panic on unwrap() on None

[alexanderkjall]

I did some fuzzing of this library, since my software depends on it, and found a panic.

thread '' panicked at 'called Option::unwrap() on a None value', /home/capitol/projects/rust-ini/src/lib.rs:1136:72

full stacktrace:

    #0 0x555d7fff3d81 in __sanitizer_print_stack_trace /rustc/llvm/src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:86:3
    #1 0x555d80400ec1 in fuzzer::PrintStackTrace() /home/capitol/.cargo/registry/src/github.heygears.com-1ecc6299db9ec823/libfuzzer-sys-0.3.4/libfuzzer/FuzzerUtil.cpp:210:38
    #2 0x555d803e55ae in fuzzer::Fuzzer::CrashCallback() /home/capitol/.cargo/registry/src/github.heygears.com-1ecc6299db9ec823/libfuzzer-sys-0.3.4/libfuzzer/FuzzerLoop.cpp:233:18
    #3 0x555d803e543b in fuzzer::Fuzzer::StaticCrashSignalCallback() /home/capitol/.cargo/registry/src/github.heygears.com-1ecc6299db9ec823/libfuzzer-sys-0.3.4/libfuzzer/FuzzerLoop.cpp:204:19
    #4 0x555d80419c0f in fuzzer::CrashHandler(int, siginfo_t*, void*) /home/capitol/.cargo/registry/src/github.heygears.com-1ecc6299db9ec823/libfuzzer-sys-0.3.4/libfuzzer/FuzzerUtilPosix.cpp:46:36
    #5 0x7f45fc6d520f  (/lib/x86_64-linux-gnu/libc.so.6+0x4620f)
    #6 0x7f45fc6d518a in __libc_signal_restore_set /build/glibc-YYA7BZ/glibc-2.31/signal/../sysdeps/unix/sysv/linux/internal-signals.h:86:3
    #7 0x7f45fc6d518a in raise /build/glibc-YYA7BZ/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:48:3
    #8 0x7f45fc6b4858 in abort /build/glibc-YYA7BZ/glibc-2.31/stdlib/abort.c:79:7
    #9 0x555d805db7f6 in std::sys::unix::abort_internal::h5c8b2a90c624abaf /rustc/397b390cc76ba1d98f80b2a24a371f708dcc9169/library/std/src/sys/unix/mod.rs:167:14
    #10 0x555d805c48d5 in std::process::abort::hb13208ae9f5b7133 /rustc/397b390cc76ba1d98f80b2a24a371f708dcc9169/library/std/src/process.rs:1623:5
    #11 0x555d803b63b2 in libfuzzer_sys::initialize::_$u7b$$u7b$closure$u7d$$u7d$::h9884bbdda40e438c /home/capitol/.cargo/registry/src/github.heygears.com-1ecc6299db9ec823/libfuzzer-sys-0.3.4/src/lib.rs:51:9
    #12 0x555d805cbb97 in std::panicking::rust_panic_with_hook::h2f4c96dfd8ba524a /rustc/397b390cc76ba1d98f80b2a24a371f708dcc9169/library/std/src/panicking.rs:573:17
    #13 0x555d805cb748 in std::panicking::begin_panic_handler::_$u7b$$u7b$closure$u7d$$u7d$::h7740abbe2875cb4d /rustc/397b390cc76ba1d98f80b2a24a371f708dcc9169/library/std/src/panicking.rs:476:9
    #14 0x555d805c6bcb in std::sys_common::backtrace::__rust_end_short_backtrace::hcad001df0a36db28 /rustc/397b390cc76ba1d98f80b2a24a371f708dcc9169/library/std/src/sys_common/backtrace.rs:153:18
    #15 0x555d805cb708 in rust_begin_unwind /rustc/397b390cc76ba1d98f80b2a24a371f708dcc9169/library/std/src/panicking.rs:475:5
    #16 0x555d80630fd0 in core::panicking::panic_fmt::hb15d6f55e8472f62 /rustc/397b390cc76ba1d98f80b2a24a371f708dcc9169/library/core/src/panicking.rs:85:14
    #17 0x555d80630f1c in core::panicking::panic::h5d1c61fed2502a5f /rustc/397b390cc76ba1d98f80b2a24a371f708dcc9169/library/core/src/panicking.rs:50:5
    #18 0x555d80094eb2 in core::option::Option$LT$T$GT$::unwrap::ha3721cb89adcd423 /home/capitol/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/option.rs:370:21
    #19 0x555d80039350 in ini::Parser::parse_str_until::h49d14f32501f49c2 /home/capitol/projects/rust-ini/src/lib.rs:1136:54
    #20 0x555d8003a0ce in ini::Parser::parse_str_until_eol::h6c910d3fa3aa74a5 /home/capitol/projects/rust-ini/src/lib.rs:1191:9
    #21 0x555d80039b1a in ini::Parser::parse_val::h89482f840fd70cb3 /home/capitol/projects/rust-ini/src/lib.rs:1185:18
