Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Some cases may lead to crash when fuzzing xi-core-lib using afl.rs #1303

Open
StevenJiang1110 opened this issue Dec 17, 2020 · 0 comments
Open
Labels

Comments

@StevenJiang1110
Copy link

I have used afl.rs to fuzz the core-lib crate of xi-eidtor(version = "0.4.0", the newest version directly cloned from github). I run fuzz on my ubuntu18.04, x86-64 machine, and I've found several cases may lead to panic.
First is an index out of bounds panic, it can be replayed by

let mut _local0 = xi_core_lib::selection::Selection::new();
let _ = xi_core_lib::selection::Selection::collapse(&mut (_local0));

The error message is
截屏2020-12-17 下午9 01 17

Second is an slice index panic, it can be replayed by

let _local0 = xi_core_lib::selection::SelRegion::new(3472328296227680352 ,3472328296227692592);
let _local1 = xi_core_lib::selection::Selection::new_simple(_local0);
let _ = xi_core_lib::selection::Selection::regions_in_range(&_local1 ,3472328502386110512,3472328296227680304);

The error message is
截屏2020-12-17 下午8 59 47

There are also some arithmetic overflow panics. For example

let mut _local0 = xi_core_lib::line_cache_shadow::RenderPlan::create(3472328296227680304,3472328296227680304 ,3472328296227680304);
let _ = xi_core_lib::line_cache_shadow::RenderPlan::request_lines(&mut _local0 ,3472328296227680304 ,85621376445067312);

The error message is
截屏2020-12-17 下午8 57 19

There are also some other arithmetic overflow panics. I put all the relpay files at replay files
I hope you can check if these is real bugs need to be fixed. Thanks a lot.

@Cogitri Cogitri added the crash label Dec 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants