Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Panic in lzma.writeRep #3

Open
ulikunitz opened this issue Sep 28, 2015 · 5 comments
Open

Panic in lzma.writeRep #3

ulikunitz opened this issue Sep 28, 2015 · 5 comments
Assignees
Milestone

Comments

@ulikunitz
Copy link
Owner

@pmezard reported a panic in the master tree that he has found using go-fuzz. Many thanks for that. I have asked for the go-fuzz code and the crasher sequence to check what caused the bug and to fix it in the dev tree.

@ulikunitz
Copy link
Owner Author

Just to make clear the panic indicates a bug in the encoder that needs to be fixed.

@pmezard
Copy link

pmezard commented Sep 29, 2015

The issue is not with the encoder but with the decoder. The input generated by go-fuzz is certainly malformed but I believe decoding libraries should not panic upon invalid inputs when possible (exception might be when allocating buffers but even these can be mitigated). The panic can be reproduced manually by running:

cd lzma
go run lzmareader/lzmareader.go corpus/bad_dist_out_of_range.lzma

using this as input:

https://github.com/pmezard/xz/blob/fuzz/lzma/corpus/bad_dist_out_of_range.lzma

in the fuzzing branch I pushed here:

https://github.com/pmezard/xz/tree/fuzz

The trivial reader code is here:

https://github.com/pmezard/xz/blob/fuzz/lzma/lzmareader/lzmareader.go

and go-fuzz function:

https://github.com/pmezard/xz/blob/fuzz/lzma/fuzz.go

@ulikunitz
Copy link
Owner Author

Hi, many thanks for the comprehensive information. I will have to work on it, but can't start before Sunday.

@ulikunitz
Copy link
Owner Author

The code has been rewritten and and tested against multiple corpora. I'm planning fuzzing tests for v0.7.

@ulikunitz ulikunitz added this to the v0.7 milestone Jan 31, 2016
@ulikunitz ulikunitz added enhancement and removed bug labels Feb 21, 2021
@ulikunitz
Copy link
Owner Author

I labeled the issue as enhancement, because the open action is fuzzing the bug is fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants