chrono
chrono copied to clipboard
Published
20 hours ago •
chronotope
chronotope
DateTime::parse_from_str: panics (found through afl fuzzing)
Hello guys. I have found some inputs that create panics to the DateTime::parse_from_str method.
The program is the follwoing:
fn main() {
let mut s = String::new();
std::io::stdin().read_to_string(&mut s).unwrap();
println!("The provided input is: {:?}", s);
let result = chrono::DateTime::parse_from_str(&s, &s);
}
I will provide the program output for the various inputs:
The provided input is: "1%Z%I%A%Z%I%A\u{7f}\u{1c} 4ThuP0\u{7f}\n\u{2000}\n\n\u{2000}\n\nJ \u{0} %Z%s%Z%\u{0}%s%Zsssssssssssssssssss%sZ%I\nJ \n3%Z%"
thread 'main' panicked at 'byte index 5 is not a char boundary; it is inside '\u{2000}' (bytes 4..7) of `P0
J %Z%s%Z%%s%Zsssssssssssssssssss%sZ%I
J
3%Z%`', /home/va/.cargo/registry/src/github.com-1ecc6299db9ec823/chrono-0.4.19/src/format/scan.rs:173:43
stack backtrace:
0: rust_begin_unwind
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/panicking.rs:515:5
1: core::panicking::panic_fmt
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/core/src/panicking.rs:92:14
2: core::str::slice_error_fail
3: core::str::traits::<impl core::slice::index::SliceIndex<str> for core::ops::range::RangeTo<usize>>::index
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/core/src/str/traits.rs:289:21
4: core::str::traits::<impl core::ops::index::Index<I> for str>::index
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/core/src/str/traits.rs:64:9
5: chrono::format::scan::short_or_long_weekday
at /home/va/.cargo/registry/src/github.com-1ecc6299db9ec823/chrono-0.4.19/src/format/scan.rs:173:43
6: chrono::format::parse::parse_internal
at /home/va/.cargo/registry/src/github.com-1ecc6299db9ec823/chrono-0.4.19/src/format/parse.rs:362:52
7: chrono::format::parse::parse
at /home/va/.cargo/registry/src/github.com-1ecc6299db9ec823/chrono-0.4.19/src/format/parse.rs:239:5
8: chrono::datetime::DateTime<chrono::offset::fixed::FixedOffset>::parse_from_str
at /home/va/.cargo/registry/src/github.com-1ecc6299db9ec823/chrono-0.4.19/src/datetime.rs:388:9
9: fuzz_target::main
at ./src/main.rs:16:18
10: core::ops::function::FnOnce::call_once
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/core/src/ops/function.rs:227:5
The provided input is: "\u{1}%Z%I%Am%B%Z\u{7f}%444444 4SATUB\u{0}0δ%E>N%Z%Z%r-@Z%Z@Z%ZdT 2:( 2: 2AM 2: "
thread 'main' panicked at 'byte index 5 is not a char boundary; it is inside 'δ' (bytes 4..6) of `UB0δ%E>N%Z%Z%r-@Z%Z@Z%ZdT 2:( 2: 2AM 2: `', /home/va/.cargo/registry/src/github.com-1ecc6299db9ec823/chrono-0.4.19/src/format/scan.rs:173:43
stack backtrace:
0: rust_begin_unwind
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/panicking.rs:515:5
1: core::panicking::panic_fmt
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/core/src/panicking.rs:92:14
2: core::str::slice_error_fail
3: core::str::traits::<impl core::slice::index::SliceIndex<str> for core::ops::range::RangeTo<usize>>::index
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/core/src/str/traits.rs:289:21
4: core::str::traits::<impl core::ops::index::Index<I> for str>::index
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/core/src/str/traits.rs:64:9
5: chrono::format::scan::short_or_long_weekday
at /home/va/.cargo/registry/src/github.com-1ecc6299db9ec823/chrono-0.4.19/src/format/scan.rs:173:43
6: chrono::format::parse::parse_internal
at /home/va/.cargo/registry/src/github.com-1ecc6299db9ec823/chrono-0.4.19/src/format/parse.rs:362:52
7: chrono::format::parse::parse
at /home/va/.cargo/registry/src/github.com-1ecc6299db9ec823/chrono-0.4.19/src/format/parse.rs:239:5
8: chrono::datetime::DateTime<chrono::offset::fixed::FixedOffset>::parse_from_str
at /home/va/.cargo/registry/src/github.com-1ecc6299db9ec823/chrono-0.4.19/src/datetime.rs:388:9
9: fuzz_target::main
at ./src/main.rs:16:18
10: core::ops::function::FnOnce::call_once
at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/core/src/ops/function.rs:227:5
Is this enough info for further debugging?
