await / rollback-on-failure pattern.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c828362 and c573035.

📒 Files selected for processing (122)

• executor/common/fuzz/inputs-genvm-common-decode/02cb765ab7e82d3ff609308b18f5444506fdc0ec0b38c1a4e5dd3324387c0b69
• executor/common/fuzz/inputs-genvm-common-decode/0a1be487521f4168461e1c1158a97716c41013f8c3e3e956a63b053b8b7ae79d
• executor/common/fuzz/inputs-genvm-common-decode/0b2b5e969626438205bcb5df342ef4c36377ca877aa7304e32d2c0ba1d9a4b10
• executor/common/fuzz/inputs-genvm-common-decode/0bbc88b12ee11d5f1cd41f15e85fa99c49f3204cfb03f62a0442b9884503c421
• executor/common/fuzz/inputs-genvm-common-decode/0f5ff52d4186e940a86b6c08b84c3a0a94a8aa6a06189733d284356d35877053
• executor/common/fuzz/inputs-genvm-common-decode/11e5ddfc7804904b1383fe80ba48b385212db7bfb1d47183e29e94186ec342ba
• executor/common/fuzz/inputs-genvm-common-decode/13cbf6fa2c5e0aae6a740d93c3afc8a7e60890ca93035915b73e95b7bd6acb76
• executor/common/fuzz/inputs-genvm-common-decode/182a716ba6b9c35c8e56bb56830137b400a8c27988558c82eff1cd52ed46ba8a
• executor/common/fuzz/inputs-genvm-common-decode/18cfc2df590288b66ed127646041a1e3b510d559c0b1b5a2c78f5887afb8b905
• executor/common/fuzz/inputs-genvm-common-decode/1906550a7a9c1934b0f77ada2d73dcb477c126da585c07684887e4c2dd5f02c5
• executor/common/fuzz/inputs-genvm-common-decode/1a3bd79e8cbd8e504b7ab8f1cf1430597536354826dfbc2404b772bcee87688a
• executor/common/fuzz/inputs-genvm-common-decode/1b053cf364e1cceb1daf34059f17f2a39b1fbd79d02f1a279139521f2c258f43
• executor/common/fuzz/inputs-genvm-common-decode/1c50e29c879e6804670a07cf493dfaee7c1486c502cd0567c8c2413f4dff462b
• executor/common/fuzz/inputs-genvm-common-decode/1c9148a05b9d5a211c54a20d2c009849d6b43b2c120a77146985f869b93018be
• executor/common/fuzz/inputs-genvm-common-decode/1d384ce001d1a73c7d0e60e315d48bd0e41d68e910ba21b73579a983b08b3ce0
• executor/common/fuzz/inputs-genvm-common-decode/1e8305fd33bf0edd2a97ab448414f8317030aa12f78427354509fbbe0eabe205
• executor/common/fuzz/inputs-genvm-common-decode/2354203f13d5d416561714c6a3578e79c3def0745622aa5368975e88723b2743
• executor/common/fuzz/inputs-genvm-common-decode/240e5e0c90af6dafca7519a521c6ff1a24e433b44789753ceb81a790b4d87e24
• executor/common/fuzz/inputs-genvm-common-decode/26398e7e8a739e107faf6a12fd21fc25fc57339f69a7020cea8ac7b9df01c929
• executor/common/fuzz/inputs-genvm-common-decode/2ab6e639be82e69e80ca2ecbcfb1cc79522f92b16eeb32f92724f84540e8c38b
• executor/common/fuzz/inputs-genvm-common-decode/30ebae33ee316984f8b24b5325f7e50f619b6011aae007eac2e8cf2ebd551700
• executor/common/fuzz/inputs-genvm-common-decode/313e5de9680f831321c2c09971b43e5a5b9e9025ee4139112121e06c7e3867f9
• executor/common/fuzz/inputs-genvm-common-decode/3768909faa0a333c51243c702a6ad7800d8a6fee62bf942ad27fe03a03b5e77a
