Closed daniellockyer closed 7 years ago
A crashing input looks like \x93NUMPY\x01\x00\xf8\xff.
\x93NUMPY\x01\x00\xf8\xff
According to the spec, the bytes following \x01\x00 should be an unsigned short int.
\x01\x00
The next 2 bytes form a little-endian unsigned short int: the length of the header data HEADER_LEN.
nom was told to use a signed short int which would panic further code when given the wrong size.
nom
Fixes #1 and found by cargo-fuzz. It was found within ~30 executions but following the patch, I'm currently at 2 million with no crashes.
A crashing input looks like
\x93NUMPY\x01\x00\xf8\xff.According to the spec, the bytes following
\x01\x00should be an unsigned short int.nomwas told to use a signed short int which would panic further code when given the wrong size.Fixes #1 and found by cargo-fuzz. It was found within ~30 executions but following the patch, I'm currently at 2 million with no crashes.