Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

slice bounds out of range in decode #26

Closed
daaku opened this issue Mar 20, 2016 · 8 comments
Closed

slice bounds out of range in decode #26

daaku opened this issue Mar 20, 2016 · 8 comments

Comments

@daaku
Copy link

daaku commented Mar 20, 2016

I'm trying to get a full working repro, but my current best guess is this was while trying to read a file which had experienced a partial write of the compressed data:

panic: runtime error: slice bounds out of range

goroutine 69 [running]:
panic(0xf4cf00, 0xc82000e0b0)
    /go/src/runtime/panic.go:464 +0x3e6
github.com/golang/snappy.(*Reader).Read(0xc89eb43730, 0xcb1ae08000, 0x10000, 0x10000, 0xa, 0x0, 0x0)
    /gopath/src/github.com/golang/snappy/decode.go:198 +0xba4
bufio.(*Reader).fill(0xc9eb4603c0)
    /go/src/bufio/bufio.go:97 +0x1e9
bufio.(*Reader).Read(0xc9eb4603c0, 0xc93f20326d, 0xd93, 0xd93, 0xc82b48fd00, 0x0, 0x0)
    /go/src/bufio/bufio.go:207 +0x260
io/ioutil.(*nopCloser).Read(0xc91fe04ec0, 0xc93f20326d, 0xd93, 0xd93, 0x20e1843c1a693, 0x0, 0x0)
    <autogenerated>:4 +0x82
bufio.(*Scanner).Scan(0xc837df2500, 0x11b6370)
    /go/src/bufio/scan.go:208 +0x97b
...
@dgryski
Copy link
Contributor

dgryski commented Mar 20, 2016

This should come up easily with fuzzing if you want to go that route.

The regular decode routine has been fuzzed pretty heavily.

@dgryski
Copy link
Contributor

dgryski commented Apr 3, 2016

Any update on getthig this data? I ran several billion fuzzed cases through the asm decoder and the Go one with no mismatch in behaviour or panics.

@nigeltao
Copy link
Contributor

nigeltao commented Apr 3, 2016

Did you fuzz the Reader type as well as the Decode function? The bug might be in the framing format decoder, not in the core decoder.

@dgryski
Copy link
Contributor

dgryski commented Apr 3, 2016

Good point. I did not. I was focusing on the asm core. I'll fuzz the framing reader Monday.

@nigeltao
Copy link
Contributor

nigeltao commented Apr 3, 2016

You might not need to. I think there's an obvious bug. Code coming...

@nigeltao
Copy link
Contributor

nigeltao commented Apr 3, 2016

I'm calling this bug fixed, but I think that your compressed files are still corrupt somehow. It's just that the corruption should now return an error instead of panic.

@daaku
Copy link
Author

daaku commented Apr 6, 2016

Thanks for the fix. And yes the files were corrupt!

@dgryski
Copy link
Contributor

dgryski commented Apr 6, 2016

I fuzzed NewReader()/Read() for several billion iterations and didn't find anything.

Final line before ^C:
2016/04/05 10:00:47 slaves: 28, corpus: 220 (19h19m ago), crashers: 0, restarts: 1/10000, execs: 6920725600 (84639/sec), cover: 154, uptime: 22h42m

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@daaku @dgryski @nigeltao