• executor/common/fuzz/inputs-genvm-common-decode/3922293cb6ebd3443443d6edac87fdd670ba61ade6357f55778fc77500349b9c
• executor/common/fuzz/inputs-genvm-common-decode/3a329cb1241809c2216e325c8052e0a7658c296c135e39ed4a7d5b86f9a6d496
• executor/common/fuzz/inputs-genvm-common-decode/3a71544e72c4ff27475bcdc53969bb2f32739ff5a3c8ae42b63804927d42da5a
• executor/common/fuzz/inputs-genvm-common-decode/3fdb1ebc8f05174ac434c870915eee27cb5736225e68fbe66d97b47c80f3e54a
• executor/common/fuzz/inputs-genvm-common-decode/427c7beea51eab41d9cc460922eaff6a9b3906859dabc28ac858ddf10b54ce8f
• executor/common/fuzz/inputs-genvm-common-decode/43eec156266a94fa77bbc4707c253c986e595ae6b053550935d4ecf708bd7deb
• executor/common/fuzz/inputs-genvm-common-decode/456d5c0b1cc55cf3ef873d854d25f562a5019e076fc680949365d3811391d8c9
• executor/common/fuzz/inputs-genvm-common-decode/479270cc4839131cb3065a732d9792ed398635624ae7cefa355ad482b9fa2e16
• executor/common/fuzz/inputs-genvm-common-decode/4b35113907b5811805f9f2a8a63af4f74143c30ef4bed7b0e2e2b4d2a1061996
• executor/common/fuzz/inputs-genvm-common-decode/4df0c5e2677e0f1419e6a440525bba0c82c39253594c00422359e20298190098
• executor/common/fuzz/inputs-genvm-common-decode/4e38d3e11246ff81a76effd38f024772fdd59af2a96d07b5711f641d4efbca92
• executor/common/fuzz/inputs-genvm-common-decode/4eaaeb56fd689a7c1d907ccac6379e6d01a3f56b97e546cb78afa2430b2c9a71
• executor/common/fuzz/inputs-genvm-common-decode/5232efaf22fc0398e31ff2c26caac90d8084473e9db85b91a0e5573c1978dbd3
• executor/common/fuzz/inputs-genvm-common-decode/56f92877ad1e51ec43157b8138c9399b5e7b9f8e10b4e6f0849f88540829b90b
• executor/common/fuzz/inputs-genvm-common-decode/5d09634b4a07ec0d9bbfd99c308254396bb2f43e9ffa776343f39113afbf1f86
• executor/common/fuzz/inputs-genvm-common-decode/5db20941f7c2398454e070efb130c251764dcdc27cdfb3e1c3597a1edbd8196f
• executor/common/fuzz/inputs-genvm-common-decode/5e14c31e4aa145245f086c48633525d1327fe308020c6dda9e91aa49c40a5fff
• executor/common/fuzz/inputs-genvm-common-decode/600a5abec1cfb1153526c2296e9261ea99cc9c83eb788c07537dcc00648308b4
• executor/common/fuzz/inputs-genvm-common-decode/6574f6753e66abdb1d5cf5903f9ac0b8879d94b62bbb709fbddc915822784e42
• executor/common/fuzz/inputs-genvm-common-decode/65c0fd72735a34db5297b86333167549b80fca28a77574b57f10a92c2aa98a34
• executor/common/fuzz/inputs-genvm-common-decode/730fa8d562e5bfa49f5015555d18f259167e00cb871cca90768ef956fcb07005
• executor/common/fuzz/inputs-genvm-common-decode/735937433df1dfa074ea657881083761c75d0519cc1911f96ef518f9c1ac9faf
• executor/common/fuzz/inputs-genvm-common-decode/7398c0697a30fd8487d18a5add7bb9a890d3583dc6fb3ceb3a308bfcb779b3e4
• executor/common/fuzz/inputs-genvm-common-decode/73dd03c2ab25ece7dcde7c6f310b712e134d1a9ed0d164a34c6195103fa5f9eb