    #22 0x555d800352c4 in ini::Parser::parse::ha575ed2e1dcde280 /home/capitol/projects/rust-ini/src/lib.rs:1052:27
    #23 0x555d80024eb8 in ini::Ini::read_from_opt::h5289cf39f9166deb /home/capitol/projects/rust-ini/src/lib.rs:813:15
    #24 0x555d800254f7 in ini::Ini::read_from::hd4d9745572fb4c83 /home/capitol/projects/rust-ini/src/lib.rs:798:9
    #25 0x555d8001e630 in rust_fuzzer_test_input /home/capitol/projects/rust-ini/fuzz/fuzz_targets/fuzz_target_1.rs:9:5
    #26 0x555d803b5d9c in libfuzzer_sys::test_input_wrap::_$u7b$$u7b$closure$u7d$$u7d$::hb028caf01b44ed44 /home/capitol/.cargo/registry/src/github.heygears.com-1ecc6299db9ec823/libfuzzer-sys-0.3.4/src/lib.rs:27:9
    #27 0x555d8041d8f7 in std::panicking::try::do_call::h9a75dbb80adec165 /home/capitol/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/std/src/panicking.rs:373:40
    #28 0x555d8041ddba in __rust_try (/home/capitol/projects/rust-ini/fuzz/target/x86_64-unknown-linux-gnu/debug/fuzz_target_1+0x5cddba)
    #29 0x555d8041d475 in std::panicking::try::h5bb8fed7e70217bf /home/capitol/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/std/src/panicking.rs:337:19
    #30 0x555d8041a516 in std::panic::catch_unwind::h5bdd326b915b312d /home/capitol/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/std/src/panic.rs:379:14
    #31 0x555d803b56e1 in LLVMFuzzerTestOneInput /home/capitol/.cargo/registry/src/github.heygears.com-1ecc6299db9ec823/libfuzzer-sys-0.3.4/src/lib.rs:25:22
    #32 0x555d803e71ee in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /home/capitol/.cargo/registry/src/github.heygears.com-1ecc6299db9ec823/libfuzzer-sys-0.3.4/libfuzzer/FuzzerLoop.cpp:559:17
    #33 0x555d803e69f9 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /home/capitol/.cargo/registry/src/github.heygears.com-1ecc6299db9ec823/libfuzzer-sys-0.3.4/libfuzzer/FuzzerLoop.cpp:471:18
    #34 0x555d803e7de0 in fuzzer::Fuzzer::MutateAndTestOne() /home/capitol/.cargo/registry/src/github.heygears.com-1ecc6299db9ec823/libfuzzer-sys-0.3.4/libfuzzer/FuzzerLoop.cpp:702:25
    #35 0x555d803e8ac7 in fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /home/capitol/.cargo/registry/src/github.heygears.com-1ecc6299db9ec823/libfuzzer-sys-0.3.4/libfuzzer/FuzzerLoop.cpp:838:21
    #36 0x555d803be8c6 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /home/capitol/.cargo/registry/src/github.heygears.com-1ecc6299db9ec823/libfuzzer-sys-0.3.4/libfuzzer/FuzzerDriver.cpp:851:10
    #37 0x555d803b53e3 in main /home/capitol/.cargo/registry/src/github.heygears.com-1ecc6299db9ec823/libfuzzer-sys-0.3.4/libfuzzer/FuzzerMain.cpp:20:30
    #38 0x7f45fc6b60b2 in __libc_start_main /build/glibc-YYA7BZ/glibc-2.31/csu/../csu/libc-start.c:308:16
    #39 0x555d7ff70add in _start (/home/capitol/projects/rust-ini/fuzz/target/x86_64-unknown-linux-gnu/debug/fuzz_target_1+0x120add)

Can be reproduced with this unit test:

    use std::io::Cursor;

    #[test]
    fn unwrap_none() {
        let mut d:Vec<u8> = vec![10, 8, 68, 8, 61, 10, 126, 126, 61, 49, 10, 62, 8, 8, 61, 10, 91, 93, 93, 36, 91, 61, 10, 75, 91, 10, 10, 10, 61, 92, 120, 68, 70, 70, 70, 70, 70, 126, 61, 10, 0, 0, 61, 10, 38, 46, 49, 61, 0, 39, 0, 0, 46, 92, 120, 46, 36, 91, 91, 1, 0, 0, 16, 0, 0, 0, 0, 0, 0];
        let mut file = Cursor::new(d);
        Ini::read_from(&mut file);
    }

[zonyitoo]

rust-ini/src/lib.rs

Line 1136 in 8d5a92f

Ok(c) => result.push(char::from_u32(c).unwrap()),

So.. it contains an invalid code point....

[zonyitoo]

Will be released in v0.16.0.