search

fitzgen / bumpalo

A fast bump allocation arena for Rust
https://docs.rs/bumpalo
Apache License 2.0
1.35k stars 110 forks source link

May panic due to unwrap on Err #200

Closed Koral77 closed 1 year ago

Koral77 commented 1 year ago

I've using afl.rs to fuzz this crate. And I found a panic issue. The code to replay the issue is

let mut _local0 = bumpalo::Bump::with_capacity(10995706271387654244);

And from the panic reportn, it seems that this panic is caused by use unwrap on a Result which may return err. image I hope you can check if this is a bug need to be fixed. Thanks a lot.

fitzgen commented 1 year ago

Thanks for filing an issue!

This particular behavior is expected, although we could maybe have a better panic message and need to add a section to the docs explaining that this can happen.

One can use try_with_capacity to handle OOM.

Can you share the fuzz target you've written? Could be good to get cargo fuzz fuzz targets committed in the repo, but I'm also just curious about the approach you've taken.

Koral77 commented 1 year ago

@fitzgen Thanks for your reply!

I place the replay code on replay_files.

The file contains three lines of code, but the bug is triggered in the first line of code.

The reported bug is in lib.rs: 468 where the code is image

It uses unwrap() on Err returned by Layout::from_size_align.