oss-fuzz: pest:parser: ASSERT: index out of bounds: the len is 0 but the index is 8 #686

tomtau · 2022-08-11T08:50:06Z

Describe the bug
Fuzzing found a crash due to indexing an empty vector.

Line 309 in 9c42f12

match new_state.queue[index] {

thread '<unnamed>' panicked at 'index out of bounds: the len is 0 but the index is 8', [pest/pest/src/parser_state.rs:309](https://github.com/pest-parser/pest/blob/9c42f1293aa999b24cd8dea70469da3be3a4c9eb/pest/src/parser_state.rs#L309):27

To Reproduce
minimal sample:

f={f{/*/*6/*6/*6/*5/*6*6/*6/*6/*5/*7//*

Expected behavior
No crash

Additional context
https://oss-fuzz.com/testcase-detail/5457878206513152

The text was updated successfully, but these errors were encountered:

closes pest-parser#686 this logic sneaked in from the previous call depth checking; the follow up for the grammar timeout issue is pest-parser#685

tomtau added the bug label Aug 11, 2022

tomtau pushed a commit to tomtau/pest that referenced this issue Aug 11, 2022

fix: not clear queue when exceeding a call limit

10fe82a

closes pest-parser#686 this logic sneaked in from the previous call depth checking; the follow up for the grammar timeout issue is pest-parser#685

tomtau mentioned this issue Aug 11, 2022

fix: not clear queue when exceeding a call limit #687

Merged

CAD97 closed this as completed in #687 Aug 13, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

oss-fuzz: pest:parser: ASSERT: index out of bounds: the len is 0 but the index is 8 #686

oss-fuzz: pest:parser: ASSERT: index out of bounds: the len is 0 but the index is 8 #686

tomtau commented Aug 11, 2022 •

edited

oss-fuzz: pest:parser: ASSERT: index out of bounds: the len is 0 but the index is 8 #686

oss-fuzz: pest:parser: ASSERT: index out of bounds: the len is 0 but the index is 8 #686

Comments

tomtau commented Aug 11, 2022 • edited

tomtau commented Aug 11, 2022 •

edited