search

LeopoldArkham / Molten

[WIP] Molten - Style-preserving TOML parser.
Apache License 2.0
40 stars 8 forks source link

Fuzzer panic: byte index is out of bounds #42

Closed killercup closed 6 years ago

killercup commented 6 years ago

The fuzzer from #40 finds a panic triggered by a byte index that is out of bounds. This may be related to #41.

Adding this to the parser tests:

#[test]
fn issue42() {
    let text = ::std::str::from_utf8(b"\'\nv\'f%\nb").unwrap();
    let _ = Parser::new(text).parse();
}

fails with

---- parser::tests::issue42 stdout ----
    thread 'parser::tests::issue42' panicked at 'byte index 9 is out of bounds of `'
v'f%
b`', src/libcore/str/mod.rs:2218:8
stack backtrace:
   0:        0x1048c54fb - std::sys::unix::backtrace::tracing::imp::unwind_backtrace::h42b4ce0b98574016
   1:        0x1048be1de - std::sys_common::backtrace::print::h293f72b3c32dfa5b
   2:        0x1048c5fd0 - _ZN3std9panicking12default_hook28_$u7b$$u7b$closure$u7d$$u7d$17haa05421012ac6c20E.llvm.5B51A422
   3:        0x1048c5cd4 - _ZN3std9panicking12default_hook17h2d0d0ff0f27771f9E.llvm.5B51A422
   4:        0x1048c6436 - std::panicking::rust_panic_with_hook::h2a8b5b7a95208f5a
   5:        0x1048c628e - _ZN3std9panicking11begin_panic17h1179f738121e3414E.llvm.5B51A422
   6:        0x1048c61e3 - std::panicking::begin_panic_fmt::h4986ee369ba2ddac
   7:        0x1048c6152 - rust_begin_unwind
   8:        0x104908183 - core::panicking::panic_fmt::hd9b79e885de0143c
   9:        0x10490ce04 - core::str::slice_error_fail::h606b34e3191fab74
  10:        0x10482138e - core::str::traits::<impl core::slice::SliceIndex<str> for core::ops::range::Range<usize>>::index::{{closure}}::h9b2035a79c64f1dc
  11:        0x1048376e0 - <core::option::Option<T>>::unwrap_or_else::h9be067b5aa4c4510
  12:        0x104831cab - core::str::traits::<impl core::slice::SliceIndex<str> for core::ops::range::Range<usize>>::index::h195fcc6753118e5e
  13:        0x10482133c - core::str::traits::<impl core::ops::index::Index<core::ops::range::Range<usize>> for str>::index::h779aae528849c22f
  14:        0x10483f026 - Molten::parser::Parser::parse_val::hc4a6ac51f5c68f43
  15:        0x10483e7ee - Molten::parser::Parser::parse_key_value::hb46cee7de7a0d92c
  16:        0x10483deab - Molten::parser::Parser::parse_item::h9ead6e84efb9d9e8
  17:        0x10483c629 - Molten::parser::Parser::parse::h70b405a15af60225
  18:        0x1048339c8 - Molten::parser::tests::issue42::hea1b53b87d26c939
  19:        0x104879871 - _ZN42_$LT$F$u20$as$u20$test..FnBox$LT$T$GT$$GT$8call_box17h07fcc9c8a31cf663E.llvm.B477B8A1
  20:        0x1048d971e - __rust_maybe_catch_panic
  21:        0x10486a110 - std::sys_common::backtrace::__rust_begin_short_backtrace::h727bf0093a90e1fc
  22:        0x10486f907 - _ZN3std9panicking3try7do_call17hc2fcbcc92b537a0fE.llvm.1CF3EA36
  23:        0x1048d971e - __rust_maybe_catch_panic
  24:        0x104885ec1 - _ZN50_$LT$F$u20$as$u20$alloc..boxed..FnBox$LT$A$GT$$GT$8call_box17h765b683cac353d8aE.llvm.4B1D5347
  25:        0x1048c0c07 - std::sys_common::thread::start_thread::h4ad86c0b3fefeff0
  26:        0x1048cb908 - _ZN3std3sys4unix6thread6Thread3new12thread_start17h333ed09407a7bdcdE.llvm.9AF12AEA
  27:     0x7fffa0c4493a - _pthread_body
  28:     0x7fffa0c44886 - _pthread_start