• executor/common/fuzz/inputs-genvm-common-decode/73e62cd153c0ec699541e834d60a636a9b318722952ef3496874c76c40ed2f92
• executor/common/fuzz/inputs-genvm-common-decode/758878a2697214b692fa97de1480be51e7712d3597f1c56dcb73730c09addcc2
• executor/common/fuzz/inputs-genvm-common-decode/764f35d6c4640237d93c2ecfa1287d83f01e9f0b062328be6a0922b6cceebb44
• executor/common/fuzz/inputs-genvm-common-decode/77db45963669b217d1b5c73b5188ab99f0bfc7558f06ae2a74baeac1d6878a49
• executor/common/fuzz/inputs-genvm-common-decode/791abe91ef022d3b2c8bf3c4c82163b59f0e324349d5491a1483bc31fd1e456d
• executor/common/fuzz/inputs-genvm-common-decode/7e6a54c866049ebbd291eb7d878d0d79d9dd5df643fafc1085ebb4bb510db49e
• executor/common/fuzz/inputs-genvm-common-decode/7f7b0b1b9cae0f157fec288ffd2713d489cee4e66a06558a3a8995e7df9f7529
• executor/common/fuzz/inputs-genvm-common-decode/7ff5f60e69f5239c6d13a20eb3eaa9453e93e4e7fc0b04e1002f4ad30289e427
• executor/common/fuzz/inputs-genvm-common-decode/8193e32b670b81e2a878a3ae9f7195e04a130935e4381123b3da2138d85699dd
• executor/common/fuzz/inputs-genvm-common-decode/81967d4228888ba381ed8418927b586834dd559edb4d9a2ff0730ee792fe65c6
• executor/common/fuzz/inputs-genvm-common-decode/849b05456bc8562a774dc30f5c30585196f49eb90be760581f3c0f6082182eac
• executor/common/fuzz/inputs-genvm-common-decode/84fc236e65f0d465d038633e34ec81f17af9dca54d190bb50da70ebe9a7d9aec
• executor/common/fuzz/inputs-genvm-common-decode/85d970aa4f12087243086c4b9d40683712188222362bfdad35a2433a400fa016
• executor/common/fuzz/inputs-genvm-common-decode/85e5310970f9f24d56ed6891841aabfcbde579c42d4ed85034b9c03ca09f49ef
• executor/common/fuzz/inputs-genvm-common-decode/89ea206bd62655aef31da06cf469fc8b2e3edb4fe310752a929fc3d055a3037e
• executor/common/fuzz/inputs-genvm-common-decode/8eaecc47bd4488366cebfff63affdcad8cb42c022be6af152ab9250d91b3f876
• executor/common/fuzz/inputs-genvm-common-decode/90273b76d31cacfa5895c7a0b9acc953857286c6a1373d3f7e1762a593ea5198
• executor/common/fuzz/inputs-genvm-common-decode/91cd41fc0113ae6df1e2c96f948514f8839a90e57eaa63441a2b74bf5248dec6
• executor/common/fuzz/inputs-genvm-common-decode/92035640d50a9b6f154e9e59b9f5599fa9cbc4c4b7ca1d4c7ab3462553372012
• executor/common/fuzz/inputs-genvm-common-decode/9248302396accea30f134fa41fa051c179d4a7f8dd04136ab8f6def9971548c5
• executor/common/fuzz/inputs-genvm-common-decode/989b08f7e0399c3f1343629c4dd8ef8df3d88398d6c2b349e30271ce851d0433
• executor/common/fuzz/inputs-genvm-common-decode/9a1a67f75209c00817fe0ca41226ee823a3bd7b8b6b97bd429e1cb5cf62b8307
• executor/common/fuzz/inputs-genvm-common-decode/9bb18a389acbbb451b0072870f4ac3073f8fef776b73ae55a124e961e88b5603
• executor/common/fuzz/inputs-genvm-common-decode/9d12c5097ceaebe20430bda300cd9b7e3a6f6f6d6b0a0c6f757a8f0969b40b23
