Panic with `No more forward progress made in stream decoding.` on a crafted image

image-rs / image-png

PNG decoding and encoding library in pure Rust

https://docs.rs/png

Apache License 2.0

347 stars 139 forks source link

Panic with `No more forward progress made in stream decoding.` on a crafted image #461

Closed Shnatsel closed 5 months ago

Shnatsel commented 5 months ago

Decoding the following image results in a panic: crash-095de1cef9395bc69ebcb9250ee27b485989f282

thread '<unnamed>' panicked at image-png/src/decoder/zlib.rs:141:17:
No more forward progress made in stream decoding.

Found by cargo fuzz on commit 5ac3b4189119895f4e47a4391e86e6955855d8e0

Also, after the recent performance optimizations the fuzzer goes absolutely BRRRRRR. I'm getting over 100,000 executions per second per core, I have never seen anything like it :rocket:

fintelia commented 5 months ago

This is a bug in fdeflate that was fixed in version 0.3.4.

fintelia commented 5 months ago

We should probably see about getting you access to the oss-fuzz so you can see crashes detected there. I think it might just be a matter of adding a address gmail here?

Shnatsel commented 5 months ago

I can still reproduce this with a different file even on fdeflate v0.3.4: crash-7015e5b72205faf10ae3174f531837d665955b1a

fintelia commented 5 months ago

Weirdly, neither file reproduces for me with fdeflate v0.3.4

Shnatsel commented 5 months ago

Oh, I ran cargo update in the root directory but not in the fuzz directory. My bad!

Shnatsel commented 5 months ago

No more issues after 2.4 billion fuzzer executions :tada: