Serial-ATA
Some panics found by fuzzing
Reproducer
This case panicked at 'internal error: entered unreachable code'
let data=[1,0,0,0];
let _local0 = lofty::id3::v2::Id3v2Tag::new();
let _local1_param0_helper1 = &(_local0);
let _local1 = lofty::id3::v2::Id3v2Tag::original_version(_local1_param0_helper1);
let _local2_param0_helper1 = &mut (&data[..]);
let _: lofty::error::Result::<std::option::Option::<lofty::id3::v2::ExtendedTextFrame>> = lofty::id3::v2::ExtendedTextFrame::parse(_local2_param0_helper1, _local1);
Panic information:
thread 'main' panicked at 'internal error: entered unreachable code', /home/jjf/Fuzzing-Target-Generator/experiments/lofty-rs/src/id3/v2/items/extended_text_frame.rs:94:22
stack backtrace:
0: rust_begin_unwind
1: core::panicking::panic_fmt
2: core::panicking::panic
3: lofty::id3::v2::items::extended_text_frame::ExtendedTextFrame::parse
at ./src/id3/v2/items/extended_text_frame.rs:94:10
4: replay_lofty16::test_function16
at ./fuzz_target/build/replay_lofty16/src/main.rs:16:95
5: replay_lofty16::main
at ./fuzz_target/build/replay_lofty16/src/main.rs:48:5
6: core::ops::function::FnOnce::call_once
at /home/jjf/Fuzzing-Target-Generator/library/core/src/ops/function.rs:251:5
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
This case panicked at 'attempt to add with overflow'
let data=[57, 25, 25, 0, 4, 1, 54, 0, 51, 6, 6, 6, 25, 25, 25, 129, 6, 151, 28, 25, 25, 0, 51, 51, 50, 5, 5, 5, 26, 5, 5, 25, 6, 6, 25, 26, 246, 25, 25, 129, 6, 151, 3, 252, 56, 0, 53, 56, 55, 52];
let _local0 = <lofty::ParsingMode as std::default::Default>::default();
let _local1_param0_helper1 = &mut (&data[..]);
let _: lofty::error::Result::<std::option::Option::<lofty::id3::v2::RelativeVolumeAdjustmentFrame>> = lofty::id3::v2::RelativeVolumeAdjustmentFrame::parse(_local1_param0_helper1, _local0);
panic information:
thread 'main' panicked at 'attempt to add with overflow', /home/jjf/Fuzzing-Target-Generator/experiments/lofty-rs/src/id3/v2/items/relative_volume_adjustment_frame.rs:130:47
stack backtrace:
0: rust_begin_unwind
1: core::panicking::panic_fmt
2: core::panicking::panic
3: lofty::id3::v2::items::relative_volume_adjustment_frame::RelativeVolumeAdjustmentFrame::parse
at ./src/id3/v2/items/relative_volume_adjustment_frame.rs:130:35
4: replay_lofty11::test_function11
at ./fuzz_target/build/replay_lofty11/src/main.rs:14:107
5: replay_lofty11::main
at ./fuzz_target/build/replay_lofty11/src/main.rs:46:5
6: core::ops::function::FnOnce::call_once
at /home/jjf/Fuzzing-Target-Generator/library/core/src/ops/function.rs:251:5
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
Summary
Hi, I am fuzzing this library with afl.rs, and I have found some panics. The version I test is 0.17.1. I hope you can check whether these cases are bugs.
Expected behavior
The first case should not reach unreachable code. Instead it should be reasonable to return an Result::Error. The second case should not panic at 'attempt to add with overflow'.
Assets
No response
Awesome, thanks for doing this! I don't have many opportunities to do fuzzing myself. :smile:
Thanks for the response, do you think these panics are really bugs? I think unreachable and overflow panics should not appear in any situation.
Yes, they are bugs. I had not accounted for these situations, so there are instances of unchecked math and broken assumptions from time to time.