Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Panic on malformed input: attempt to divide by zero #33

Closed
Shnatsel opened this issue Feb 28, 2019 · 0 comments · Fixed by #41
Closed

Panic on malformed input: attempt to divide by zero #33

Shnatsel opened this issue Feb 28, 2019 · 0 comments · Fixed by #41
Labels
bug Something isn't working good first issue Good for newcomers

Comments

@Shnatsel
Copy link

Shnatsel commented Feb 28, 2019
edited
Loading

With #32 applied which fixed the early panics fuzzer could further into the decoding code. Here are some samples discovered by AFL that trigger a panic: divide-by-zero.zip

Backtrace:

thread 'main' panicked at 'attempt to divide by zero', /home/shnatsel/Code/image-tiff/src/decoder/mod.rs:539:12
stack backtrace:
   0: std::sys::unix::backtrace::tracing::imp::unwind_backtrace
             at src/libstd/sys/unix/backtrace/tracing/gcc_s.rs:49
   1: std::sys_common::backtrace::_print
             at src/libstd/sys_common/backtrace.rs:71
   2: std::panicking::default_hook::{{closure}}
             at src/libstd/sys_common/backtrace.rs:59
             at src/libstd/panicking.rs:211
   3: std::panicking::default_hook
             at src/libstd/panicking.rs:227
   4: std::panicking::rust_panic_with_hook
             at src/libstd/panicking.rs:491
   5: std::panicking::continue_panic_fmt
             at src/libstd/panicking.rs:398
   6: rust_begin_unwind
             at src/libstd/panicking.rs:325
   7: core::panicking::panic_fmt
             at src/libcore/panicking.rs:95
   8: core::panicking::panic
             at src/libcore/panicking.rs:59
   9: <tiff::decoder::Decoder<R>>::read_image
  10: std::panicking::try::do_call
  11: __rust_maybe_catch_panic
             at src/libpanic_unwind/lib.rs:102
  12: afl::read_stdio_bytes
  13: std::rt::lang_start::{{closure}}
  14: std::panicking::try::do_call
             at src/libstd/rt.rs:59
             at src/libstd/panicking.rs:310
  15: __rust_maybe_catch_panic
             at src/libpanic_unwind/lib.rs:102
  16: std::rt::lang_start_internal
             at src/libstd/panicking.rs:289
             at src/libstd/panic.rs:398
             at src/libstd/rt.rs:58
  17: main
  18: __libc_start_main
  19: _start

Steps to reproduce are the same as in #28
@Shnatsel Shnatsel mentioned this issue Feb 28, 2019
Merged
@birktj birktj added bug Something isn't working good first issue Good for newcomers labels Apr 23, 2019
birktj added a commit to birktj/image-tiff that referenced this issue Apr 25, 2019
@birktj
Fix divide by zero bug
dbf532b 
This fixes image-rs#33
@birktj birktj mentioned this issue Apr 25, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix divide by zero bug birktj/image-tiff
2 participants
@Shnatsel @birktj