Skip to content

Fix up parser panic on empty input#886

Merged
KodrAus merged 2 commits into
mainfrom
fix/parser-panics
Jun 9, 2026
Merged

Fix up parser panic on empty input#886
KodrAus merged 2 commits into
mainfrom
fix/parser-panics

Conversation

@KodrAus

@KodrAus KodrAus commented Jun 9, 2026

Copy link
Copy Markdown
Member

Closes #885

I've updated our fuzzing infra along the way and will make it run for a short time in CI from now on. The parsers are quite simple, so it only takes a few seconds for AFL to map its state space and find crashes. This should help us catch these kinds of regressions faster in the future.

@KodrAus

KodrAus commented Jun 9, 2026

Copy link
Copy Markdown
Member Author

I haven't actually fixed the bug yet, I just want to watch it crash and burn in CI first.

@KodrAus

KodrAus commented Jun 9, 2026

Copy link
Copy Markdown
Member Author

Gotcha:

repro: "/home/runner/work/uuid/uuid/fuzz/target/parse/default/crashes/id:000001,sig:06,src:000003,time:1955,execs:63478,op:havoc,rep:8"
repro: [123, 125]
repro: "{}"
thread 'tests::repro' (7216) panicked at /home/runner/work/uuid/uuid/src/error.rs:75:21:
attempt to subtract with overflow

@KodrAus KodrAus merged commit 2320c6a into main Jun 9, 2026
23 checks passed
@KodrAus KodrAus deleted the fix/parser-panics branch June 9, 2026 08:47
kodiakhq Bot pushed a commit to pdylanross/fatigue that referenced this pull request Jun 25, 2026
Bumps uuid from 1.20.0 to 1.23.4.

Release notes
Sourced from uuid's releases.

v1.23.4
What's Changed

Fix up name of fuzz script in readme by @​KodrAus in uuid-rs/uuid#888
document fixes by @​frostyplanet in uuid-rs/uuid#889
Prepare for 1.23.4 release by @​KodrAus in uuid-rs/uuid#890

New Contributors

@​frostyplanet made their first contribution in uuid-rs/uuid#889

Full Changelog: uuid-rs/uuid@v1.23.3...v1.23.4
v1.23.3
What's Changed

Fix up parser panic on empty input by @​KodrAus in uuid-rs/uuid#886
Prepare for 1.23.3 release by @​KodrAus in uuid-rs/uuid#887

Full Changelog: uuid-rs/uuid@v1.23.2...v1.23.3
v1.23.2
What's Changed

Improve error messages for ambiguous formats by @​KodrAus in uuid-rs/uuid#882
Prepare for 1.23.2 release by @​KodrAus in uuid-rs/uuid#883

Full Changelog: uuid-rs/uuid@v1.23.1...v1.23.2
v1.23.1
What's Changed

Remove deprecated msrv feature from wasm-bindgen dependency by @​guybedford in uuid-rs/uuid#877
fix: Timestamp::from_gregorian deprecation note by @​aznashwan in uuid-rs/uuid#878
Prepare for 1.23.1 release by @​KodrAus in uuid-rs/uuid#879

New Contributors

@​guybedford made their first contribution in uuid-rs/uuid#877
@​aznashwan made their first contribution in uuid-rs/uuid#878

Full Changelog: uuid-rs/uuid@v1.23.0...v1.23.1
v1.23.0
What's Changed

feat: add support for 'hyphenated' format in the serde module by @​FrenchDilettante in uuid-rs/uuid#865
Fix a number of bugs in time-related code by @​KodrAus in uuid-rs/uuid#872
Reword invalid char error message by @​KodrAus in uuid-rs/uuid#873
Impl cleanups by @​KodrAus in uuid-rs/uuid#874
Use LazyLock to synchronize v1/v6 context initialization by @​KodrAus in uuid-rs/uuid#875
Prepare for 1.23.0 release by @​KodrAus in uuid-rs/uuid#876

New Contributors

@​FrenchDilettante made their first contribution in uuid-rs/uuid#865



... (truncated)


Commits

3296d64 Merge pull request #890 from uuid-rs/cargo/v1.23.4
cba53d0 prepare for 1.23.4 release
e347af4 Merge pull request #889 from frostyplanet/main
e9bf55c doc: Fix broken link warnings
5351af4 doc: Enable feature flag label for docs.rs
1e6a966 Merge pull request #888 from uuid-rs/KodrAus-patch-1
c9619f6 fix up name of fuzz script in readme
20da78b Merge pull request #887 from uuid-rs/cargo/v1.23.3
62232ca prepare for 1.23.3 release
2320c6a Merge pull request #886 from uuid-rs/fix/parser-panics
Additional commits viewable in compare view




Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Panic parsing invalid UUID input "{}"

1 participant