• executor/common/fuzz/inputs-genvm-common-decode/a12c2fd310c0caf734c2d261c1eeada41cf52453f95b578f64b1996670d7eede
• executor/common/fuzz/inputs-genvm-common-decode/a3e8a284353db493ca018c58b11440122dfb5ab1d2a9422661c3e1755162e89d
• executor/common/fuzz/inputs-genvm-common-decode/aa9a1fce40a6817330095307bdff4d81e18ab2ef579160ee806b492505cbe0bb
• executor/common/fuzz/inputs-genvm-common-decode/ab682949697cef06554e41f9dc17c6b305c9479c5d360f3ec8a5b145f5499526
• executor/common/fuzz/inputs-genvm-common-decode/adc36527a9081d9e0fc620f8acaceb946bfa6d1d88138db18533ae77f9e8e9cb
• executor/common/fuzz/inputs-genvm-common-decode/adf0eb315c9fd4197701dd3246e5f95fb54b0585fd7b078a1b40ced64c0f7c20
• executor/common/fuzz/inputs-genvm-common-decode/af20e97c598cdb789fc942599ec51ae6932fc25b5cd5a8df4e798d1de0377517
• executor/common/fuzz/inputs-genvm-common-decode/aff5febba422c79d2c24428e11dd84f44cd67a50a3d7c7752d2bbf2731f4fbb6
• executor/common/fuzz/inputs-genvm-common-decode/b25e472b795d0f9ef9bc380a9358e5abcdceb829330073c1e669553c55365d30
• executor/common/fuzz/inputs-genvm-common-decode/b46c94cf131f525b2f59857aae29509ff61e8c302451988ba5b93bdbe5a1a548
• executor/common/fuzz/inputs-genvm-common-decode/ba57e06740df38c2d10af57e5c499900bc12ce22432fed4ed688bf4477dd63b6
• executor/common/fuzz/inputs-genvm-common-decode/bb397adf9c0c1edbff742584a54111d19dd790ff570e9e586ed0db3ec701a233
• executor/common/fuzz/inputs-genvm-common-decode/bd4073257acdbbb6d3109270a4a48be677e28ff4f9b3afb7a0f45fa8a99f9ef3
• executor/common/fuzz/inputs-genvm-common-decode/c1ed687bffdd404334f591a2bbc1707cacc73b9f465cd702bfc4d8188571c7af
• executor/common/fuzz/inputs-genvm-common-decode/c3712ea3534912b4ffa667720feba61c1f2d1a1aefde4e742a8b4dd989506229
• executor/common/fuzz/inputs-genvm-common-decode/c372f768b3345dff817ee2b5e287f26b3b77b323f1246f94630fecb8c508148e
• executor/common/fuzz/inputs-genvm-common-decode/c51d7594b850467cd002a5d948b64b680ef9792c98a7ef30f090c26457d20f1e
• executor/common/fuzz/inputs-genvm-common-decode/c8a5332bce6f3208f09cc113b8ab08a73b6d39284c9fe35bee8010732f602963
• executor/common/fuzz/inputs-genvm-common-decode/ccffcbeae7ff1eef9c74a837ddc657eb45262b3c8ee742140aeaea502c8af6d2
• executor/common/fuzz/inputs-genvm-common-decode/d14a86a90455b221f89bd97cbb938ac33712e847cd6f5c853c9ad1d6cb58b880
• executor/common/fuzz/inputs-genvm-common-decode/d82e0816a689e431590e33363ddcde83a3202513e24fdd0e103b3813d96ae1cc
• executor/common/fuzz/inputs-genvm-common-decode/d975ec208c72ca73e4ef485bf044b144fe4a95a2d86751f72ded5be6e1575fdb
• executor/common/fuzz/inputs-genvm-common-decode/da9c81c7f301f7c02182329222d9bd5d2bf9159359899a78f65d5fbe605636e6
• executor/common/fuzz/inputs-genvm-common-decode/dc3522a0a94fd8e223d6b3ee052c392cd8363195bfaefd989cf639d8e6a9cce7
• executor/common/fuzz/inputs-genvm-common-decode/e0840a46957a9aca8ba6b63e8d5b2ed9950d199107194792099af4ef1b01567a
