Crash on malformed input #32
Comments
|
Thanks for the next report! Repacked version of the test case: 32_minimized_crash_testcase.ogg.zip (needs no |
|
Note: I don't consider large allocations a bug. I mean how can you distinguish a legitimate large allocation from an illegitimate one? The problem is solvable far more nicely with failible allocators. Hopefully Rust will get support one day. Until then there has to be a panic. However I do consider the overflow in debug more to be a bug. Thus I'll push a fix soon. |
Badly formatted files managed to allocate giant buffers in release mode, and trigger an subtraction overflow in debug mode. While a large allocation doesn't imply a bug, the overflow certainly is one.
|
Fixed in commit b20e267 |
This is usually done by limiting the amount of allocated memory to some sane default, and letting people override it if they're really dealing with enormous amounts of data. In Rust we can easily allow the API user to override these limits via the builder pattern. See https://libpng.sourceforge.io/decompression_bombs.html for more info on how a similar issue was solved in libpng. See also the Limits struct from flif crate. |
When given a malformed input lewton attempts to allocate enormous amounts of memory and crashes. Testcase: minimized_crash_testcase.ogg.gz (gzipped so that github would accept the upload)
Command to reproduce the crash:
RUSTFLAGS='--cfg=fuzzing' cargo run --release --example perf /path/to/testcaseThe output will be:
When run in debug mode with command
RUSTFLAGS='--cfg=fuzzing' cargo run --example perf /path/to/testcasethe error message is:Found using afl.rs
The text was updated successfully, but these errors were encountered: