Closed gy741 closed 6 years ago
Haha! Just as a I thought (re comment on #33)! I suspect there could be quite a few more.
@dhowden
Hello,
I checked the patch.
However, I found a new bug.
Thanks.
reproduce code:
package tag
import (
"strings"
"testing"
)
func TestFuzzCrashers(t *testing.T) {
var crashers = []string{
"\x00\x00\x00\x10keyw00000000",
}
for _, f := range crashers {
ReadAtoms(strings.NewReader(f))
}
}
Crash Log:
--- FAIL: TestFuzzCrashers (0.00s)
panic: runtime error: slice bounds out of range [recovered]
panic: runtime error: slice bounds out of range
goroutine 5 [running]:
testing.tRunner.func1(0xc42004e8f0)
/usr/lib/go-1.8/src/testing/testing.go:622 +0x29d
panic(0x5379a0, 0x605120)
/usr/lib/go-1.8/src/runtime/panic.go:489 +0x2cf
github.com/dhowden/tag.metadataMP4.readAtomData(0x0, 0x0, 0xc420014cf0, 0x5f5f20, 0xc42000ade0, 0xc42000ef64, 0x4, 0xc400000008, 0x20, 0x5449c0)
/home/karas/go/src/github.com/dhowden/tag/mp4.go:143 +0xd80
github.com/dhowden/tag.metadataMP4.readAtoms(0x0, 0x0, 0xc420014cf0, 0x5f5f20, 0xc42000ade0, 0x0, 0x0)
/home/karas/go/src/github.com/dhowden/tag/mp4.go:123 +0x1bf
github.com/dhowden/tag.ReadAtoms(0x5f5f20, 0xc42000ade0, 0xffffffee, 0x1040, 0xc420027f78, 0x4544c3)
/home/karas/go/src/github.com/dhowden/tag/mp4.go:76 +0x88
github.com/dhowden/tag.TestFuzzCrashers(0xc42004e8f0)
/home/karas/go/src/github.com/dhowden/tag/fuzz_test.go:16 +0xbf
testing.tRunner(0xc42004e8f0, 0x568d08)
/usr/lib/go-1.8/src/testing/testing.go:657 +0x96
created by testing.(*T).Run
/usr/lib/go-1.8/src/testing/testing.go:697 +0x2ca
exit status 2
FAIL github.com/dhowden/tag 0.005s
Great, thanks. I patched quite a few more spots where similar things could happen, this was added in d2206af.
Hello.
I found a slice bounds out of range bug in tag.
Please confirm.
Thanks.
reproduce code:
Crash Log
================= [Acknowledgement] This work was supported by ICT R&D program of MSIP/IITP. [R7518-16-1001, Innovation hub for high Performance Computing]