Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add fuzz target, fix several panics #67

Merged
merged 6 commits into from
Mar 12, 2024
Merged

feat: Add fuzz target, fix several panics #67

merged 6 commits into from
Mar 12, 2024

Conversation

folkertdev
Copy link
Contributor

closes #6

turns out there are at least 3 overflow issues (and likely many more). Adding a fuzzer is easy, fixing the things it finds is not. I'm also not sure what the preferred way of running the fuzzer is (e.g. on CI for each PR?)

I've fixed one overflow where I think the solution is obvious. But quickly things get less obvious.

cargo +nightly fuzz run no_panic fuzz/artifacts/no_panic/crash-92004600d4f07f7b413ba4b94bdb5d174e0a0876

fails on this line in rc-zip/src/parse/eocd.rs

let computed_directory_offset = res.located_directory_offset() - res.directory_size();

that needs to return some sort of format error, not sure which one yet (I suspect none of the existing errors fit).

cargo +nightly fuzz run no_panic fuzz/artifacts/no_panic/crash-87fc6b172449245303df41752bc5742ee08e1ef5

fails with an overflow in rc-zip/src/parse/central_directory_file_header.rs:151, again the fix is not immediately obvious

By staring at these specific cases I'm sure I could come up with a fix, but I'm not sure what a good general process for fixing these issues looks like. It seems very likely that there will be more issues.

@folkertdev
Copy link
Contributor Author

I think all overflows are fixed now, the fuzzer has been running for many hours without finding more.

I also had reason to create a zip file with a unix extra field. This turned out to be more difficult than expected, but can be replicated using these files https://gist.github.com/folkertdev/79b31ab271602bf095957868aed449d4

@codecov Codecov
Copy link

codecov bot commented Mar 12, 2024

Codecov Report

Attention: Patch coverage is 66.66667% with 4 lines in your changes are missing coverage. Please review.

Project coverage is 75.72%. Comparing base (25b0610) to head (53dd872).

Files Patch % Lines
rc-zip/src/parse/extra_field.rs 0.00% 4 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main      #67      +/-   ##
==========================================
- Coverage   76.08%   75.72%   -0.37%     
==========================================
  Files          25       25              
  Lines        2409     2385      -24     
==========================================
- Hits         1833     1806      -27     
- Misses        576      579       +3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@fasterthanlime
Copy link
Collaborator

Thanks for tackling this!

The changes look good, I think I'm happy to merge it as-is, and we can do smaller fixes as follow-ups!

@fasterthanlime fasterthanlime changed the title add a fuzzer feat: Add fuzz target, fix several panics Mar 12, 2024
@fasterthanlime fasterthanlime merged commit 1b9ab6f into bearcove:main Mar 12, 2024
3 of 5 checks passed
@fasterthanlime fasterthanlime mentioned this pull request Feb 10, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fuzz this
2 participants
@folkertdev @fasterthanlime