• executor/common/fuzz/inputs-genvm-common-decode/e2623dcbf7920ccd8e59628bf8134b68bbc3e194c88d4127bedbb472ef1da1f2
• executor/common/fuzz/inputs-genvm-common-decode/e4f0fcf08e6d7157e62de2202447fc4953d80dd37601972badb220fbc135372f
• executor/common/fuzz/inputs-genvm-common-decode/e5c0733d79e91fb165d1680d69928d2066b10bd63b05ea9f9138e72b8f39c68a
• executor/common/fuzz/inputs-genvm-common-decode/e7454a3a6d85b9181b7f87db81eac340a4fbb97e24fe7b0e81d2b5b195eb79a3
• executor/common/fuzz/inputs-genvm-common-decode/e7c5f3aa23969a275411350f99e96a7bc9e7c71e3dc3fe8ec746c6e305f0ea3e
• executor/common/fuzz/inputs-genvm-common-decode/ea08752b2150a5e88b09fff65403a79e529f160fe0c3c5541682c4508b096e3c
• executor/common/fuzz/inputs-genvm-common-decode/ea58104308bc10ebc1cc878d88e840057bcc494d0c09f967085789079b52453a
• executor/common/fuzz/inputs-genvm-common-decode/ea600159b251edeaf393dacacf073fade31755f7ab0ad2e91b9570810a241a67
• executor/common/fuzz/inputs-genvm-common-decode/ebef251107e8d5ef9ea1f77e7eed6e1e93ddc4a148bb90ed93d1961e16a29ab4
• executor/common/fuzz/inputs-genvm-common-decode/ec0b9d7becabd86017387c4b055556219b98198394aba642842bdf1433557151
• executor/common/fuzz/inputs-genvm-common-decode/ec872a00e0e3bbd6b4a56256177c68ce6ecb93cb703ea3bc30d9f0085d26ea80
• executor/common/fuzz/inputs-genvm-common-decode/f10564b18916dcc0ddf3b6b5fb1136030861fa03a497c5f33656f123c96e2358
• executor/common/fuzz/inputs-genvm-common-decode/f8184983a8471e26205f4ba6f57dc9261cd5b7e2bcf932c64ccb6b6be2f4076a
• executor/common/fuzz/inputs-genvm-common-decode/f9e3dd488b02eab90020f5d4f08448d68191d1d152446daa6ea303ed2528caae
• executor/common/fuzz/inputs-genvm-common-decode/fd31c80f5f3816630c9cb021a6df30bedc5268ea56ffd0e1dfcbc1d4049ead2e
• executor/common/fuzz/inputs-genvm-common-decode/feef903bed7ac9ff7d77453641d4bd731c83be8ec17eb93b74b73b51ea0dd5a8
• executor/common/fuzz/inputs-genvm-common-encode/02e1acfe5e8dc5ccc6516d687a1132958bc8a44fd1f5b29a161d3e12e1ba8e5e
• executor/common/fuzz/inputs-genvm-common-encode/0e1d1ac8ada3aba4d95f49213568c2898b6c4895fd0fea116ffd9083b7481a71
• executor/common/fuzz/inputs-genvm-common-encode/131a8b51c19e16a57357aff389aed0ec095efd8300cee717f2c45dd3f2ff5697
• executor/common/fuzz/inputs-genvm-common-encode/3eb0a6797691747cc64cc1f8724d70db1894aa7c23760198b43632f2e45c8da5
• executor/common/fuzz/inputs-genvm-common-encode/442723b8ac31546d1840a4b977a167db930e84f467201ce3ced847fb563410c4
• executor/common/fuzz/inputs-genvm-common-encode/83e2440d8b7b79147a9fe9e20c3be6d08d7bb71dd0fd51eb4e293078267ccd7f
• executor/common/fuzz/inputs-genvm-common-encode/d4761fe04a9a4584c758883459761c22b109fff3015b0de29c9a13593a0019cb
• executor/sdk-rs/src/calldata/bin.rs
• executor/src/wasi/genlayer_sdk.rs
• modules/implementation/src/llm/handler.rs

