Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Panic on `attempt to subtract with overflow` #15

Closed
neosilky opened this issue Dec 27, 2017 · 0 comments

Comments

Projects
None yet
1 participant
@neosilky
Copy link

commented Dec 27, 2017

Found using cargo-fuzz.

On the following input;

Hex: 0x46,0x4c,0x49,0x46,0x44,0x27,0x46,0x46,
Plaintext: FLIFD'FF
Base64: RkxJRkQnRkY=

I get this panic:

thread '<unnamed>' panicked at 'attempt to subtract with overflow', /home/neo/dev/flif.rs/src/flif/components/header.rs:70:39
stack backtrace:
   0: std::sys::unix::backtrace::tracing::imp::unwind_backtrace
             at /checkout/src/libstd/sys/unix/backtrace/tracing/gcc_s.rs:49
   1: std::sys_common::backtrace::print
             at /checkout/src/libstd/sys_common/backtrace.rs:68
             at /checkout/src/libstd/sys_common/backtrace.rs:57
   2: std::panicking::default_hook::{{closure}}
             at /checkout/src/libstd/panicking.rs:381
   3: std::panicking::default_hook
             at /checkout/src/libstd/panicking.rs:397
   4: std::panicking::rust_panic_with_hook
             at /checkout/src/libstd/panicking.rs:577
   5: std::panicking::begin_panic
             at /checkout/src/libstd/panicking.rs:538
   6: std::panicking::begin_panic_fmt
             at /checkout/src/libstd/panicking.rs:522
   7: rust_begin_unwind
             at /checkout/src/libstd/panicking.rs:498
   8: core::panicking::panic_fmt
             at /checkout/src/libcore/panicking.rs:71
   9: core::panicking::panic
             at /checkout/src/libcore/panicking.rs:51
  10: flif::components::header::Header::from_reader
             at ./src/flif/components/header.rs:70
  11: <flif::decoder::Decoder<R>>::identify_internal
             at ./src/flif/decoder.rs:76
  12: <flif::decoder::Decoder<R>>::decode
             at ./src/flif/decoder.rs:25
  13: rust_fuzzer_test_input
             at fuzz/fuzz_targets/fuzz_target_1.rs:9
  14: libfuzzer_sys::test_input_wrap::{{closure}}
             at /home/neo/.cargo/git/checkouts/libfuzzer-sys-e07fde05820d7bc6/737524f/src/lib.rs:11
  15: std::panicking::try::do_call
             at /checkout/src/libstd/panicking.rs:480
  16: <unknown>
             at /checkout/src/libpanic_abort/lib.rs:38
==4085== ERROR: libFuzzer: deadly signal
    #0 0x561784609173 in __sanitizer_print_stack_trace /checkout/src/libcompiler_builtins/compiler-rt/lib/asan/asan_stack.cc:38
    #1 0x56178463f721 in fuzzer::Fuzzer::CrashCallback() /home/neo/.cargo/git/checkouts/libfuzzer-sys-e07fde05820d7bc6/737524f/llvm/lib/Fuzzer/FuzzerLoop.cpp:280
    #2 0x56178463f66b in fuzzer::Fuzzer::StaticCrashSignalCallback() /home/neo/.cargo/git/checkouts/libfuzzer-sys-e07fde05820d7bc6/737524f/llvm/lib/Fuzzer/FuzzerLoop.cpp:264
    #3 0x56178465f3f1 in fuzzer::CrashHandler(int, siginfo_t*, void*) /home/neo/.cargo/git/checkouts/libfuzzer-sys-e07fde05820d7bc6/737524f/llvm/lib/Fuzzer/FuzzerUtilPosix.cpp:37
    #4 0x7f2681b01d9f  (/usr/lib/libpthread.so.0+0x11d9f)
    #5 0x7f268155485f in __GI_raise (/usr/lib/libc.so.6+0x3485f)
    #6 0x7f2681555ec8 in __GI_abort (/usr/lib/libc.so.6+0x35ec8)
    #7 0x5617846b8a38 in panic_abort::__rust_start_panic::abort /checkout/src/libpanic_abort/lib.rs:59
    #8 0x5617846b8a38 in __rust_start_panic /checkout/src/libpanic_abort/lib.rs:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.