Closed 5225225 closed 2 years ago
i was wondering how you were fuzzing - i'd written off cargo fuzz
maybe a little too eagerly as i figured it would mostly-uninterestingly be exploring evex decoding logic. which, i suppose, is exactly what could have used some more scrutiny.
this is a foil of the other overflow you found
if let Some(size) = overridden_size {
instruction.disp *= size;
} else {
apply_disp_scale(instruction);
}
where disp is signed-in-spirit-but-unsigned-in-practice. so that's a wrapping_mul
now. and the other fix probably should have been wrapping_mul
too. so it is now.
on cargo fuzz
: i figured out that all the cargo fuzz issues i've had in the past were due to my having an ancient version of cargo fuzz
installed. i was wondering how you got it working without fiddling with llvm pass manager arguments and other weird hacks... it doesn't seem to be shouting about specific fuzz cases so maybe these were the only two? haha :grimacing:
Yeah, I think there was a brief time maybe a few months ago where cargo-fuzz didn't work out of the box (because rust was moving to a different llvm / pass manager or whatever it was).
But nowadays (cargo-fuzz 0.11.0
), it works flawlessly for me. On linux, granted, so your mileage may vary if you're on windows/mac.
between the immediate issue being fixed, and that there are now in-tree cargo fuzz
targets for this (and that i'm running them), i'm going to close this as being resolved
thread 'main' panicked at 'attempt to multiply with overflow', /home/jess/.cargo/registry/src/github.com-1ecc6299db9ec823/yaxpeax-x86-1.1.2/src/long_mode/../shared/evex.in:241:11
The fuzzer I'm using is just
(the drop is to ignore the must_use on a Result).
Probably should add this to the repo and run it yourself. See https://github.com/rust-fuzz/cargo-fuzz