Bug Report: Identified issues with arithmetic overflow, unreachable code, unwrap errors, and array out-of-bounds and so on #244
Comments
xizheyin
changed the title
|
Superb, thanks for the exhaustive report.
For the arithmetic overflows, would you happen to have the values that
caused the issue? You have those values for the parser / formatter bugs,
and that helps a lot.
Thanks
…On Sat, Jun 17, 2023, 02:23 XizheYin_nju ***@***.***> wrote:
Description
HI! I am using my fuzz testing tool to test this library, and so far I
have found 15 different bugs. Among them, there are 5 array out-of-bounds
errors, 3 string encoding errors, 1 unwrap error, 1 unreachable code bug,
and 5 arithmetic overflow bugs. Below is the list of errors. Please review
them and check if any modifications are needed. The replay files are all
stored in this repository
<https://github.com/XizheYin-NJU/replay_files_hifitime>.
Bug List: 1. Array out-of-bounds error
error message:
thread 'main' panicked at 'begin <= end (21 <= 20) when slicing `94-11-05T08:15:34.0-:0`', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/epoch.rs:993:43
source code:
[image: image]
<https://user-images.githubusercontent.com/62123683/246595108-4ae47f3e-cab2-4aba-8615-9359a8eb1030.png>
2. Array out-of-bounds error
error message:
thread 'main' panicked at 'index out of bounds: the len is 16 but the index is 16', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:400:25
source code:
[image: image]
<https://user-images.githubusercontent.com/62123683/246595148-03aebae3-6b52-4586-b52e-1ade465c9f34.png>
3. Array out-of-bounds error
thread 'main' panicked at 'index out of bounds: the len is 16 but the index is 16', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:488:25
source code:
[image: image]
<https://user-images.githubusercontent.com/62123683/246595161-2a6a104e-de5c-4bea-9f6c-ebf9da054e43.png>
4. Array out-of-bounds error
error message:
thread 'main' panicked at 'index out of bounds: the len is 16 but the index is 16', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:424:25
source code:
[image: image]
<https://user-images.githubusercontent.com/62123683/246595240-3cfa0221-67cb-431b-91c6-d5df23bc0f5c.png>
5. String encoding error
error message:
thread 'main' panicked at 'byte index 5 is not a char boundary; it is inside '밀' (bytes 4..7) of `%%%1밀%j0%`', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:296:25
source code:
[image: image]
<https://user-images.githubusercontent.com/62123683/246595252-b676ffff-9e6b-415f-a32a-da648a195d5c.png>
6. String encoding error
error message:
thread 'main' panicked at 'byte index 16 is not a char boundary; it is inside '밀' (bytes 14..17) of `411-0j0%%Y
밀%B`', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:228:3
source code:
[image: image]
<https://user-images.githubusercontent.com/62123683/246595429-2cdcd39a-b655-4769-9225-fc5b2e30f626.png>
7. String encoding error
error message:
thread 'main' panicked at 'byte index 1 is not a char boundary; it is inside 'Ͽ' (bytes 0..2) of `ϿTTT`', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:186:50
source code:
[image: image]
<https://user-images.githubusercontent.com/62123683/246595321-8a29fb7e-2744-41ee-8f79-07af12fb0c6f.png>
8. Unwrap error
error message:
thread 'main' panicked at 'called `Option::unwrap()` on a `None` value', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:157:53
source code:
[image: image]
<https://user-images.githubusercontent.com/62123683/246595334-82cf23fa-df1c-4903-8973-2435e8a45aca.png>
9. Unreachable code bug
error message:
thread 'main' panicked at 'not yet implemented', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:246:25
source code:
[image: image]
<https://user-images.githubusercontent.com/62123683/246595354-d2cdc377-bd5a-4c9e-9241-53a5416349ac.png>
10. Arithmetic overflow bug
error message:
thread 'main' panicked at 'attempt to negate with overflow', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/duration.rs:1247:38
source code:
[image: image]
<https://user-images.githubusercontent.com/62123683/246595369-338745d9-0f27-46b0-9258-2d68eaea4d24.png>
11. Arithmetic overflow bug
error message:
thread 'main' panicked at 'attempt to subtract with overflow', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/epoch.rs:684:32
source code:
[image: image]
<https://user-images.githubusercontent.com/62123683/246595384-7bba9d19-8433-4602-b91e-fc325ef6411c.png>
12. Arithmetic overflow bug
error message:
thread 'main' panicked at 'attempt to multiply with overflow', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/epoch.rs:685:59
source code:
[image: image]
<https://user-images.githubusercontent.com/62123683/246595391-79e278d1-f270-4941-89ba-809c2e407099.png>
13. Arithmetic overflow bug
error message:
thread 'main' panicked at 'attempt to subtract with overflow', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:267:66
source code:
[image: image]
<https://user-images.githubusercontent.com/62123683/246595399-2e08259a-5645-4451-bcd3-49f581511b03.png>
14. Arithmetic overflow bug
error message:
thread 'main' panicked at 'attempt to calculate the remainder with a divisor of zero', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/duration.rs:511:40
