Bug Report: Identified issues with arithmetic overflow, unreachable code, unwrap errors, and array out-of-bounds and so on

[xizheyin]

Description

HI! I am using my fuzz testing tool to test this library, and so far I have found 15 different bugs. Among them, there are 5 array out-of-bounds errors, 3 string encoding errors, 1 unwrap error, 1 unreachable code bug, and 5 arithmetic overflow bugs. Below is the list of errors. Please review them and check if any modifications are needed. The replay files are all stored in this repository.

Bug List:

1. Array out-of-bounds error

error message:

thread 'main' panicked at 'begin <= end (21 <= 20) when slicing `94-11-05T08:15:34.0-:0`', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/epoch.rs:993:43

source code:

2. Array out-of-bounds error

error message:

thread 'main' panicked at 'index out of bounds: the len is 16 but the index is 16', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:400:25

source code:

3. Array out-of-bounds error

thread 'main' panicked at 'index out of bounds: the len is 16 but the index is 16', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:488:25

source code:

4. Array out-of-bounds error

error message:

thread 'main' panicked at 'index out of bounds: the len is 16 but the index is 16', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:424:25

source code：

5. String encoding error

error message:

thread 'main' panicked at 'byte index 5 is not a char boundary; it is inside '밀' (bytes 4..7) of `%%%1밀%j0%`', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:296:25

source code：

6. String encoding error

error message:

thread 'main' panicked at 'byte index 16 is not a char boundary; it is inside '밀' (bytes 14..17) of `411-0j0%%Y
                                                                                                                밀%B`', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:228:3

source code：

7. String encoding error

error message:

thread 'main' panicked at 'byte index 1 is not a char boundary; it is inside 'Ͽ' (bytes 0..2) of `ϿTTT`', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:186:50

source code：

8. Unwrap error

error message:

thread 'main' panicked at 'called `Option::unwrap()` on a `None` value', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:157:53

source code：

9. Unreachable code bug

error message:

thread 'main' panicked at 'not yet implemented', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:246:25

source code：

10. Arithmetic overflow bug

error message:

thread 'main' panicked at 'attempt to negate with overflow', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/duration.rs:1247:38

source code：

11. Arithmetic overflow bug

error message:

thread 'main' panicked at 'attempt to subtract with overflow', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/epoch.rs:684:32

source code：

12. Arithmetic overflow bug

error message:

thread 'main' panicked at 'attempt to multiply with overflow', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/epoch.rs:685:59

source code：

13. Arithmetic overflow bug

error message:

thread 'main' panicked at 'attempt to subtract with overflow', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:267:66

source code：

14. Arithmetic overflow bug

error message:

thread 'main' panicked at 'attempt to calculate the remainder with a divisor of zero', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/duration.rs:511:40

source code：

15. Array out-of-bounds error

error message:

thread 'main' panicked at 'begin <= end (3 <= 2) when slicing `291@Jb0JJJJJ`', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:228:32

source code:

[ChristopherRabotin]

Superb, thanks for the exhaustive report. For the arithmetic overflows, would you happen to have the values that caused the issue? You have those values for the parser / formatter bugs, and that helps a lot. Thanks

