Cysharp
AcessViolationException from MemoryPackReader.ReadString
Given this model
[MemoryPackable]
public partial class DefaultValue
{
public string? StringValue { get; set; }
}
The following input triggers an AccessViolationException in MemoryPackReader.ReadString().
var input = new byte[] { 1, 0, 0, 0, 128 };
MemoryPackSerializer.Deserialize<DefaultValue>(input);
Found with SharpFuzz
Thank you. I have confirmed that there is a missing validation for invalid values in the processing of strings. I will fix it.
Very interesting and effective use of SharpFuzz. For reference, could you please tell us the procedure for using it applied to MemoryPack?
Thanks for the quick reply and acknowledgement.
Here's the fuzzer campaign I created to fuzz MemoryPack MemoryPackFuzzing.zip
...And to also exercise the serialization paths, we can update the fuzzer to incorporate round-trip fuzzing similar to what is also done in https://github.com/Cysharp/MemoryPack/blob/main/tests/MemoryPack.Tests/Fuzz.cs.
try
{
var serialized = MemoryPackSerializer.Serialize(MemoryPackSerializer.Deserialize<DefaultValue>(span));
var serialized2 = MemoryPackSerializer.Serialize(MemoryPackSerializer.Deserialize<DefaultValue>(serialized));
if (!serialized2.SequenceEqual(serialized))
{
throw new Exception("Failed round-trip test");
}
}
catch (MemoryPackSerializationException)
{
// These are the valid exceptions
}
This issue is stale because it has been open 180 days with no activity. Remove stale label or comment or this will be closed in 30 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue is stale because it has been open 180 days with no activity. Remove stale label or comment or this will be closed in 30 days.