💤 Files with no reviewable changes (47)

• executor/common/fuzz/inputs-genvm-common-decode/456d5c0b1cc55cf3ef873d854d25f562a5019e076fc680949365d3811391d8c9
• executor/common/fuzz/inputs-genvm-common-decode/7398c0697a30fd8487d18a5add7bb9a890d3583dc6fb3ceb3a308bfcb779b3e4
• executor/common/fuzz/inputs-genvm-common-decode/aa9a1fce40a6817330095307bdff4d81e18ab2ef579160ee806b492505cbe0bb
• executor/common/fuzz/inputs-genvm-common-decode/600a5abec1cfb1153526c2296e9261ea99cc9c83eb788c07537dcc00648308b4
• executor/common/fuzz/inputs-genvm-common-decode/ec872a00e0e3bbd6b4a56256177c68ce6ecb93cb703ea3bc30d9f0085d26ea80
• executor/common/fuzz/inputs-genvm-common-decode/ebef251107e8d5ef9ea1f77e7eed6e1e93ddc4a148bb90ed93d1961e16a29ab4
• executor/common/fuzz/inputs-genvm-common-decode/3a71544e72c4ff27475bcdc53969bb2f32739ff5a3c8ae42b63804927d42da5a
• executor/common/fuzz/inputs-genvm-common-decode/1906550a7a9c1934b0f77ada2d73dcb477c126da585c07684887e4c2dd5f02c5
• executor/common/fuzz/inputs-genvm-common-decode/77db45963669b217d1b5c73b5188ab99f0bfc7558f06ae2a74baeac1d6878a49
• executor/common/fuzz/inputs-genvm-common-decode/791abe91ef022d3b2c8bf3c4c82163b59f0e324349d5491a1483bc31fd1e456d
• executor/common/fuzz/inputs-genvm-common-decode/3fdb1ebc8f05174ac434c870915eee27cb5736225e68fbe66d97b47c80f3e54a
• executor/common/fuzz/inputs-genvm-common-decode/9d12c5097ceaebe20430bda300cd9b7e3a6f6f6d6b0a0c6f757a8f0969b40b23
• executor/common/fuzz/inputs-genvm-common-decode/427c7beea51eab41d9cc460922eaff6a9b3906859dabc28ac858ddf10b54ce8f
• executor/common/fuzz/inputs-genvm-common-decode/bd4073257acdbbb6d3109270a4a48be677e28ff4f9b3afb7a0f45fa8a99f9ef3
• executor/common/fuzz/inputs-genvm-common-decode/4e38d3e11246ff81a76effd38f024772fdd59af2a96d07b5711f641d4efbca92
• executor/common/fuzz/inputs-genvm-common-decode/e2623dcbf7920ccd8e59628bf8134b68bbc3e194c88d4127bedbb472ef1da1f2
• executor/common/fuzz/inputs-genvm-common-decode/adc36527a9081d9e0fc620f8acaceb946bfa6d1d88138db18533ae77f9e8e9cb
• executor/common/fuzz/inputs-genvm-common-decode/e4f0fcf08e6d7157e62de2202447fc4953d80dd37601972badb220fbc135372f
• executor/common/fuzz/inputs-genvm-common-decode/90273b76d31cacfa5895c7a0b9acc953857286c6a1373d3f7e1762a593ea5198
• executor/common/fuzz/inputs-genvm-common-decode/4b35113907b5811805f9f2a8a63af4f74143c30ef4bed7b0e2e2b4d2a1061996
• executor/common/fuzz/inputs-genvm-common-decode/c1ed687bffdd404334f591a2bbc1707cacc73b9f465cd702bfc4d8188571c7af
• executor/common/fuzz/inputs-genvm-common-decode/2354203f13d5d416561714c6a3578e79c3def0745622aa5368975e88723b2743
• executor/common/fuzz/inputs-genvm-common-decode/1c50e29c879e6804670a07cf493dfaee7c1486c502cd0567c8c2413f4dff462b
