We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
#[test] fn infinite_loop_invalid_file() { pdf::file::File::from_data(b"startxref%PDF-".as_ref()).unwrap(); }
This puts the decoder into an infinite loop, this test will never complete.
I found this by fuzzing, and the fuzzer says it was stuck in
==844227== ERROR: libFuzzer: timeout after 1 seconds #0 0x563a342640c1 in __sanitizer_print_stack_trace /rustc/llvm/src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:87:3 #1 0x563a349b1158 in fuzzer::PrintStackTrace() (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0xa7c158) #2 0x563a3498b47c in fuzzer::Fuzzer::AlarmCallback() (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0xa5647c) #3 0x7efddb48686f (/usr/lib/libpthread.so.0+0x1386f) #4 0x563a349b9804 in __sanitizer_cov_trace_const_cmp1 (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0xa84804) #5 0x563a34680d96 in pdf::parser::lexer::Lexer::next_word::hbd5751a146c5015e (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x74bd96) #6 0x563a3467f0d2 in pdf::parser::lexer::Lexer::next::h5e400b5eb1696032 (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x74a0d2) #7 0x563a342efdf6 in pdf::backend::Backend::locate_xref_offset::h5009a3aff8015953 (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x3badf6) #8 0x563a342f07c2 in pdf::backend::Backend::read_xref_table_and_trailer::h8690b18b8bcc1c0a (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x3bb7c2) #9 0x563a342cb3f6 in pdf::file::load_storage_and_trailer_password::h403607f8a77cc40c (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x3963f6) #10 0x563a342c9e7b in pdf::file::File$LT$B$GT$::load_data::h3c5cfdefdbfc04a8 (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x394e7b) #11 0x563a3449a5f4 in rust_fuzzer_test_input (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x5655f4) #12 0x563a34976818 in __rust_try (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0xa41818) #13 0x563a34975f7f in LLVMFuzzerTestOneInput (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0xa40f7f) #14 0x563a3498b771 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0xa56771) #15 0x563a3497f6aa in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0xa4a6aa) #16 0x563a349836c2 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0xa4e6c2) #17 0x563a341df2e2 in main (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x2aa2e2) #18 0x7efddb181b24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24) #19 0x563a341df48d in _start (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x2aa48d)
when it timed out
The text was updated successfully, but these errors were encountered:
cc59018
No branches or pull requests
This puts the decoder into an infinite loop, this test will never complete.
I found this by fuzzing, and the fuzzer says it was stuck in
when it timed out
The text was updated successfully, but these errors were encountered: