Integer Overflow Panic Bug in Library - Githubissues

tokio-rs / bytes

Utilities for working with bytes

MIT License

1.91k stars 288 forks source link

Integer Overflow Panic Bug in Library #619

Closed xizheyin closed 1 year ago

xizheyin commented 1 year ago

description

I used a fuzz testing tool to test this library and discovered a panic caused by an integer overflow bug.

version

bytes = "=1.4.0"

replay file

fn main() {
    unsafe {
        let mut _local0 = bytes::BytesMut::new();
        let _ = bytes::buf::BufMut::advance_mut(&mut (_local0), 0);
        let _ = bytes::BytesMut::clear(&mut (_local0));
        let _ = bytes::BytesMut::resize(&mut (_local0), 83886079, 255);
        let _ = bytes::buf::BufMut::advance_mut(&mut (_local0), 18446744073709551615);
    }
}

error message

thread 'main' panicked at 'attempt to add with overflow', /home/yxz/.cargo/registry/src/github.com-1ecc6299db9ec823/bytes-1.4.0/src/bytes_mut.rs:1089:23

source code