Open xizheyin opened 1 year ago
Superb, thanks for the exhaustive report.
For the arithmetic overflows, would you happen to have the values that caused the issue? You have those values for the parser / formatter bugs, and that helps a lot.
Thanks
On Sat, Jun 17, 2023, 02:23 XizheYin_nju @.***> wrote:
Description
HI! I am using my fuzz testing tool to test this library, and so far I have found 15 different bugs. Among them, there are 5 array out-of-bounds errors, 3 string encoding errors, 1 unwrap error, 1 unreachable code bug, and 5 arithmetic overflow bugs. Below is the list of errors. Please review them and check if any modifications are needed. The replay files are all stored in this repository https://github.com/XizheYin-NJU/replay_files_hifitime. Bug List: 1. Array out-of-bounds error
error message:
thread 'main' panicked at 'begin <= end (21 <= 20) when slicing
94-11-05T08:15:34.0-:0
', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/epoch.rs:993:43source code: [image: image] https://user-images.githubusercontent.com/62123683/246595108-4ae47f3e-cab2-4aba-8615-9359a8eb1030.png
- Array out-of-bounds error
error message:
thread 'main' panicked at 'index out of bounds: the len is 16 but the index is 16', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:400:25
source code: [image: image] https://user-images.githubusercontent.com/62123683/246595148-03aebae3-6b52-4586-b52e-1ade465c9f34.png
- Array out-of-bounds error
thread 'main' panicked at 'index out of bounds: the len is 16 but the index is 16', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:488:25
source code: [image: image] https://user-images.githubusercontent.com/62123683/246595161-2a6a104e-de5c-4bea-9f6c-ebf9da054e43.png
- Array out-of-bounds error
error message:
thread 'main' panicked at 'index out of bounds: the len is 16 but the index is 16', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:424:25
source code: [image: image] https://user-images.githubusercontent.com/62123683/246595240-3cfa0221-67cb-431b-91c6-d5df23bc0f5c.png
- String encoding error
error message:
thread 'main' panicked at 'byte index 5 is not a char boundary; it is inside '밀' (bytes 4..7) of
%%%1밀%j0%
', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:296:25source code: [image: image] https://user-images.githubusercontent.com/62123683/246595252-b676ffff-9e6b-415f-a32a-da648a195d5c.png
- String encoding error
error message:
thread 'main' panicked at 'byte index 16 is not a char boundary; it is inside '밀' (bytes 14..17) of
411-0j0%%Y 밀%B
', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:228:3source code: [image: image] https://user-images.githubusercontent.com/62123683/246595429-2cdcd39a-b655-4769-9225-fc5b2e30f626.png
- String encoding error
error message:
thread 'main' panicked at 'byte index 1 is not a char boundary; it is inside 'Ͽ' (bytes 0..2) of
ϿTTT
', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:186:50source code: [image: image] https://user-images.githubusercontent.com/62123683/246595321-8a29fb7e-2744-41ee-8f79-07af12fb0c6f.png
- Unwrap error
error message:
thread 'main' panicked at 'called
Option::unwrap()
on aNone
value', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:157:53source code: [image: image] https://user-images.githubusercontent.com/62123683/246595334-82cf23fa-df1c-4903-8973-2435e8a45aca.png
- Unreachable code bug
error message:
thread 'main' panicked at 'not yet implemented', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:246:25
source code: [image: image] https://user-images.githubusercontent.com/62123683/246595354-d2cdc377-bd5a-4c9e-9241-53a5416349ac.png
- Arithmetic overflow bug
error message:
thread 'main' panicked at 'attempt to negate with overflow', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/duration.rs:1247:38
source code: [image: image] https://user-images.githubusercontent.com/62123683/246595369-338745d9-0f27-46b0-9258-2d68eaea4d24.png
- Arithmetic overflow bug
error message:
thread 'main' panicked at 'attempt to subtract with overflow', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/epoch.rs:684:32
source code: [image: image] https://user-images.githubusercontent.com/62123683/246595384-7bba9d19-8433-4602-b91e-fc325ef6411c.png
- Arithmetic overflow bug
error message:
thread 'main' panicked at 'attempt to multiply with overflow', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/epoch.rs:685:59
source code: [image: image] https://user-images.githubusercontent.com/62123683/246595391-79e278d1-f270-4941-89ba-809c2e407099.png
- Arithmetic overflow bug
error message:
thread 'main' panicked at 'attempt to subtract with overflow', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:267:66
source code: [image: image] https://user-images.githubusercontent.com/62123683/246595399-2e08259a-5645-4451-bcd3-49f581511b03.png
- Arithmetic overflow bug
error message:
thread 'main' panicked at 'attempt to calculate the remainder with a divisor of zero', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/duration.rs:511:40
source code: [image: image] https://user-images.githubusercontent.com/62123683/246595415-ae92cdc4-8975-4483-a374-5712e18feb42.png
- Array out-of-bounds error
error message:
thread 'main' panicked at 'begin <= end (3 <= 2) when slicing @.***`', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:228:32
source code: [image: image] https://user-images.githubusercontent.com/62123683/246595778-346c02c5-57e1-4b0a-8eb0-6f277d5e4501.png
— Reply to this email directly, view it on GitHub https://github.com/nyx-space/hifitime/issues/244, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABEZV2GALZ5G5REFXLVVC4DXLVSRJANCNFSM6AAAAAAZKC2YAI . You are receiving this because you are subscribed to this thread.Message ID: @.***>
Thank you for taking the time to review these issues! All the replay files and their corresponding inputs are in this repository, including arithmetic overflow. If you want to reproduce the exact values that caused crashes during execution, perhaps you can run the replay files while monitoring them?