• executor/common/fuzz/inputs-genvm-common-decode/5db20941f7c2398454e070efb130c251764dcdc27cdfb3e1c3597a1edbd8196f
• executor/common/fuzz/inputs-genvm-common-decode/d975ec208c72ca73e4ef485bf044b144fe4a95a2d86751f72ded5be6e1575fdb
• executor/common/fuzz/inputs-genvm-common-decode/d82e0816a689e431590e33363ddcde83a3202513e24fdd0e103b3813d96ae1cc
• executor/common/fuzz/inputs-genvm-common-decode/ea08752b2150a5e88b09fff65403a79e529f160fe0c3c5541682c4508b096e3c
• executor/common/fuzz/inputs-genvm-common-decode/73dd03c2ab25ece7dcde7c6f310b712e134d1a9ed0d164a34c6195103fa5f9eb
• executor/common/fuzz/inputs-genvm-common-decode/735937433df1dfa074ea657881083761c75d0519cc1911f96ef518f9c1ac9faf
• executor/common/fuzz/inputs-genvm-common-decode/1b053cf364e1cceb1daf34059f17f2a39b1fbd79d02f1a279139521f2c258f43
• executor/common/fuzz/inputs-genvm-common-decode/f10564b18916dcc0ddf3b6b5fb1136030861fa03a497c5f33656f123c96e2358
• executor/common/fuzz/inputs-genvm-common-decode/18cfc2df590288b66ed127646041a1e3b510d559c0b1b5a2c78f5887afb8b905
• executor/common/fuzz/inputs-genvm-common-decode/ba57e06740df38c2d10af57e5c499900bc12ce22432fed4ed688bf4477dd63b6
• executor/common/fuzz/inputs-genvm-common-decode/3a329cb1241809c2216e325c8052e0a7658c296c135e39ed4a7d5b86f9a6d496
• executor/common/fuzz/inputs-genvm-common-decode/85d970aa4f12087243086c4b9d40683712188222362bfdad35a2433a400fa016
• executor/common/fuzz/inputs-genvm-common-decode/4eaaeb56fd689a7c1d907ccac6379e6d01a3f56b97e546cb78afa2430b2c9a71
• executor/common/fuzz/inputs-genvm-common-decode/479270cc4839131cb3065a732d9792ed398635624ae7cefa355ad482b9fa2e16
• executor/common/fuzz/inputs-genvm-common-decode/182a716ba6b9c35c8e56bb56830137b400a8c27988558c82eff1cd52ed46ba8a
• executor/common/fuzz/inputs-genvm-common-decode/f8184983a8471e26205f4ba6f57dc9261cd5b7e2bcf932c64ccb6b6be2f4076a
• executor/common/fuzz/inputs-genvm-common-decode/adf0eb315c9fd4197701dd3246e5f95fb54b0585fd7b078a1b40ced64c0f7c20
• executor/common/fuzz/inputs-genvm-common-decode/c372f768b3345dff817ee2b5e287f26b3b77b323f1246f94630fecb8c508148e
• executor/common/fuzz/inputs-genvm-common-decode/e0840a46957a9aca8ba6b63e8d5b2ed9950d199107194792099af4ef1b01567a
• executor/common/fuzz/inputs-genvm-common-decode/f9e3dd488b02eab90020f5d4f08448d68191d1d152446daa6ea303ed2528caae
• executor/common/fuzz/inputs-genvm-common-decode/ccffcbeae7ff1eef9c74a837ddc657eb45262b3c8ee742140aeaea502c8af6d2
• executor/common/fuzz/inputs-genvm-common-decode/73e62cd153c0ec699541e834d60a636a9b318722952ef3496874c76c40ed2f92
• executor/common/fuzz/inputs-genvm-common-decode/6574f6753e66abdb1d5cf5903f9ac0b8879d94b62bbb709fbddc915822784e42
• executor/common/fuzz/inputs-genvm-common-decode/c51d7594b850467cd002a5d948b64b680ef9792c98a7ef30f090c26457d20f1e

