Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Various panics found through go-fuzz #15

Closed
akrennmair opened this issue Jul 28, 2015 · 5 comments
Closed

Various panics found through go-fuzz #15

akrennmair opened this issue Jul 28, 2015 · 5 comments

Comments

@akrennmair
Copy link

Hi,

Just wanted to let you that I tested go-plist using go-fuzz and the following code snippet:

func Fuzz(data []byte) int {
    buf := bytes.NewReader(data)

    var obj interface{}
    if err := NewDecoder(buf).Decode(&obj); err != nil {
        return 0
    }
    return 1
}

The tool found several panics. In order to reproduce this, you can find the files here in my Google Drive: https://drive.google.com/file/d/0B8eVqk16QdZ6Y21mTm8zZnVGZlE/view

The .output files contain the respective stack traces. The file without any suffix contains the actual data fed to the Fuzz function. The .quoted file contains the file content as string that is usable in unit tests.

@DHowett
Copy link
Owner

DHowett commented Aug 4, 2015

Thanks! I'll shore up the library as I find time in the coming few days!

DHowett added a commit that referenced this issue Dec 30, 2015
Addresses the crashes found in #15, and a couple more.
@DHowett
Copy link
Owner

DHowett commented Dec 30, 2015

(I'm now using go-fuzz, starting with your crashers and a corpus of valid property lists. Thanks so much for the report/s.)

@DHowett
Copy link
Owner

DHowett commented Jul 8, 2016

A fair few of these are fixed, thanks to you reporting this. There are a couple crashers in text.go that I'm working on the right solution to, but binary and xml plist parsing are far more resilient.

@DHowett
Copy link
Owner

DHowett commented Jul 8, 2016

I'm leaving the issue open as a discussion and placeholder for future fuzzing issues.

DHowett added a commit that referenced this issue Mar 20, 2017
Fixes some crashes found via fuzzing; refs #15.
DHowett added a commit that referenced this issue Mar 20, 2017
DHowett added a commit that referenced this issue Mar 20, 2017
@DHowett
Copy link
Owner

DHowett commented Mar 21, 2017

After all of the above fixes, I ran go-fuzz for ~25 minutes and didn't hit any more crashers other than #23, which will require a minor architectural change to fix.
Closing this in favor of tracking individual issues.

Thanks again, @akrennmair!

@DHowett DHowett closed this as completed Mar 21, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants