Panic on overflow in addition #1
Description
Found using cargo-fuzz.
extern crate x509_parser;
fn main() {
let data = b"0\x88\xff\xff\xff\xff\xff\xff\xff\xff00\x0f\x02\x000\x00\x00\x00\x00\x00\x0000\x0f\x00\xff\x0a\xbb\xff";
let _ = x509_parser::x509_parser(data);
}thread '<unnamed>' panicked at 'attempt to add with overflow', <do_parse macros>:33
stack backtrace:
0: 0x55f4b01b12f3 - std::sys::imp::backtrace::tracing::imp::unwind_backtrace::hf9ed9ccfd9f14c2b
at /checkout/src/libstd/sys/unix/backtrace/tracing/gcc_s.rs:49
1: 0x55f4b01adc44 - std::sys_common::backtrace::_print::hd8a1b72dcf3955ef
at /checkout/src/libstd/sys_common/backtrace.rs:71
2: 0x55f4b01b22c7 - std::panicking::default_hook::{{closure}}::h5ff605bba7612658
at /checkout/src/libstd/sys_common/backtrace.rs:60
at /checkout/src/libstd/panicking.rs:355
3: 0x55f4b01b1e4b - std::panicking::default_hook::h9bc4f6dfee57d6bd
at /checkout/src/libstd/panicking.rs:371
4: 0x55f4b01b272b - std::panicking::rust_panic_with_hook::hdc01585dc2bf7122
at /checkout/src/libstd/panicking.rs:549
5: 0x55f4b01b2604 - std::panicking::begin_panic::hf84f4975d9f9b642
at /checkout/src/libstd/panicking.rs:511
6: 0x55f4b01b2539 - std::panicking::begin_panic_fmt::hcc3f360b2ba80419
at /checkout/src/libstd/panicking.rs:495
7: 0x55f4b01b24c7 - rust_begin_unwind
at /checkout/src/libstd/panicking.rs:471
8: 0x55f4b01b9acd - core::panicking::panic_fmt::h795d9a9608ddc2bb
at /checkout/src/libcore/panicking.rs:69
9: 0x55f4b01b9a04 - core::panicking::panic::hcab3e0dfa81beee9
at /checkout/src/libcore/panicking.rs:49
10: 0x55f4b0122c04 - x509_parser::x509::x509_parser::ha5319985231d7696
at /home/neo/dev/work/x509-parser/src/x509.rs:142
11: 0x55f4aff8a3d5 - rust_fuzzer_test_input
at /home/neo/dev/work/x509-parser/fuzz/fuzzers/fuzzer_script_1.rs:7
12: 0x55f4aff8e00a - libfuzzer_sys::test_input_wrap::{{closure}}::h01afe675cf6a0c88
at /home/neo/.cargo/git/checkouts/libfuzzer-sys-e07fde05820d7bc6/36a3928/src/lib.rs:13
13: 0x55f4aff8c0cf - std::panicking::try::do_call::hfeac5113da58e53b
at /checkout/src/libstd/panicking.rs:454
14: 0x55f4b01b841b - <unknown>
at /checkout/src/libpanic_abort/lib.rs:40
==24442== ERROR: libFuzzer: deadly signal
#0 0x55f4b0092cb9 in __sanitizer_print_stack_trace /checkout/src/compiler-rt/lib/asan/asan_stack.cc:38
#1 0x55f4aff9f401 in fuzzer::Fuzzer::CrashCallback() /home/neo/.cargo/git/checkouts/libfuzzer-sys-e07fde05820d7bc6/36a3928/llvm/lib/Fuzzer/FuzzerLoop.cpp:280
#2 0x55f4aff9f34b in fuzzer::Fuzzer::StaticCrashSignalCallback() /home/neo/.cargo/git/checkouts/libfuzzer-sys-e07fde05820d7bc6/36a3928/llvm/lib/Fuzzer/FuzzerLoop.cpp:264
#3 0x55f4affbcb3d in fuzzer::CrashHandler(int, siginfo_t*, void*) /home/neo/.cargo/git/checkouts/libfuzzer-sys-e07fde05820d7bc6/36a3928/llvm/lib/Fuzzer/FuzzerUtilPosix.cpp:37
#4 0x7f8218a69fdf (/usr/lib/libpthread.so.0+0x11fdf)
#5 0x7f82184cba0f in __GI_raise (/usr/lib/libc.so.6+0x33a0f)
#6 0x7f82184cd139 in __GI_abort (/usr/lib/libc.so.6+0x35139)
#7 0x55f4b01b8428 in panic_abort::__rust_start_panic::abort /checkout/src/libpanic_abort/lib.rs:61
#8 0x55f4b01b8428 in __rust_start_panic /checkout/src/libpanic_abort/lib.rs:56
NOTE: libFuzzer has rudimentary signal handlers.
Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
MS: 4 ChangeBinInt-CopyPart-CrossOver-CMP- DE: "\xff\xff\xff\xff\xff\xff\xff\xff"-; base unit: 0c49320faa5c47824170ed0eb79fe6b7367bd96f
0x30,0x88,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x30,0x30,0xf,0x2,0x0,0x30,0x0,0x0,0x0,0x0,0x0,0x0,0x30,0x30,0xf,0x0,0xff,0xa,0xbb,0xff,
0\x88\xff\xff\xff\xff\xff\xff\xff\xff00\x0f\x02\x000\x00\x00\x00\x00\x00\x0000\x0f\x00\xff\x0a\xbb\xff
artifact_prefix='artifacts/'; Test unit written to artifacts/crash-867582c6bd5fa9304fe4213e5cb48765aca88a12
Base64: MIj//////////zAwDwIAMAAAAAAAADAwDwD/Crv/