Some panic cases found by afl.rs

[Koral77]

I've using afl.rs to fuzz this crate. And I've found several APIs may panic due to arithmetic overflow.

The code to replay these panics are

let _local0 = chrono::naive::NaiveDateTime::from_timestamp_opt(-4227854320, 1678774288);
let _local1 = chrono::Duration::microseconds(-7019067213869040);
let _local2_param0_helper1 = _local0.unwrap();
chrono::DurationRound::duration_trunc(_local2_param0_helper1, _local1);

let _local0 = chrono::naive::NaiveDateTime::from_timestamp_opt(320041586, 1920103021);
let _local1 = chrono::Duration::nanoseconds(-8923838508697114584);
let _local2_param0_helper1 = _local0.unwrap();
chrono::DurationRound::duration_round(_local2_param0_helper1, _local1);

let _local0 = chrono::naive::NaiveDateTime::from_timestamp_opt(-2621440, 0);
let _local1 = chrono::Duration::nanoseconds(-9223372036854771421);
let _local2_param0_helper1 = _local0.unwrap();
chrono::DurationRound::duration_round(_local2_param0_helper1, _local1);

let _local0 = chrono::naive::NaiveDateTime::from_timestamp_opt(-502509993984, 64);
let _local1_param0_helper1 = _local0.unwrap();
chrono::Datelike::with_ordinal0(&(_local1_param0_helper1), 4294967295);

let _local0 = chrono::naive::NaiveDateTime::from_timestamp_opt(-754576364, 336909572);
let _local1_param0_helper1 = _local0.unwrap();
chrono::Datelike::with_day0(&(_local1_param0_helper1), 4294967295);

let _local0 = chrono::naive::NaiveDateTime::from_timestamp(-8377300, 742391807);
chrono::Datelike::with_month0(&(_local0), 4294967295);
chrono::Datelike::with_month(&(_local0), 4294967295);

let _local0 = chrono::naive::NaiveDateTime::from_timestamp(-11676614656, 15282199);
chrono::naive::NaiveDateTime::timestamp_nanos(&(&_local0));

Besides, I've found an not a char boundary error. The code to replay the panic is

chrono::naive::NaiveDateTime::parse_from_str("\u{c}SUN\u{e}\u{3000}\0m@J\u{3000}\0\u{3000}\0m\u{c}!\u{c}\u{b}\u{c}\u{c}\u{c}\u{c}%A\u{c}\u{b}\0SU\u{c}\u{c}",
"\u{c}\u{c}%A\u{c}\u{b}\0SUN\u{c}\u{c}\u{c}SUNN\u{c}\u{c}\u{c}SUN\u{c}\u{c}!\u{c}\u{b}\u{c}\u{c}\u{c}\u{c}%A\u{c}\u{b}%a");
let _local1 = chrono::offset::FixedOffset::east_opt(17367308);
let _local2_param0_helper1 = _local1.unwrap();
chrono::offset::Offset::fix(&(_local2_param0_helper1));

The simple bug report is like this.

I hope you will check if this is an actually bug. Thanks a lot.

[jtmoon79]

Great find. Thanks @Koral77 !

Is it possible to share the project code for this, as a .zip or .tgz file? Or a small repository of your own?

[Koral77]

@jtmoon79 Thank you for your reply. The replay codes are put on replay_files.

[jtmoon79]

Thanks @Koral77 .

For future note, at some time those files in https://github.com/Koral77/replay_files/tree/main/replays/chrono should be made into test cases within the chrono repository. That task is open to anyone that wants to spend the time on it! 🙂

[pitdicker]

To update this issue: of the 8 cases there are 4 left.

• One involves a panic in timestamp_nanos. This is working as intended (but it would be nice to document the panic here and for other methods that can panic).
• Three involve duration_trunc and duration_round.

[jtmoon79]

For future note, at some time those files in https://github.com/Koral77/replay_files/tree/main/replays/chrono should be made into test cases within the chrono repository. That task is open to anyone that wants to spend the time on it! 🙂

PR with test cases #1091

[pitdicker]

A fix for the last three issues was merged in #1093.

[djc]

Are you saying this issue can be closed because all the issues covered here have been addressed?