source code:
[image: image]
<https://user-images.githubusercontent.com/62123683/246595415-ae92cdc4-8975-4483-a374-5712e18feb42.png>
15. Array out-of-bounds error
error message:
thread 'main' panicked at 'begin <= end (3 <= 2) when slicing ***@***.***`', /home/yxz/.cargo/registry/src/mirrors.ustc.edu.cn-61ef6e0cd06fb9b8/hifitime-3.8.2/src/efmt/format.rs:228:32
source code:
[image: image]
<https://user-images.githubusercontent.com/62123683/246595778-346c02c5-57e1-4b0a-8eb0-6f277d5e4501.png>
—
Reply to this email directly, view it on GitHub
<#244>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABEZV2GALZ5G5REFXLVVC4DXLVSRJANCNFSM6AAAAAAZKC2YAI>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
|
Thank you for taking the time to review these issues! All the replay files and their corresponding inputs are in this repository, including arithmetic overflow. If you want to reproduce the exact values that caused crashes during execution, perhaps you can run the replay files while monitoring them? |
|
Thanks, I hadn't seen the link to the replay files, but now I see them. This will help in fixing the bugs for sure, thank you. What fuzz tool did you use ? It might be useful for me to add it to the CI. |
ChristopherRabotin
added this to the Version 4.0.0: Add time systems, greatly extend validity period, human-readable serde milestone
|
Thank you for your recognition. I am a Ph.D. student at SATE Laboratory, Nanjing University. We are currently working on a fuzzing tool for Rust library APIs under the guidance of our advisor. This tool aims to automate the testing of Rust library APIs more effectively. Once we complete it, we will open-source the tool and welcome your suggestions and contributions at that time! |
ChristopherRabotin
removed this from the Version 3.10.0: Add time systems, greatly extend validity period, human-readable serde milestone
ChristopherRabotin
added this to the Version 3.10.0: Add time systems, greatly extend validity period, human-readable serde milestone
this might be a little off topic but I'm also very interested in your stresser tool. |
|
@gwbres Thank you for your approval, the current version is a bit user-unfriendly, we will refactor the tool to make it more usable in the future. |
👍 do you have a link to this work ? is that the "llvm cov" project you contribute to ? or another repo |
|
That's not it. My work hasn't been published yet, so the repo hasn't been made public yet, and with any luck it will be in a few months.
…--------------原始邮件--------------
发件人:"gwbres ***@***.***>;
发送时间:2024年3月13日(星期三) 凌晨1:21
收件人:"nyx-space/hifitime" ***@***.***>;
抄送:"xizheyin ***@***.***>;"Mention ***@***.***>;
主题:Re: [nyx-space/hifitime] Bug Report: Identified issues with arithmetic overflow, unreachable code, unwrap errors, and array out-of-bounds and so on (Issue #244)
-----------------------------------
Thank you for your approval, the current version is a bit user-unfriendly, we will refactor the tool to make it more usable in the future
👍 do you have a link to this work ? is that the "llvm cov" project you contribute to ? or another repo
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
|
No worries, I'll try to keep an eye on it |
In issue nyx-space#244, ceil() is called with 0 duration. It seems return 0 is an alternative way to fix this. But it seems that we can also report user with error?
|
@cardigan1008 , thank you for your contribution in #324 ! Does the PR fix all of the bugs you reported here, or is there more work needed ? If your PR fixes all of these bugs, I can close this issue. Thanks |
For this issue, we are halfway there with 8 out of 15 bugs fixed (panic 1-4, 8, 11-12, 14). Regarding #246, the panics are almost all resolved, with 13 out of 15 fixed (panic 16-28). I'll continue working on it and hopefully, we can close these two issues soon! |
Description
HI! I am using my fuzz testing tool to test this library, and so far I have found 15 different bugs. Among them, there are 5 array out-of-bounds errors, 3 string encoding errors, 1 unwrap error, 1 unreachable code bug, and 5 arithmetic overflow bugs. Below is the list of errors. Please review them and check if any modifications are needed. The replay files are all stored in this repository.
Bug List:
1. Array out-of-bounds error
error message:
source code:
2. Array out-of-bounds error
error message:
source code:
3. Array out-of-bounds error
source code:
4. Array out-of-bounds error
error message:
source code:
5. String encoding error
error message:
source code:
6. String encoding error
error message:
source code:
7. String encoding error
error message:
source code:
8. Unwrap error
error message:
source code:
9. Unreachable code bug
error message:
source code:
10. Arithmetic overflow bug
error message:
source code:
11. Arithmetic overflow bug
error message:
source code:
12. Arithmetic overflow bug
error message:
source code:
13. Arithmetic overflow bug
error message:
source code:
14. Arithmetic overflow bug
error message:
source code:
15. Array out-of-bounds error
error message:
source code:
The text was updated successfully, but these errors were encountered: