Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Panic on decoding crafted input: end drain index should be <= len #8

Closed
Shnatsel opened this issue May 7, 2020 · 0 comments
Closed

Panic on decoding crafted input: end drain index should be <= len #8

Shnatsel opened this issue May 7, 2020 · 0 comments

Comments

@Shnatsel
Copy link
Contributor

Shnatsel commented May 7, 2020

Decoding the attached file using code from #5 results in a panic:
end drain index (is 33073) should be <= len (is 33058)

Input triggering the crash, gzipped so that github would accept the upload:
lz4-fear-drain-index-panic.lz4.gz

Backtrace:

thread '<unnamed>' panicked at 'end drain index (is 33073) should be <= len (is 33058)', src/liballoc/vec.rs:1331:13
stack backtrace:
   0: backtrace::backtrace::libunwind::trace
             at /cargo/registry/src/github.heygears.com-1ecc6299db9ec823/backtrace-0.3.46/src/backtrace/libunwind.rs:86
   1: backtrace::backtrace::trace_unsynchronized
             at /cargo/registry/src/github.heygears.com-1ecc6299db9ec823/backtrace-0.3.46/src/backtrace/mod.rs:66
   2: std::sys_common::backtrace::_print_fmt
             at src/libstd/sys_common/backtrace.rs:78
   3: <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt
             at src/libstd/sys_common/backtrace.rs:59
   4: core::fmt::write
             at src/libcore/fmt/mod.rs:1069
   5: std::io::Write::write_fmt
             at src/libstd/io/mod.rs:1504
   6: std::sys_common::backtrace::_print
             at src/libstd/sys_common/backtrace.rs:62
   7: std::sys_common::backtrace::print
             at src/libstd/sys_common/backtrace.rs:49
   8: std::panicking::default_hook::{{closure}}
             at src/libstd/panicking.rs:198
   9: std::panicking::default_hook
             at src/libstd/panicking.rs:218
  10: libfuzzer_sys::initialize::{{closure}}
  11: std::panicking::rust_panic_with_hook
             at src/libstd/panicking.rs:515
  12: rust_begin_unwind
             at src/libstd/panicking.rs:419
  13: core::panicking::panic_fmt
             at src/libcore/panicking.rs:111
  14: alloc::vec::Vec<T>::drain::end_assert_failed
             at src/liballoc/vec.rs:1331
  15: lz_fear::framed::decompress::LZ4FrameReader<R>::decode_block
  16: <lz_fear::framed::decompress::LZ4FrameIoReader<R> as std::io::Read>::read
  17: rust_fuzzer_test_input
  18: LLVMFuzzerTestOneInput
  19: _ZN6fuzzer6Fuzzer15ExecuteCallbackEPKhm
  20: _ZN6fuzzer10RunOneTestEPNS_6FuzzerEPKcm
  21: _ZN6fuzzer12FuzzerDriverEPiPPPcPFiPKhmE
  22: main
  23: __libc_start_main
  24: _start
@main-- main-- closed this as completed in a06cb40 May 7, 2020
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Shnatsel