Found multiple crashes using fuzzing

bertiqwerty / exmex

Math parser and evaluator in Rust, capable of partial differentiation, allows the use of custom operators.

Apache License 2.0

39 stars 6 forks source link

Found multiple crashes using fuzzing #8

Closed Nereuxofficial closed 3 years ago

Nereuxofficial commented 3 years ago

I fuzzed this crate using honggfuzz and found 3 crashes.

You can fuzz the code yourself and further investigate the crashes with this repo.

In the main function there are also three test functions which can be used to easily reproduce the crashes. If you go into the hfuzz_workspace/Fuzzing Folder you can also see the inputs that crash.

This could help improve the check_preconditions function and i hope this is useful.

bertiqwerty commented 3 years ago

Thanks for report. Interesting. I haven't thought about using fuzzying yet.

The strings reported are

(nc7)sqrtE
fi.g
xo-17-(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((expWW-tr-3746-4+sinnex-nn--nnexpWW-tr-7492-4+4-nsqrnexq+---------282)-384

Nereuxofficial commented 3 years ago

Through further fuzzing i found some more crashes. Would it be okay if i forked the project and made a PR to have fuzzing built into the Project?

bertiqwerty commented 3 years ago

Do you mean a fuzzing test and an additional dev-dependency for the fuzzing lib?

Nereuxofficial commented 3 years ago

Yup. It would be in a fuzz/ folder similar to this crate. Note that it's not a dev-dependency and only compiled when someone actually wants to fuzz the crate

bertiqwerty commented 3 years ago

Yes, sure. Thanks.