Crashes found by honggfuzz
killercup opened this issue · comments
Howdy! This is a 🐛 bug report for two crashes I found with the following fuzzer script that you can also find in rust-fuzz/targets#114:
pub fn fuzz_sleep_parser_header(data: &[u8]) {
if let Ok(header) = sleep_parser::Header::from_vec(data) {
sleep_parser::Header::from_vec(&header.to_vec()).unwrap();
}
}
Should this assertion of from_vec¹ -> to_vec -> from_vec hold?
If yes, with data
as either of
b"\x05\x02W\x01\x00\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xfb\x03p\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xbb9\xb0\xf5\xf5"
b"\x05\x02W\x01\x00\x00\x00\x12\x12\x12\x00\x00S\xc3\xcf\x8a2\xcc\xd1\xce9\xc4K\x9343\x00602\xb5\x07"
the current git master crashes. I have not investigated further.
¹ Why is this called from_vec
when it takes a slice? I'd probably call it from_bytes
which is more precise.
Awesome, this is a great find! It shouldn't ever be crashing tbh, so we should probably fix this!
edit: yeah, it should probably be called from_bytes
, haha. Good one!
@killercup by the way, do you maybe still have the code for the fuzzer? Would be great if we could check it in for future parts :D
The code is in rust-fuzz/targets#114 but i can make a PR to add it here too
Edit: #5
Woah, didn't realize sleep-parser
was in the test suite :D That's great!