json-rust May panic due to too large capacity

May panic due to too large capacity

Open StevenJiang1110 opened this issue 4 years ago • 1 comments

If we provide a capacity too large, the program may crash. The code to replay the crash is as below.

let capacity = 673957684733028;
let _ = json::object::Object::with_capacity(capacity);

I run the code on my x86-64 machine, ubuntu18.04, and the error report is 截屏2020-12-15 下午2 06 19 I think it's better to restrict the capacity and return a Result instead of letting it crash alone, especially on x64 machine, where the length of usize is 64bits. The above is found by afl.rs. Thanks a lot.

Dec 15 '20 06:12 StevenJiang1110

Another similar overflow panic issue is about json::parse(). If I pass a very long str, it may crash due to overflow. I put the replay file at https://github.com/StevenJiang1110/afl_rust_crashes/tree/main/json/replay_json53-1. I think it's better to restrict the input string len. The above is found by afl.rs. Thanks a lot.

Dec 16 '20 05:12 StevenJiang1110

json-rust json-rust copied to clipboard

May panic due to too large capacity

json-rust
json-rust copied to clipboard