Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Panic on overflow in addition #1

Closed
daniellockyer opened this issue Mar 23, 2017 · 3 comments
Closed

Panic on overflow in addition #1

daniellockyer opened this issue Mar 23, 2017 · 3 comments

Comments

@daniellockyer
Copy link
Contributor

daniellockyer commented Mar 23, 2017
edited
Loading

Found using cargo-fuzz.

#![no_main]
extern crate libfuzzer_sys;
extern crate npy;
#[macro_use] extern crate npy_derive;

#[derive(NpyData, Debug)]
struct Array { a: i32 }

#[export_name="rust_fuzzer_test_input"]
pub extern fn go(data: &[u8]) {
    let _ = npy::from_bytes::<Array>(data);
}
INFO: Seed: 3048998103
INFO: Loaded 0 modules (0 guards): 
Loading corpus dir: corpus
#0	READ units: 16
#16	INITED cov: 391 corp: 8/58b exec/s: 0 rss: 84Mb
thread '<unnamed>' panicked at 'attempt to add with overflow', <do_parse macros>:33
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
stack backtrace:
   0: npy::header::parser::header
             at /home/neo/dev/work/npy-rs/src/header.rs:59
   1: npy::header::parse_header
             at /home/neo/dev/work/npy-rs/src/header.rs:51
   2: npy::npy_data::cursor_from_bytes
             at /home/neo/dev/work/npy-rs/src/npy_data.rs:66
   3: npy::npy_data::from_bytes
             at /home/neo/dev/work/npy-rs/src/npy_data.rs:116
   4: rust_fuzzer_test_input
             at ./fuzzers/fuzzer_script_1.rs:13
   5: libfuzzer_sys::test_input_wrap::{{closure}}
             at /home/neo/.cargo/git/checkouts/libfuzzer-sys-e07fde05820d7bc6/36a3928/src/lib.rs:13
==11590== ERROR: libFuzzer: deadly signal
    #0 0x55a4d18f68d9 in __sanitizer_print_stack_trace /checkout/src/compiler-rt/lib/asan/asan_stack.cc:38
    #1 0x55a4d16dbb31 in fuzzer::Fuzzer::CrashCallback() /home/neo/.cargo/git/checkouts/libfuzzer-sys-e07fde05820d7bc6/36a3928/llvm/lib/Fuzzer/FuzzerLoop.cpp:280
    #2 0x55a4d16dba7b in fuzzer::Fuzzer::StaticCrashSignalCallback() /home/neo/.cargo/git/checkouts/libfuzzer-sys-e07fde05820d7bc6/36a3928/llvm/lib/Fuzzer/FuzzerLoop.cpp:264
    #3 0x55a4d16f926d in fuzzer::CrashHandler(int, siginfo_t*, void*) /home/neo/.cargo/git/checkouts/libfuzzer-sys-e07fde05820d7bc6/36a3928/llvm/lib/Fuzzer/FuzzerUtilPosix.cpp:37
    #4 0x7fa555535fdf  (/usr/lib/libpthread.so.0+0x11fdf)
    #5 0x7fa554f97a0f in __GI_raise (/usr/lib/libc.so.6+0x33a0f)
    #6 0x7fa554f99139 in __GI_abort (/usr/lib/libc.so.6+0x35139)
    #7 0x55a4d182a988 in panic_abort::__rust_start_panic::abort /checkout/src/libpanic_abort/lib.rs:61
    #8 0x55a4d182a988 in __rust_start_panic /checkout/src/libpanic_abort/lib.rs:56

NOTE: libFuzzer has rudimentary signal handlers.
      Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
MS: 1 ChangeBinInt-; base unit: ed7bc3c949f8c2a3c4292f8d8aefd15acef57a93
0x93,0x4e,0x55,0x4d,0x50,0x59,0x1,0x0,0xf8,0xff,
\x93NUMPY\x01\x00\xf8\xff
artifact_prefix='artifacts/'; Test unit written to artifacts/crash-3a781303dd5891706dbe2bdc3fef4afc6b27b797
Base64: k05VTVBZAQD4/w==
@daniellockyer daniellockyer changed the title Panic on overflow on addition Panic on overflow in addition Mar 23, 2017
@daniellockyer
Copy link
Contributor Author

Solved it... PR incoming.

@daniellockyer daniellockyer mentioned this issue Mar 23, 2017
Merged
@potocpav
Copy link
Owner

Thanks a lot! I'm really surprised the fuzzer found only one issue :)

@daniellockyer
Copy link
Contributor Author

Yep, nothing else found!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@daniellockyer @potocpav