…

On Sat, Jun 17, 2023, 02:23 XizheYin_nju ***@***.***> wrote: Description HI! I am using my fuzz testing tool to test this library, and so far I have found 15 different bugs. Among them, there are 5 array out-of-bounds errors, 3 string encoding errors, 1 unwrap error, 1 unreachable code bug, and 5 arithmetic overflow bugs. Below is the list of errors. Please review them and check if any modifications are needed. The replay files are all stored in this repository <https://github.com/XizheYin-NJU/replay_files_hifitime>. Bug List: 1. Array out-of-bounds error error message: thread 'main' panicked at 'begin <= end (21 <= 20) when slicing `94-11-05T08:15:34.0-:0`', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/epoch.rs:993:43 source code: [image: image] <https://user-images.githubusercontent.com/62123683/246595108-4ae47f3e-cab2-4aba-8615-9359a8eb1030.png> 2. Array out-of-bounds error error message: thread 'main' panicked at 'index out of bounds: the len is 16 but the index is 16', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:400:25 source code: [image: image] <https://user-images.githubusercontent.com/62123683/246595148-03aebae3-6b52-4586-b52e-1ade465c9f34.png> 3. Array out-of-bounds error thread 'main' panicked at 'index out of bounds: the len is 16 but the index is 16', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:488:25 source code: [image: image] <https://user-images.githubusercontent.com/62123683/246595161-2a6a104e-de5c-4bea-9f6c-ebf9da054e43.png> 4. Array out-of-bounds error error message: thread 'main' panicked at 'index out of bounds: the len is 16 but the index is 16', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:424:25 source code： [image: image] <https://user-images.githubusercontent.com/62123683/246595240-3cfa0221-67cb-431b-91c6-d5df23bc0f5c.png> 5. String encoding error error message: thread 'main' panicked at 'byte index 5 is not a char boundary; it is inside '밀' (bytes 4..7) of `%%%1밀%j0%`', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:296:25 source code： [image: image] <https://user-images.githubusercontent.com/62123683/246595252-b676ffff-9e6b-415f-a32a-da648a195d5c.png> 6. String encoding error error message: thread 'main' panicked at 'byte index 16 is not a char boundary; it is inside '밀' (bytes 14..17) of `411-0j0%%Y 밀%B`', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:228:3 source code： [image: image] <https://user-images.githubusercontent.com/62123683/246595429-2cdcd39a-b655-4769-9225-fc5b2e30f626.png> 7. String encoding error error message: thread 'main' panicked at 'byte index 1 is not a char boundary; it is inside 'Ͽ' (bytes 0..2) of `ϿTTT`', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:186:50 source code： [image: image] <https://user-images.githubusercontent.com/62123683/246595321-8a29fb7e-2744-41ee-8f79-07af12fb0c6f.png> 8. Unwrap error error message: thread 'main' panicked at 'called `Option::unwrap()` on a `None` value', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:157:53 source code： [image: image] <https://user-images.githubusercontent.com/62123683/246595334-82cf23fa-df1c-4903-8973-2435e8a45aca.png> 9. Unreachable code bug error message: thread 'main' panicked at 'not yet implemented', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:246:25 source code： [image: image] <https://user-images.githubusercontent.com/62123683/246595354-d2cdc377-bd5a-4c9e-9241-53a5416349ac.png> 10. Arithmetic overflow bug error message: thread 'main' panicked at 'attempt to negate with overflow', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/duration.rs:1247:38 source code： [image: image] <https://user-images.githubusercontent.com/62123683/246595369-338745d9-0f27-46b0-9258-2d68eaea4d24.png> 11. Arithmetic overflow bug error message: thread 'main' panicked at 'attempt to subtract with overflow', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/epoch.rs:684:32 source code： [image: image] <https://user-images.githubusercontent.com/62123683/246595384-7bba9d19-8433-4602-b91e-fc325ef6411c.png> 12. Arithmetic overflow bug error message: thread 'main' panicked at 'attempt to multiply with overflow', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/epoch.rs:685:59 source code： [image: image] <https://user-images.githubusercontent.com/62123683/246595391-79e278d1-f270-4941-89ba-809c2e407099.png> 13. Arithmetic overflow bug error message: thread 'main' panicked at 'attempt to subtract with overflow', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:267:66 source code： [image: image] <https://user-images.githubusercontent.com/62123683/246595399-2e08259a-5645-4451-bcd3-49f581511b03.png> 14. Arithmetic overflow bug error message: thread 'main' panicked at 'attempt to calculate the remainder with a divisor of zero', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/duration.rs:511:40 source code： [image: image] <https://user-images.githubusercontent.com/62123683/246595415-ae92cdc4-8975-4483-a374-5712e18feb42.png> 15. Array out-of-bounds error error message: thread 'main' panicked at 'begin <= end (3 <= 2) when slicing ***@***.***`', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:228:32 source code: [image: image] <https://user-images.githubusercontent.com/62123683/246595778-346c02c5-57e1-4b0a-8eb0-6f277d5e4501.png> — Reply to this email directly, view it on GitHub <#244>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABEZV2GALZ5G5REFXLVVC4DXLVSRJANCNFSM6AAAAAAZKC2YAI> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[xizheyin]

Thank you for taking the time to review these issues! All the replay files and their corresponding inputs are in this repository, including arithmetic overflow. If you want to reproduce the exact values that caused crashes during execution, perhaps you can run the replay files while monitoring them?

[ChristopherRabotin]

Thanks, I hadn't seen the link to the replay files, but now I see them. This will help in fixing the bugs for sure, thank you.

What fuzz tool did you use ? It might be useful for me to add it to the CI.

[xizheyin]

Thank you for your recognition. I am a Ph.D. student at SATE Laboratory, Nanjing University. We are currently working on a fuzzing tool for Rust library APIs under the guidance of our advisor. This tool aims to automate the testing of Rust library APIs more effectively. Once we complete it, we will open-source the tool and welcome your suggestions and contributions at that time!

[gwbres]

@xizheyin,

am a Ph.D. student at SATE Laboratory, Nanjing University. We are currently working on a fuzzing tool for Rust library APIs under the guidance of our advisor. This tool aims to automate the testing of Rust library APIs more effectively. Once we complete it, we will open-source the tool and welcome your suggestions and contributions at that time!

this might be a little off topic but I'm also very interested in your stresser tool.
Did you guys get a chance to make progress on this ? i'd be interested in using it in my own tools

[xizheyin]

@gwbres Thank you for your approval, the current version is a bit user-unfriendly, we will refactor the tool to make it more usable in the future.

[gwbres]

Thank you for your approval, the current version is a bit user-unfriendly, we will refactor the tool to make it more usable in the future

👍 do you have a link to this work ? is that the "llvm cov" project you contribute to ? or another repo

[xizheyin]

That's not it. My work hasn't been published yet, so the repo hasn't been made public yet, and with any luck it will be in a few months.

…

--------------原始邮件-------------- 发件人："gwbres ***@***.***&gt;; 发送时间：2024年3月13日(星期三) 凌晨1:21 收件人："nyx-space/hifitime" ***@***.***&gt;; 抄送："xizheyin ***@***.***&gt;;"Mention ***@***.***&gt;; 主题：Re: [nyx-space/hifitime] Bug Report: Identified issues with arithmetic overflow, unreachable code, unwrap errors, and array out-of-bounds and so on (Issue #244) ----------------------------------- Thank you for your approval, the current version is a bit user-unfriendly, we will refactor the tool to make it more usable in the future 👍 do you have a link to this work ? is that the "llvm cov" project you contribute to ? or another repo — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: ***@***.***&gt;

[gwbres]

No worries, I'll try to keep an eye on it