Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Panic on array index out of bounds #2

Closed
neosilky opened this issue Jun 22, 2018 · 1 comment

Comments

Projects
None yet
2 participants
@neosilky
Copy link

commented Jun 22, 2018

Found using honggfuzz.

A simple 1 character input, such as q triggers the panic.

thread 'main' panicked at 'byte index 2 is out of bounds of `q`', libcore/str/mod.rs:2249:9
stack backtrace:
   0: std::sys::unix::backtrace::tracing::imp::unwind_backtrace
             at libstd/sys/unix/backtrace/tracing/gcc_s.rs:49
   1: std::sys_common::backtrace::print
             at libstd/sys_common/backtrace.rs:71
             at libstd/sys_common/backtrace.rs:59
   2: std::panicking::default_hook::{{closure}}
             at libstd/panicking.rs:211
   3: std::panicking::default_hook
             at libstd/panicking.rs:227
   4: std::panicking::rust_panic_with_hook
             at libstd/panicking.rs:463
   5: std::panicking::begin_panic_fmt
             at libstd/panicking.rs:350
   6: rust_begin_unwind
             at libstd/panicking.rs:328
   7: core::panicking::panic_fmt
             at libcore/panicking.rs:71
   8: core::str::slice_error_fail
             at libcore/str/mod.rs:2249
   9: core::str::traits::<impl core::slice::SliceIndex<str> for core::ops::range::RangeFrom<usize>>::index::{{closure}}
             at /checkout/src/libcore/str/mod.rs:2014
  10: <core::option::Option<T>>::unwrap_or_else
             at /checkout/src/libcore/option.rs:376
  11: core::str::traits::<impl core::slice::SliceIndex<str> for core::ops::range::RangeFrom<usize>>::index
             at /checkout/src/libcore/str/mod.rs:2014
  12: core::str::traits::<impl core::ops::index::Index<core::ops::range::RangeFrom<usize>> for str>::index
             at /checkout/src/libcore/str/mod.rs:1769
  13: accept_language::Language::quality_with_default
             at /home/user/.cargo/git/checkouts/accept-language-rs-4f7d163bc75a9e21/19e00f5/src/lib.rs:82
  14: accept_language::Language::new
             at /home/user/.cargo/git/checkouts/accept-language-rs-4f7d163bc75a9e21/19e00f5/src/lib.rs:72
  15: accept_language::parse::{{closure}}
             at /home/user/.cargo/git/checkouts/accept-language-rs-4f7d163bc75a9e21/19e00f5/src/lib.rs:104
  16: core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &'a mut F>::call_once
             at /checkout/src/libcore/ops/function.rs:271
  17: <core::option::Option<T>>::map
             at /checkout/src/libcore/option.rs:404
  18: <core::iter::Map<I, F> as core::iter::iterator::Iterator>::next
             at /checkout/src/libcore/iter/mod.rs:1347
  19: <alloc::vec::Vec<T> as alloc::vec::SpecExtend<T, I>>::spec_extend
             at /checkout/src/liballoc/vec.rs:1883
  20: <alloc::vec::Vec<T> as alloc::vec::SpecExtend<T, I>>::from_iter
             at /checkout/src/liballoc/vec.rs:1866
  21: <alloc::vec::Vec<T> as core::iter::traits::FromIterator<T>>::from_iter
             at /checkout/src/liballoc/vec.rs:1752
  22: core::iter::iterator::Iterator::collect
             at /checkout/src/libcore/iter/iterator.rs:1375
  23: accept_language::parse
             at /home/user/.cargo/git/checkouts/accept-language-rs-4f7d163bc75a9e21/19e00f5/src/lib.rs:104
  24: accept_language_parse::main::{{closure}}
             at /home/user/daniel/targets/common/src/lib.rs:60
             at fuzzer-honggfuzz/src/bin/accept_language_parse.rs:8
  25: honggfuzz::fuzz
             at /home/user/.cargo/registry/src/github.com-1ecc6299db9ec823/honggfuzz-0.5.20/src/lib.rs:301
  26: accept_language_parse::main
             at fuzzer-honggfuzz/src/bin/accept_language_parse.rs:7
  27: std::rt::lang_start::{{closure}}
             at /checkout/src/libstd/rt.rs:74
  28: std::panicking::try::do_call
             at libstd/rt.rs:59
             at libstd/panicking.rs:310
  29: __rust_maybe_catch_panic
             at libpanic_unwind/lib.rs:105
  30: std::rt::lang_start_internal
             at libstd/panicking.rs:289
             at libstd/panic.rs:374
             at libstd/rt.rs:58
  31: std::rt::lang_start
             at /checkout/src/libstd/rt.rs:74
  32: main
  33: __libc_start_main
  34: _start
@mike-engel

This comment has been minimized.

Copy link
Owner

commented Jun 24, 2018

This has been fixed in 1.1.1. Thanks for reporting!

@mike-engel mike-engel closed this Jun 24, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.