An arithmetic overflow bug found by afl.rs

tokio-rs / bytes

Utilities for working with bytes

MIT License

1.91k stars 288 forks source link

An arithmetic overflow bug found by afl.rs #609

Closed Koral77 closed 1 year ago

Koral77 commented 1 year ago

I've using afl.rs to fuzz this crate. And I've found an API may panic due to arithmetic overflow. The code to replay this panic is

unsafe {
    let mut _local0 = bytes::BytesMut::zeroed(134217983);
    bytes::buf::BufMut::advance_mut(&mut (_local0), 18446744073707388928);
}

The bug report is I hope you can check if this is a real bug need to be fixed. Thanks a lot.

sfackler commented 1 year ago

https://docs.rs/bytes/latest/bytes/trait.BufMut.html#panics

Darksonn commented 1 year ago

This is not a bug. We've had several bug reports from people using this tool before, and they're always some sort of super trivial out-of-bounds panic or trying to allocate more memory than the machine has. Please make a minimal effort to check the documentation of the functions involved before reporting bugs found with afl.rs.

See #588, #589, and #590.