✅ Files skipped from review due to trivial changes (2)

• executor/common/fuzz/inputs-genvm-common-decode/9bb18a389acbbb451b0072870f4ac3073f8fef776b73ae55a124e961e88b5603
• executor/common/fuzz/inputs-genvm-common-decode/5232efaf22fc0398e31ff2c26caac90d8084473e9db85b91a0e5573c1978dbd3

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# First, examine the exact code at lines 900-907
sed -n '895,910p' executor/src/wasi/genlayer_sdk.rs | cat -n

Repository: genlayerlabs/genvm

Length of output: 758

---

🏁 Script executed:

# Check lines 927-929 as mentioned
sed -n '920,935p' executor/src/wasi/genlayer_sdk.rs | cat -n

Repository: genlayerlabs/genvm

Length of output: 557

---

🏁 Script executed:

# Look for the storage_read function definition
rg -n 'fn storage_read' executor/src/wasi/genlayer_sdk.rs -A 30

Repository: genlayerlabs/genvm

Length of output: 2276

---

🏁 Script executed:

# Search for read implementations that might use this buffer pattern
rg -n 'fn read\s*\(' executor/src/wasi/genlayer_sdk.rs -B 2 -A 10

Repository: genlayerlabs/genvm

Length of output: 44

---

🏁 Script executed:

# Get exact lines 927-929
sed -n '925,932p' executor/src/wasi/genlayer_sdk.rs | cat -n

Repository: genlayerlabs/genvm

Length of output: 234

---

🏁 Script executed:

# Find the host module and Host::storage_read implementation
find executor/src -name "*.rs" -type f | head -20

Repository: genlayerlabs/genvm

Length of output: 619

---

🏁 Script executed:

# Search for Host struct and storage_read method
rg -n 'impl.*Host' executor/src --type=rust -A 5 | head -50

Repository: genlayerlabs/genvm

Length of output: 2627

---

🏁 Script executed:

# Look for storage_read in host module
rg -n 'fn storage_read' executor/src --type=rust -B 2 -A 15 | head -80

Repository: genlayerlabs/genvm

Length of output: 4984

---

🏁 Script executed:

# Get the complete storage_read implementation
sed -n '221,250p' executor/src/host/mod.rs | cat -n

Repository: genlayerlabs/genvm

Length of output: 1223

---

🏁 Script executed:

# Check if there's more to the method
wc -l executor/src/host/mod.rs

Repository: genlayerlabs/genvm

Length of output: 90

---

🏁 Script executed:

# Get a larger window around storage_read
sed -n '221,260p' executor/src/host/mod.rs | cat -n

Repository: genlayerlabs/genvm

Length of output: 1606

---

Replace unsafe uninitialized buffer with vec![0u8; mem_size].

The code creates uninitialized memory using set_len without initialization. Although host::Host::storage_read uses sock.read_exact(buf) (which guarantees full-buffer fill before returning Ok(())), the unsafe pattern remains unsound and should be replaced with idiomatic, safe initialization.

🛠️ Safer fix

-        let mut vec_buf = Vec::new();
         let (should_copy, vec) = if let Some(buf) = mem.as_slice_mut(buf)? {
             (false, buf)
         } else {
-            vec_buf.reserve(mem_size);
-            unsafe { vec_buf.set_len(mem_size) };
+            vec_buf = vec![0u8; mem_size];
             (true, vec_buf.as_mut_slice())
         };

Also applies to: 927-929

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@executor/src/wasi/genlayer_sdk.rs` around lines 900 - 907, The code
constructs an uninitialized buffer with vec_buf.set_len(mem_size) which is
unsafe; instead allocate and initialize the buffer with a zeroed Vec using
vec![0u8; mem_size] and use its as_mut_slice(), replacing the unsafe block
around vec_buf and the occurrences near the mem.as_slice_mut(...) branch (the
first instance using vec_buf.set_len and the similar use at lines ~927-929);
keep the should_copy logic and pass the mutable slice to storage_read/read_exact
as before but remove any unsafe set_len usage.