whisperfish / rust-phonenumber

Library for parsing, formatting and validating international phone numbers.
Apache License 2.0
162 stars 55 forks source link

Panic when parsing malformed phone number #43

Closed 5225225 closed 1 year ago

5225225 commented 2 years ago
#![no_main]
use libfuzzer_sys::fuzz_target;

fuzz_target!(|data: &str| {
    phonenumber::parse(None, data);
});

Input: " 2 22#:"

stack trace:

thread '<unnamed>' panicked at 'called `Option::unwrap()` on a `None` value', /home/jess/src/rust-phonenumber/src/parser/natural.rs:31:31
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
==1196841== ERROR: libFuzzer: deadly signal
    #0 0x558960d73251 in __sanitizer_print_stack_trace /rustc/llvm/src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:87:3
    #1 0x5589618a01f8 in fuzzer::PrintStackTrace() (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x124a1f8)
    #2 0x55896187a2d5 in fuzzer::Fuzzer::CrashCallback() (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x12242d5)
    #3 0x7f5e7670b86f  (/usr/lib/libpthread.so.0+0x1386f)
    #4 0x7f5e7641bd21 in raise (/usr/lib/libc.so.6+0x3cd21)
    #5 0x7f5e76405861 in abort (/usr/lib/libc.so.6+0x26861)
    #6 0x558961927796 in std::sys::unix::abort_internal::h2b5353982e294b6c /rustc/8b09ba6a5d5c644fe0f1c27c7f9c80b334241707/library/std/src/sys/unix/mod.rs:259:14
    #7 0x558960cecac5 in std::process::abort::h64b8d5b89778f542 /rustc/8b09ba6a5d5c644fe0f1c27c7f9c80b334241707/library/std/src/process.rs:1987:5
    #8 0x558961865765 in libfuzzer_sys::initialize::_$u7b$$u7b$closure$u7d$$u7d$::h811575f9bb402bcd (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x120f765)
    #9 0x55896191be48 in std::panicking::rust_panic_with_hook::hf8e86850fbbd03b1 /rustc/8b09ba6a5d5c644fe0f1c27c7f9c80b334241707/library/std/src/panicking.rs:610:17
    #10 0x55896191b8d1 in std::panicking::begin_panic_handler::_$u7b$$u7b$closure$u7d$$u7d$::h590a0d6060ff866e /rustc/8b09ba6a5d5c644fe0f1c27c7f9c80b334241707/library/std/src/panicking.rs:500:13
    #11 0x558961918893 in std::sys_common::backtrace::__rust_end_short_backtrace::h260b8bd1c848a03c /rustc/8b09ba6a5d5c644fe0f1c27c7f9c80b334241707/library/std/src/sys_common/backtrace.rs:139:18
    #12 0x55896191b868 in rust_begin_unwind /rustc/8b09ba6a5d5c644fe0f1c27c7f9c80b334241707/library/std/src/panicking.rs:498:5
    #13 0x558960cee030 in core::panicking::panic_fmt::h7b8580d81fcbbacd /rustc/8b09ba6a5d5c644fe0f1c27c7f9c80b334241707/library/core/src/panicking.rs:106:14
    #14 0x558960cedf7c in core::panicking::panic::h50b51d19800453c0 /rustc/8b09ba6a5d5c644fe0f1c27c7f9c80b334241707/library/core/src/panicking.rs:47:5
    #15 0x558960f8b253 in phonenumber::parser::natural::phone_number::h0fa34d8d9465ee72 (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x935253)
    #16 0x558960ee6028 in _$LT$$LP$A$C$B$RP$$u20$as$u20$nom..branch..Alt$LT$Input$C$Output$C$Error$GT$$GT$::choice::hb1d4cb7a3a5ac067 (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x890028)
    #17 0x558960f905e2 in phonenumber::parser::parse_with::phone_number::h6f3cab01067dc854 (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x93a5e2)
    #18 0x558960d9e78b in phonenumber::parser::parse_with::h67d248e390f231c7 (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x74878b)
    #19 0x558960db9fbb in rust_fuzzer_test_input (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x763fbb)
    #20 0x5589618658b8 in __rust_try (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x120f8b8)
    #21 0x558961864d88 in LLVMFuzzerTestOneInput (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x120ed88)
    #22 0x55896187a811 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1224811)
    #23 0x55896187fe1f in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1229e1f)
    #24 0x558961880d18 in fuzzer::Fuzzer::MutateAndTestOne() (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x122ad18)
    #25 0x558961883117 in fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x122d117)
    #26 0x558961873d50 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x121dd50)
    #27 0x558960cee802 in main (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x698802)
    #28 0x7f5e76406b24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24)
    #29 0x558960cee9ad in _start (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x6989ad)