This repository was archived by the owner on Nov 3, 2025. It is now read-only.
Add memory bounds to fuzz harnesses, add test for a new crasher#181
Merged
Add memory bounds to fuzz harnesses, add test for a new crasher#181
Conversation
With the changes we've made recently, the fuzzer has been running out of memory by discovering very large padding 😂 In this commit, I attempted to fix these fuzzing failures by using the `strftime::io` and `strftime::fmt` variants. In `strftime::fmt`, the fuzzer immediately found a crash. If a multibyte UTF-8 sequence appears immediately following a `%` spec begin marker, the loop to pluck out padding consumes one element from the cursor and then breaks. This leads to pushing a partial UTF-8 character into the `fmt::Write` instance, which causes a panic in the underlying `String` because the string's contents is now malformed UTF-8. Add a test and break with `None` if encountering a non-ASCII byte while processing the spec. I've also cleaned up the fuzz targets so they build without warnings.
x-hgg-x
approved these changes
Mar 23, 2025
Collaborator
|
I added more commits to fix another issue found by the fuzzer. |
lopopolo
commented
Mar 23, 2025
Member
Author
lopopolo
left a comment
There was a problem hiding this comment.
Looks good, thanks for the additional fix
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
With the changes we've made recently, the fuzzer has been running out of memory by discovering very large padding 😂
In this commit, I attempted to fix these fuzzing failures by using the
strftime::ioandstrftime::fmtvariants. Instrftime::fmt, the fuzzer immediately found a crash.If a multibyte UTF-8 sequence appears immediately following a
%spec begin marker, the loop to pluck out padding consumes one element from the cursor and then breaks. This leads to pushing a partial UTF-8 character into thefmt::Writeinstance, which causes a panic in the underlyingStringbecause the string's contents is now malformed UTF-8.Add a test and break with
Noneif encountering a non-ASCII byte while processing the spec.I've also cleaned up the fuzz targets so they build without warnings.