Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix panic caused by trying to deal with parsing incorrect size int. #2

Merged
merged 1 commit into from Mar 24, 2017

Conversation

Projects
None yet
2 participants
@neosilky
Copy link
Contributor

commented Mar 23, 2017

A crashing input looks like \x93NUMPY\x01\x00\xf8\xff.

According to the spec, the bytes following \x01\x00 should be an unsigned short int.

The next 2 bytes form a little-endian unsigned short int: the length of the header data HEADER_LEN.

nom was told to use a signed short int which would panic further code when given the wrong size.

Fixes #1 and found by cargo-fuzz. It was found within ~30 executions but following the patch, I'm currently at 2 million with no crashes.

Fix panic caused by trying to deal with parsing incorrect size int.
According to the spec, the bytes following `\x01\x00` should be an
unsigned short int. `nom` was told to use a signed int which would
panic when given the wrong size.

@potocpav potocpav merged commit 0980ff3 into potocpav:master Mar 24, 2017

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

@neosilky neosilky deleted the neosilky:fix-panic branch Mar 24, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.