search

etemesi254 / zune-image

A fast and memory efficient image library in Rust
Other
311 stars 30 forks source link

Various panics in zune-png #221

Open sigaloid opened 1 month ago

sigaloid commented 1 month ago

Hi, I did some mutation-based fuzzing again but on zune-png and found more panics.

Testing 01a9065e5558450bb9ca25f1bb6b63beb1497429.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/decoder.rs:635:50:
called `Option::unwrap()` on a `None` value
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 2bc42e5b383c4993bc3b6430184999c4706d17f9.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 2dded3c25354fc33e319060dd0b8cd03ef2bf0b9.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:519:56:
range start index 4544 out of range for slice of length 4542
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 2e2d013ae03383cd54894f92944d2f2a0dbcd540.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:519:56:
range start index 179 out of range for slice of length 175
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 02e7afd1c44e54905fa5fd317974983c881b214a.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/decoder.rs:635:50:
called `Option::unwrap()` on a `None` value
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 3ee00833b940ba89956d23dbaf334dd08da6f376.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 4a7c56ac131e1e4a4003c8c4573e2c22ee680535.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:519:56:
range start index 179 out of range for slice of length 177
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 5a169feb55e64decd53b2fd35f0fb0c017028c24.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/decoder.rs:816:28:
range end index 4804 out of range for slice of length 600
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 5c6ec2f315cf8109031cb1f118af659bc1a47f36.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 5dcac9cf22ff28ffd07a39eb2738435ba786b992.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/decoder.rs:635:50:
called `Option::unwrap()` on a `None` value
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 6b72b394e426abdd3b894f1ab9a9102009b4d3f2.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 6f2334cb56bae7874ec856736ab30e755e91a1f2.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 7b53bb8285cc70a126281cd991bef5101c823b48.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/decoder.rs:635:50:
called `Option::unwrap()` on a `None` value
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 7ce342500e1405f3e429379dc7a59ae0b9fe4e40.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 7d4b3dc5f8ec7f1f6e40b36a75cefe7c1c70a4d1.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 7e1acedc6f0e576074a1781cbf96b09385b87eab.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/decoder.rs:816:28:
range end index 45700 out of range for slice of length 40000
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 7fc08bc7c04c44ff4899096388a9a3dc2cc4570c.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 9c2540272c6cd35fa6992e2f89e00525c606978f.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 22f8c06b80de89f0e7c214e0e15cd0f760dec476.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/decoder.rs:816:28:
range end index 23321 out of range for slice of length 22500
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 29e8f657f364222e3f8217035da9348b522921b9.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 36ee4e78ff17b44022be999d149518664b62ed40.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:519:56:
range start index 179 out of range for slice of length 175
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 051f108e8eab1e84ba18269d9a37a01652e369ce.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/decoder.rs:816:28:
range end index 19204 out of range for slice of length 17600
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 069ee5d9873c41d0fee144e97702115dc7a0301b.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 76dc3700e9bffb521af196d3de9eb1cfecdd7d1f.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/decoder.rs:816:28:
range end index 184323 out of range for slice of length 30000
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 78d89b6bce34bda3e8696496fae126bc18f88335.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/decoder.rs:816:28:
range end index 45188 out of range for slice of length 39600
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 80d9991980e3c4a6ed48140b73d751aa98460ead.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 90efb0f1f42cc7bb2b9c35611bc9c194675cbf35.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 766bac5b80f4ecce7d202ef9b817c0df2d7ce03c.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/decoder.rs:816:28:
range end index 45572 out of range for slice of length 40000
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 862e745cdc17abbc17c4b03947c058ef8cd1ea44.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/decoder.rs:635:50:
called `Option::unwrap()` on a `None` value
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 1145d52014c93a85ed3e410201e602f6d4ea403c.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/decoder.rs:635:50:
called `Option::unwrap()` on a `None` value
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 2999cb3d52ccb7d5a62b30ff5e918de19217f878.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 5768a54b04086fd1c5f9c1af4b3ff6e8536821f3.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 7589eb51445f9f089658bb07ab3ecf9f48791f90.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 8991e4a0c18d4cec3e4097daf26623d9bbd18cb1.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 2139364b62c710fec99fdc67cd99ac57de5749ee.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/decoder.rs:816:28:
range end index 184323 out of range for slice of length 30000
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing 948633673a35fcaf8e7642f084e3e661327304e9.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing a29186c4369ede2838c529b8e354ffb32428f752.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing ada375a0a712941829659315a1f1f6327b08ebc0.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/decoder.rs:816:28:
range end index 148100 out of range for slice of length 139944
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing b4ddab9f83fa1ac3c70d9cce02c312a76c87d14d.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing bc7f2c0cb08ed28837bda5bf6594576f17fd7898.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing ce43f470465a1e5149a0e8f586a4a3323231c5a1.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/decoder.rs:635:50:
called `Option::unwrap()` on a `None` value
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing d0f0e40d3ee50da2a2fb8e5f54917c33843609ca.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing d4e1b0662bb410c7f0bc377fa1b9d61f0c4dba20.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/decoder.rs:816:28:
range end index 23321 out of range for slice of length 22500
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing d8a2130df82ae4f4c4f08cdf02030f99372470cb.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:519:56:
range start index 179 out of range for slice of length 175
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing d19a03489b017259459109b79307a476f40fbea1.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing d514e9236d3a3b4136bd7d5d0b8f1b05329cd5aa.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing de792af39d7b41dbd6af6875a56576a115f0cbff.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing dec3d00bbb8a375288341225d0e84014b3d8998a.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing e5ba4dcd3318b5f3a2a12ddf533aabfc7978bed8.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing f0be1d8d59f919fe1a79a0fc076b243f1aadfc2e.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing fcdc43e8ec14c35b02c881286540d915b06974be.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/decoder.rs:816:28:
range end index 45572 out of range for slice of length 39200
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Testing fe882e76c757ec2b1fa88c2a1e0a707e648326e6.crash
thread 'main' panicked at /home/mattop/zune-image/crates/zune-png/src/headers/readers.rs:517:30:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Attached are the inputs that crash with the following code:

        use zune_core::bytestream::ZCursor;
        let opts = zune_core::options::DecoderOptions::new_fast();

        let data = ZCursor::new(data);
        let mut decoder = zune_png::PngDecoder::new_with_options(data, opts);
        let _ = decoder.decode();

zune-png-crash-files.zip

etemesi254 commented 1 month ago

Please confirm that the changes fix the bugs identified (latest commit)

sigaloid commented 1 month ago

One crash persists - these files give the below error.

01a9065e5558450bb9ca25f1bb6b63beb1497429.crash
02e7afd1c44e54905fa5fd317974983c881b214a.crash
5dcac9cf22ff28ffd07a39eb2738435ba786b992.crash
7b53bb8285cc70a126281cd991bef5101c823b48.crash
862e745cdc17abbc17c4b03947c058ef8cd1ea44.crash
1145d52014c93a85ed3e410201e602f6d4ea403c.crash
ce43f470465a1e5149a0e8f586a4a3323231c5a1.crash
thread 'main' panicked at zune-image/crates/zune-png/src/decoder.rs:635:50:
called `Option::unwrap()` on a `None` value