search

johannesvollmer / exrs

100% Safe Rust OpenEXR file library
Other
153 stars 24 forks source link

Use checked_sub/checked_div in meta/header.rs #221

Closed tokatoka closed 1 year ago

tokatoka commented 1 year ago

While I was fuzzing image-rs/fuzz/fuzzer_script_exr.rs, I found an attempt to subtract with overflow error in meta/header.rs

$ ./image /home/toka/LibAFL/crash-47a56cc2953de83d.exr 
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 3118772312
INFO: Loaded 1 modules   (571009 inline 8-bit counters): 571009 [0x56459b9db730, 0x56459ba66db1), 
INFO: Loaded 1 PC tables (571009 PCs): 571009 [0x56459ba66db8,0x56459c31d5c8), 
./image: Running 1 inputs 1 time(s) each.
Running: /home/toka/LibAFL/crash-47a56cc2953de83d.exr
thread 'OpenEXR Block Decompressor Thread #0' panicked at /home/toka/crabsandwich/image-rs/exrs/src/meta/header.rs:536:25:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
==175008== ERROR: libFuzzer: deadly signal
thread 'OpenEXR Block Decompressor Thread #4' panicked at /home/toka/crabsandwich/image-rs/exrs/src/meta/header.rs:536:25:
attempt to subtract with overflow
Aborted (core dumped)

This PR will use checked_sub/checked_div to prevent panics

johannesvollmer commented 1 year ago

Excellent, thank you for taking the time! :)