Thanks, I hadn't seen the link to the replay files, but now I see them. This will help in fixing the bugs for sure, thank you.
What fuzz tool did you use ? It might be useful for me to add it to the CI.
Thank you for your recognition. I am a Ph.D. student at SATE Laboratory, Nanjing University. We are currently working on a fuzzing tool for Rust library APIs under the guidance of our advisor. This tool aims to automate the testing of Rust library APIs more effectively. Once we complete it, we will open-source the tool and welcome your suggestions and contributions at that time!
@xizheyin,
am a Ph.D. student at SATE Laboratory, Nanjing University. We are currently working on a fuzzing tool for Rust library APIs under the guidance of our advisor. This tool aims to automate the testing of Rust library APIs more effectively. Once we complete it, we will open-source the tool and welcome your suggestions and contributions at that time!
this might be a little off topic but I'm also very interested in your stresser tool. Did you guys get a chance to make progress on this ? i'd be interested in using it in my own tools
@gwbres Thank you for your approval, the current version is a bit user-unfriendly, we will refactor the tool to make it more usable in the future.
Thank you for your approval, the current version is a bit user-unfriendly, we will refactor the tool to make it more usable in the future
👍 do you have a link to this work ? is that the "llvm cov" project you contribute to ? or another repo
That's not it. My work hasn't been published yet, so the repo hasn't been made public yet, and with any luck it will be in a few months.
Thank you for your approval, the current version is a bit user-unfriendly, we will refactor the tool to make it more usable in the future
👍 do you have a link to this work ? is that the "llvm cov" project you contribute to ? or another repo
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>
No worries, I'll try to keep an eye on it
@cardigan1008 , thank you for your contribution in #324 ! Does the PR fix all of the bugs you reported here, or is there more work needed ? If your PR fixes all of these bugs, I can close this issue.
Thanks
@cardigan1008 , thank you for your contribution in #324 ! Does the PR fix all of the bugs you reported here, or is there more work needed ? If your PR fixes all of these bugs, I can close this issue.
Thanks
For this issue, we are halfway there with 8 out of 15 bugs fixed (panic 1-4, 8, 11-12, 14). Regarding #246, the panics are almost all resolved, with 13 out of 15 fixed (panic 16-28). I'll continue working on it and hopefully, we can close these two issues soon!
Let's move the rest of this ticket to version 4.1.
Description
HI! I am using my fuzz testing tool to test this library, and so far I have found 15 different bugs. Among them, there are 5 array out-of-bounds errors, 3 string encoding errors, 1 unwrap error, 1 unreachable code bug, and 5 arithmetic overflow bugs. Below is the list of errors. Please review them and check if any modifications are needed. The replay files are all stored in this repository.
Bug List:
1. Array out-of-bounds error
error message:
source code:
2. Array out-of-bounds error
error message:
source code:
3. Array out-of-bounds error
source code:
4. Array out-of-bounds error
error message:
source code:
5. String encoding error
error message:
source code:
6. String encoding error
error message:
source code:
7. String encoding error
error message:
source code:
8. Unwrap error
error message:
source code:
9. Unreachable code bug
error message:
source code:
10. Arithmetic overflow bug
error message:
source code:
11. Arithmetic overflow bug
error message:
source code:
12. Arithmetic overflow bug
error message:
source code:
13. Arithmetic overflow bug
error message:
source code:
14. Arithmetic overflow bug
error message:
source code:
15. Array out-of-bounds error
error message:
source code: