Skip to content

[Fuzzing] NrbfDecoderFuzzer: The output char buffer is too small to contain the decoded characters #107515

New issue
New issue
Closed
#107532
Closed
[Fuzzing] NrbfDecoderFuzzer: The output char buffer is too small to contain the decoded characters#107515
#107532
Assignees
adamsitnik
Labels
area-System.Formats.Nrbfin-prThere is an active PR which will close this issue when it is merged
@MihaZupan

Description

@MihaZupan
MihaZupan
opened on Sep 8, 2024
System.ArgumentException: The output char buffer is too small to contain the decoded characters, encoding codepage '65001' and fallback 'System.Text.DecoderExceptionFallback'. (Parameter 'chars')
   at System.Text.Encoding.ThrowCharsOverflow(DecoderNLS decoder, Boolean nothingDecoded)
   at System.Text.DecoderNLS.DrainLeftoverDataForGetChars(ReadOnlySpan`1 bytes, Span`1 chars, Int32& bytesConsumed)
   at System.Text.Encoding.GetCharsWithFallback(Byte* pOriginalBytes, Int32 originalByteCount, Char* pOriginalChars, Int32 originalCharCount, Int32 bytesConsumedSoFar, Int32 charsWrittenSoFar, DecoderNLS decoder)
   at System.Text.Encoding.GetChars(Byte* pBytes, Int32 byteCount, Char* pChars, Int32 charCount, DecoderNLS decoder)
   at System.Text.Decoder.GetChars(ReadOnlySpan`1 bytes, Span`1 chars, Boolean flush)
   at System.IO.BinaryReader.InternalReadChars(Span`1 buffer)
   at System.IO.BinaryReader.ReadChars(Int32 count)
   at System.Formats.Nrbf.ArraySinglePrimitiveRecord`1.DecodePrimitiveTypes(BinaryReader reader, Int32 count)
   at System.Formats.Nrbf.NrbfDecoder.g__Decode|13_0[T](ArrayInfo info, BinaryReader reader)
   at System.Formats.Nrbf.NrbfDecoder.DecodeArraySinglePrimitiveRecord(BinaryReader reader)
   at System.Formats.Nrbf.NrbfDecoder.DecodeNext(BinaryReader reader, RecordMap recordMap, AllowedRecordTypes allowed, PayloadOptions options, SerializationRecordType& recordType)
   at System.Formats.Nrbf.NrbfDecoder.Decode(BinaryReader reader, PayloadOptions options, IReadOnlyDictionary`2& readOnlyRecordMap)
   at System.Formats.Nrbf.NrbfDecoder.Decode(Stream payload, IReadOnlyDictionary`2& recordMap, PayloadOptions options, Boolean leaveOpen)
   at DotnetFuzzing.Fuzzers.NrbfDecoderFuzzer.Test(Span`1 testSpan, MemoryStream stream) in D:\a\_work\1\s\src\libraries\Fuzzing\DotnetFuzzing\Fuzzers\NrbfDecoderFuzzer.cs:line 36
   at DotnetFuzzing.Fuzzers.NrbfDecoderFuzzer.FuzzTarget(ReadOnlySpan`1 bytes) in D:\a\_work\1\s\src\libraries\Fuzzing\DotnetFuzzing\Fuzzers\NrbfDecoderFuzzer.cs:line 26
   at DotnetFuzzing.Program.<>c__DisplayClass1_0.b__0(ReadOnlySpan`1 bytes) in D:\a\_work\1\s\src\libraries\Fuzzing\DotnetFuzzing\Program.cs:line 91
   at SharpFuzz.Fuzzer.LibFuzzer.Run(ReadOnlySpanAction action, Boolean ignoreExceptions)

crash-input.txt

Input base64:

AAEAAAB8/2zfAQAAAAAAAAAP////QwMAAAADECjxr6+vr6+vr6+vr6+vr6+vr6+vr6+vr6+vr6+vr6+vr6+vr6+vr6+vr6+vr6+vr6+vr6+vr6+vr6+vr6+vr6+vr6+vr6+vr6+vr6+vr6+vr6+vr6+vr6+vr6+vEBADAAD///8ODg9B///4AwAAAAMQEBAQAwAA////Dg4P////+AMAAAAP////+AP//wAP//8QEAMAAP///wAAD/////gDAAAAAxAQAA/////4AwAAAAMQEBAQAwAA////Dg4P////+QMAAAAP9f//+AMAAAD97+/yEAMA//gDAAAAD/////gDAAAAAxAQEBADAAD/qP8ODg/////4AwAAAAMQEBAQAwAA////Dg4P////+AMAAAADAAAAD/////gDAAAAAxAQDoA=

cc: @adamsitnik @buyaa-n

Metadata

Metadata

Assignees

Labels

area-System.Formats.Nrbfin-prThere is an active PR which will close this issue when it is merged

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions