Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fuzzing: parse_datetime_at_date crashes with a panic! from chrono #7222

Open
sylvestre opened this issue Jan 26, 2025 · 1 comment
Open

fuzzing: parse_datetime_at_date crashes with a panic! from chrono #7222

sylvestre opened this issue Jan 26, 2025 · 1 comment

Comments

@sylvestre
Copy link
Contributor

With the attached test case, which should look like:

-d-36364@6n8167�-swweweeks255
t�
m
ယ
Te G�laa�� me%
1'em
h
faes %+r-󠀷tːes %+r-󠀷taf、aːes‫weekm�
-40d-170141;83060469231731687(303715884105727mmnth02843316󠀲5777677
 qxd

Build the fuzzers with:

cargo +nightly fuzz build fuzz_date   

and run it with the testcase:

RUST_BACKTRACE=1 ./fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_date /tmp/fuzz_date
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 2465424974
INFO: Loaded 1 modules   (469725 inline 8-bit counters): 469725 [0x556f6e736c30, 0x556f6e7a970d), 
INFO: Loaded 1 PC tables (469725 PCs): 469725 [0x556f6e7a9710,0x556f6eed44e0), 
./fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_date: Running 1 inputs 1 time(s) each.
Running: /tmp/fuzz_date
thread '<unnamed>' panicked at /home/sylvestre/.cargo/registry/src/index.crates.io-6f17d22bba15001f/chrono-0.4.38/src/lib.rs:707:17:
TimeDelta::minutes out of bounds
stack backtrace:
   0: rust_begin_unwind
   1: core::panicking::panic_fmt
   2: chrono::expect::panic_cold_display
   3: chrono::time_delta::TimeDelta::minutes
   4: parse_datetime::parse_relative_time::parse_relative_time_at_date
   5: parse_datetime::parse_datetime_at_date
   6: uu_date::uumain::uumain
   7: uu_date::uumain
   8: fuzz_date::_::__libfuzzer_sys_run
   9: rust_fuzzer_test_input
  10: std::panicking::try::do_call
  11: __rust_try
  12: LLVMFuzzerTestOneInput
  13: _ZN6fuzzer6Fuzzer15ExecuteCallbackEPKhm
  14: _ZN6fuzzer10RunOneTestEPNS_6FuzzerEPKcm
  15: _ZN6fuzzer12FuzzerDriverEPiPPPcPFiPKhmE
  16: main
  17: __libc_start_call_main
             at ./csu/../sysdeps/nptl/libc_start_call_main.h:58:16
  18: __libc_start_main_impl
             at ./csu/../csu/libc-start.c:360:3
  19: _start
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
==1142298== ERROR: libFuzzer: deadly signal

Reported by ossfuzz:
https://issues.oss-fuzz.com/u/1/issues/391921992?pli=1

@sylvestre
Copy link
Contributor Author

sylvestre commented Jan 26, 2025

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant