Attempting to parse string including unicode causes panic
frewsxcv opened this issue · comments
code
#![feature(plugin)]
#![plugin(afl_coverage_plugin)]
extern crate afl_coverage;
extern crate xml;
use std::io::{self, Read};
fn main() {
let mut input = String::new();
let result = io::stdin().read_to_string(&mut input);
if result.is_ok() {
let mut reader = xml::reader::EventReader::from_str(&input);
let _: Vec<_> = reader.events().collect();
}
}
input
&𤶼;
or as base64:
JvCktrw7
result
root@afl-rust:~/afl-staging-area# cargo run --verbose < new-file
Fresh gcc v0.3.5
Fresh bitflags v0.1.1
Fresh afl-coverage-plugin v0.0.1 (https://github.com/kmcallister/afl.rs#845bdff0)
Fresh afl-coverage v0.0.1 (https://github.com/kmcallister/afl.rs#845bdff0)
Fresh xml-rs v0.1.24 (file:///root/afl-staging-area)
Fresh afl-staging-area v0.1.0 (file:///root/afl-staging-area)
Running `target/debug/afl-staging-area`
thread '<main>' panicked at 'index 0 and/or 2 in `𤶼` do not lie on character boundary', /root/rust/src/libcore/str/mod.rs:1528
stack backtrace:
1: 0x7f003c964039 - sys::backtrace::write::hb34cb0734f7a3c97uhs
2: 0x7f003c9674f1 - panicking::on_panic::h82f65b9161b1f8deGXw
3: 0x7f003c960c62 - rt::unwind::begin_unwind_inner::h9f6dd38aeb9ea42dQCw
4: 0x7f003c961247 - rt::unwind::begin_unwind_fmt::h44a1d6134651f778WBw
5: 0x7f003c966e46 - rust_begin_unwind
6: 0x7f003c999ee4 - panicking::panic_fmt::h063af2dc79b71461c0B
7: 0x7f003c99b0ff - str::slice_error_fail::h6b062fef7704c76aLMJ
8: 0x7f003c955b0b - str::traits::str.ops..Index<ops..Range<usize>>::index::hd5dc3805dd71586eEBJ
at /root/rust/src/libcore/str/mod.rs:1408
9: 0x7f003c955812 - string::String.ops..Index<ops..Range<usize>>::index::h6e06879e88a080d5wHh
at /root/rust/src/libcollections/string.rs:941
10: 0x7f003c953f27 - reader::parser::inside_reference::PullParser::inside_reference::h50d494c95b4dfa3fPzc
at /root/xml-rs/src/reader/parser/inside_reference.rs:30
11: 0x7f003c95d470 - reader::parser::PullParser::dispatch_token::ha2333453eaa89eedJcd
at /root/xml-rs/src/reader/parser/mod.rs:329
12: 0x7f003c8cfa86 - reader::parser::PullParser::next::h6163686924289215835
at /root/xml-rs/src/reader/parser/mod.rs:256
13: 0x7f003c8cf34e - reader::EventReader<B>::next::h1752267722971489844
at /root/xml-rs/src/reader/mod.rs:44
14: 0x7f003c8cf0a2 - reader::Events<'a, B>.Iterator::next::h5762463174033631403
at /root/xml-rs/src/reader/mod.rs:78
15: 0x7f003c8c85dc - vec::Vec<T>.FromIterator<T>::from_iter::h16810629610021855622
at /root/rust/src/libcollections/vec.rs:1501
16: 0x7f003c8c7a9e - iter::Iterator::collect::h15266764030729070866
at /root/rust/src/libcore/iter.rs:567
17: 0x7f003c8c38d8 - main::ha4318abb77b31c89jaa
at src/main.rs:16
18: 0x7f003c96bff8 - rust_try_inner
19: 0x7f003c96bfe5 - rust_try
20: 0x7f003c968d43 - rt::lang_start::he6efc8b28021b078bSw
21: 0x7f003c8eb622 - main
22: 0x7f003baaba3f - __libc_start_main
23: 0x7f003c8c33b8 - _start
24: 0x0 - <unknown>
Process didn't exit successfully: `target/debug/afl-staging-area` (signal: 4)
This bug was found using https://github.com/kmcallister/afl.rs 👍
Nice, thanks!
BTW, this character does not seem to be a valid name character per XML grammar. This is mostly a note to myself in order not to forget to add a proper error.