Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

serde_hjson::from_slice panics on ParseIntError #22

Open
alexanderkjall opened this issue Sep 24, 2020 · 0 comments
Open

serde_hjson::from_slice panics on ParseIntError #22

alexanderkjall opened this issue Sep 24, 2020 · 0 comments

Comments

@alexanderkjall
Copy link

more fuzzing gave me this error:

thread '' panicked at 'called Result::unwrap() on an Err value: ParseIntError { kind: Overflow }', /home/capitol/project/hjson-rust/hjson/src/util.rs:208:67

full stacktrace:

    #0 0x561f6f275731 in __sanitizer_print_stack_trace /rustc/llvm/src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:86:3
    #1 0x561f6f936660 in fuzzer::PrintStackTrace() (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x996660)
    #2 0x561f6f95299a in fuzzer::Fuzzer::CrashCallback() (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x9b299a)
    #3 0x7f153a3933bf  (/lib/x86_64-linux-gnu/libpthread.so.0+0x153bf)
    #4 0x7f153a1b718a in __libc_signal_restore_set /build/glibc-YYA7BZ/glibc-2.31/signal/../sysdeps/unix/sysv/linux/internal-signals.h:86:3
    #5 0x7f153a1b718a in raise /build/glibc-YYA7BZ/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:48:3
    #6 0x7f153a196858 in abort /build/glibc-YYA7BZ/glibc-2.31/stdlib/abort.c:79:7
    #7 0x561f6f9aeb36 in std::sys::unix::abort_internal::h5c8b2a90c624abaf /rustc/d006f5734f49625c34d6fc33bf6b9967243abca8/library/std/src/sys/unix/mod.rs:167:14
    #8 0x561f6f997bc5 in std::process::abort::hb13208ae9f5b7133 /rustc/d006f5734f49625c34d6fc33bf6b9967243abca8/library/std/src/process.rs:1623:5
    #9 0x561f6f9201b6 in libfuzzer_sys::initialize::_$u7b$$u7b$closure$u7d$$u7d$::h2ef829035805c4e9 (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x9801b6)
    #10 0x561f6f99eed7 in std::panicking::rust_panic_with_hook::h2f4c96dfd8ba524a /rustc/d006f5734f49625c34d6fc33bf6b9967243abca8/library/std/src/panicking.rs:581:17
    #11 0x561f6f99ea88 in std::panicking::begin_panic_handler::_$u7b$$u7b$closure$u7d$$u7d$::h7740abbe2875cb4d /rustc/d006f5734f49625c34d6fc33bf6b9967243abca8/library/std/src/panicking.rs:484:9
    #12 0x561f6f999ebb in std::sys_common::backtrace::__rust_end_short_backtrace::hcad001df0a36db28 /rustc/d006f5734f49625c34d6fc33bf6b9967243abca8/library/std/src/sys_common/backtrace.rs:153:18
    #13 0x561f6f99ea48 in rust_begin_unwind /rustc/d006f5734f49625c34d6fc33bf6b9967243abca8/library/std/src/panicking.rs:483:5
    #14 0x561f6fa04460 in core::panicking::panic_fmt::hb15d6f55e8472f62 /rustc/d006f5734f49625c34d6fc33bf6b9967243abca8/library/core/src/panicking.rs:85:14
    #15 0x561f6fa040d2 in core::result::unwrap_failed::h110828a80aba3eec /rustc/d006f5734f49625c34d6fc33bf6b9967243abca8/library/core/src/option.rs:1221:5
    #16 0x561f6f2d923d in serde_hjson::util::ParseNumber$LT$Iter$GT$::parse::hba5da05d298b23ff (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x33923d)
    #17 0x561f6f2a58ad in serde_hjson::de::Deserializer$LT$Iter$GT$::parse_tfnns::h7d7fb93a4d3df50b (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x3058ad)
    #18 0x561f6f2abb92 in serde_hjson::de::Deserializer$LT$Iter$GT$::parse_value::h09e41fbc88e5efe4 (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x30bb92)
    #19 0x561f6f301ff1 in serde::de::MapVisitor::visit::hf1a5b50f97f17367 (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x361ff1)
    #20 0x561f6f310966 in _$LT$linked_hash_map..serde..LinkedHashMapVisitor$LT$K$C$V$GT$$u20$as$u20$serde..de..Visitor$GT$::visit_map::h730c4bb087010ef0 (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x370966)
    #21 0x561f6f2aece8 in serde_hjson::de::Deserializer$LT$Iter$GT$::parse_value::h9b2c32860cf298a3 (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x30ece8)
    #22 0x561f6f2cd8ba in serde_hjson::de::from_iter::hc227fa3539b40986 (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x32d8ba)
    #23 0x561f6f317118 in rust_fuzzer_test_input (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x377118)
    #24 0x561f6f9201e0 in __rust_try (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x9801e0)
    #25 0x561f6f91fe3f in LLVMFuzzerTestOneInput (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x97fe3f)
    #26 0x561f6f952edc in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x9b2edc)
    #27 0x561f6f95aec0 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x9baec0)
    #28 0x561f6f95b87c in fuzzer::Fuzzer::MutateAndTestOne() (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x9bb87c)
    #29 0x561f6f95dc7f in fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x9bdc7f)
    #30 0x561f6f92e239 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x98e239)
    #31 0x561f6f1f22e6 in main (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x2522e6)
    #32 0x7f153a1980b2 in __libc_start_main /build/glibc-YYA7BZ/glibc-2.31/csu/../csu/libc-start.c:308:16
    #33 0x561f6f1f248d in _start (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x25248d)

Can be reproduced with the following unit test:

#[cfg(test)]
mod test {
    use crate::{Map,Value};
    use crate::error::Result;

    #[test]
    pub fn parse_int_error() {
        let data: Vec<u8> = vec![47, 97, 47, 65, 58, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 0, 0, 0, 54, 35, 54, 54, 54, 54, 54, 54, 54, 44, 35, 58, 45, 85, 85, 85, 35, 116, 45, 35, 35, 58, 47];

        let mut sample: Result<Map<String, Value>> = crate::from_slice(&data);
    }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@alexanderkjall