Open alexanderkjall opened 3 years ago
more fuzzing gave me this error:
thread '' panicked at 'called Result::unwrap() on an Err value: ParseIntError { kind: Overflow }', /home/capitol/project/hjson-rust/hjson/src/util.rs:208:67
Result::unwrap()
Err
full stacktrace:
#0 0x561f6f275731 in __sanitizer_print_stack_trace /rustc/llvm/src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:86:3 #1 0x561f6f936660 in fuzzer::PrintStackTrace() (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x996660) #2 0x561f6f95299a in fuzzer::Fuzzer::CrashCallback() (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x9b299a) #3 0x7f153a3933bf (/lib/x86_64-linux-gnu/libpthread.so.0+0x153bf) #4 0x7f153a1b718a in __libc_signal_restore_set /build/glibc-YYA7BZ/glibc-2.31/signal/../sysdeps/unix/sysv/linux/internal-signals.h:86:3 #5 0x7f153a1b718a in raise /build/glibc-YYA7BZ/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:48:3 #6 0x7f153a196858 in abort /build/glibc-YYA7BZ/glibc-2.31/stdlib/abort.c:79:7 #7 0x561f6f9aeb36 in std::sys::unix::abort_internal::h5c8b2a90c624abaf /rustc/d006f5734f49625c34d6fc33bf6b9967243abca8/library/std/src/sys/unix/mod.rs:167:14 #8 0x561f6f997bc5 in std::process::abort::hb13208ae9f5b7133 /rustc/d006f5734f49625c34d6fc33bf6b9967243abca8/library/std/src/process.rs:1623:5 #9 0x561f6f9201b6 in libfuzzer_sys::initialize::_$u7b$$u7b$closure$u7d$$u7d$::h2ef829035805c4e9 (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x9801b6) #10 0x561f6f99eed7 in std::panicking::rust_panic_with_hook::h2f4c96dfd8ba524a /rustc/d006f5734f49625c34d6fc33bf6b9967243abca8/library/std/src/panicking.rs:581:17 #11 0x561f6f99ea88 in std::panicking::begin_panic_handler::_$u7b$$u7b$closure$u7d$$u7d$::h7740abbe2875cb4d /rustc/d006f5734f49625c34d6fc33bf6b9967243abca8/library/std/src/panicking.rs:484:9 #12 0x561f6f999ebb in std::sys_common::backtrace::__rust_end_short_backtrace::hcad001df0a36db28 /rustc/d006f5734f49625c34d6fc33bf6b9967243abca8/library/std/src/sys_common/backtrace.rs:153:18 #13 0x561f6f99ea48 in rust_begin_unwind /rustc/d006f5734f49625c34d6fc33bf6b9967243abca8/library/std/src/panicking.rs:483:5 #14 0x561f6fa04460 in core::panicking::panic_fmt::hb15d6f55e8472f62 /rustc/d006f5734f49625c34d6fc33bf6b9967243abca8/library/core/src/panicking.rs:85:14 #15 0x561f6fa040d2 in core::result::unwrap_failed::h110828a80aba3eec /rustc/d006f5734f49625c34d6fc33bf6b9967243abca8/library/core/src/option.rs:1221:5 #16 0x561f6f2d923d in serde_hjson::util::ParseNumber$LT$Iter$GT$::parse::hba5da05d298b23ff (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x33923d) #17 0x561f6f2a58ad in serde_hjson::de::Deserializer$LT$Iter$GT$::parse_tfnns::h7d7fb93a4d3df50b (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x3058ad) #18 0x561f6f2abb92 in serde_hjson::de::Deserializer$LT$Iter$GT$::parse_value::h09e41fbc88e5efe4 (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x30bb92) #19 0x561f6f301ff1 in serde::de::MapVisitor::visit::hf1a5b50f97f17367 (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x361ff1) #20 0x561f6f310966 in _$LT$linked_hash_map..serde..LinkedHashMapVisitor$LT$K$C$V$GT$$u20$as$u20$serde..de..Visitor$GT$::visit_map::h730c4bb087010ef0 (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x370966) #21 0x561f6f2aece8 in serde_hjson::de::Deserializer$LT$Iter$GT$::parse_value::h9b2c32860cf298a3 (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x30ece8) #22 0x561f6f2cd8ba in serde_hjson::de::from_iter::hc227fa3539b40986 (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x32d8ba) #23 0x561f6f317118 in rust_fuzzer_test_input (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x377118) #24 0x561f6f9201e0 in __rust_try (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x9801e0) #25 0x561f6f91fe3f in LLVMFuzzerTestOneInput (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x97fe3f) #26 0x561f6f952edc in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x9b2edc) #27 0x561f6f95aec0 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x9baec0) #28 0x561f6f95b87c in fuzzer::Fuzzer::MutateAndTestOne() (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x9bb87c) #29 0x561f6f95dc7f in fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x9bdc7f) #30 0x561f6f92e239 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x98e239) #31 0x561f6f1f22e6 in main (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x2522e6) #32 0x7f153a1980b2 in __libc_start_main /build/glibc-YYA7BZ/glibc-2.31/csu/../csu/libc-start.c:308:16 #33 0x561f6f1f248d in _start (/home/capitol/project/hjson-rust/hjson/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x25248d)
Can be reproduced with the following unit test:
#[cfg(test)] mod test { use crate::{Map,Value}; use crate::error::Result; #[test] pub fn parse_int_error() { let data: Vec<u8> = vec![47, 97, 47, 65, 58, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 0, 0, 0, 54, 35, 54, 54, 54, 54, 54, 54, 54, 44, 35, 58, 45, 85, 85, 85, 35, 116, 45, 35, 35, 58, 47]; let mut sample: Result<Map<String, Value>> = crate::from_slice(&data); } }
more fuzzing gave me this error:
thread '' panicked at 'called
Result::unwrap()on anErrvalue: ParseIntError { kind: Overflow }', /home/capitol/project/hjson-rust/hjson/src/util.rs:208:67full stacktrace:
Can be reproduced with the following unit test: