You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It seems v[2].content on line 170 of snmp.rs is Boolean(true) which cannot be turned into a slice and fails.
externcrate snmp_parser;fnmain(){let data :&[u8] = b"01\x02\x02~\xfd\x04(TTY00\x02\x02\xfe\xfd\xfd(ET\xab\xab\xab\x02\x02\x020\x02XXX\xff\xff\xff\xff\xff\xffXX\xff\xff\xff\xff\xff\x01\x00\x00\x01\x00\x00\x00\x00\xfdTN\xab\xab\xab\xab\xab\xc6\xc6\xab";let _ = snmp_parser::parse_snmp_v1(data);}
thread '<unnamed>' panicked at 'called `Option::unwrap()` on a `None` value', /checkout/src/libcore/option.rs:329
stack backtrace:
0: 0x55820356ae13 - std::sys::imp::backtrace::tracing::imp::unwind_backtrace::hf9ed9ccfd9f14c2b
at /checkout/src/libstd/sys/unix/backtrace/tracing/gcc_s.rs:49
1: 0x558203567764 - std::sys_common::backtrace::_print::hd8a1b72dcf3955ef
at /checkout/src/libstd/sys_common/backtrace.rs:71
2: 0x55820356bde7 - std::panicking::default_hook::{{closure}}::h5ff605bba7612658
at /checkout/src/libstd/sys_common/backtrace.rs:60
at /checkout/src/libstd/panicking.rs:355
3: 0x55820356b96b - std::panicking::default_hook::h9bc4f6dfee57d6bd
at /checkout/src/libstd/panicking.rs:371
4: 0x55820356c24b - std::panicking::rust_panic_with_hook::hdc01585dc2bf7122
at /checkout/src/libstd/panicking.rs:549
5: 0x55820356c124 - std::panicking::begin_panic::hf84f4975d9f9b642
at /checkout/src/libstd/panicking.rs:511
6: 0x55820356c059 - std::panicking::begin_panic_fmt::hcc3f360b2ba80419
at /checkout/src/libstd/panicking.rs:495
7: 0x55820356bfe7 - rust_begin_unwind
at /checkout/src/libstd/panicking.rs:471
8: 0x55820365e6fd - core::panicking::panic_fmt::h795d9a9608ddc2bb
at /checkout/src/libcore/panicking.rs:69
9: 0x55820365e634 - core::panicking::panic::hcab3e0dfa81beee9
at /checkout/src/libcore/panicking.rs:49
10: 0x5582034d53dd - <core::option::Option<T>>::unwrap::h28fe5b54c4f71513
at /checkout/src/libcore/macros.rs:21
11: 0x5582034eee66 - snmp_parser::snmp::parse_snmp_v1_content::h07bca7b767d79d8a
at /home/neo/dev/work/snmp-parser/src/snmp.rs:170
12: 0x5582034f53a7 - snmp_parser::snmp::parse_snmp_v1::h2b8998bc1a0b0691
at /home/neo/dev/work/snmp-parser/src/snmp.rs:199
13: 0x558203494545 - rust_fuzzer_test_input
at /home/neo/dev/work/snmp-parser/fuzz/fuzzers/fuzzer_script_1.rs:7
14: 0x55820349817a - libfuzzer_sys::test_input_wrap::{{closure}}::h01afe675cf6a0c88
at /home/neo/.cargo/git/checkouts/libfuzzer-sys-e07fde05820d7bc6/36a3928/src/lib.rs:13
15: 0x55820349623f - std::panicking::try::do_call::hfeac5113da58e53b
at /checkout/src/libstd/panicking.rs:454
16: 0x558203571f3b - <unknown>
at /checkout/src/libpanic_abort/lib.rs:40
==3194== ERROR: libFuzzer: deadly signal
#0 0x55820363d999 in __sanitizer_print_stack_trace /checkout/src/compiler-rt/lib/asan/asan_stack.cc:38
#1 0x5582034a9571 in fuzzer::Fuzzer::CrashCallback() /home/neo/.cargo/git/checkouts/libfuzzer-sys-e07fde05820d7bc6/36a3928/llvm/lib/Fuzzer/FuzzerLoop.cpp:280
#2 0x5582034a94bb in fuzzer::Fuzzer::StaticCrashSignalCallback() /home/neo/.cargo/git/checkouts/libfuzzer-sys-e07fde05820d7bc6/36a3928/llvm/lib/Fuzzer/FuzzerLoop.cpp:264
#3 0x5582034c6cad in fuzzer::CrashHandler(int, siginfo_t*, void*) /home/neo/.cargo/git/checkouts/libfuzzer-sys-e07fde05820d7bc6/36a3928/llvm/lib/Fuzzer/FuzzerUtilPosix.cpp:37
#4 0x7fe01ae0cfdf (/usr/lib/libpthread.so.0+0x11fdf)
#5 0x7fe01a86ea0f in __GI_raise (/usr/lib/libc.so.6+0x33a0f)
#6 0x7fe01a870139 in __GI_abort (/usr/lib/libc.so.6+0x35139)
#7 0x558203571f48 in panic_abort::__rust_start_panic::abort /checkout/src/libpanic_abort/lib.rs:61
#8 0x558203571f48 in __rust_start_panic /checkout/src/libpanic_abort/lib.rs:56
NOTE: libFuzzer has rudimentary signal handlers.
Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
MS: 4 ChangeBit-ChangeByte-ChangeByte-ChangeBinInt-; base unit: 4dab96f98875306d2eced8e7667193b55f41cfed
0x30,0x31,0x2,0x2,0x7e,0xfd,0x4,0x28,0x54,0x54,0x59,0x30,0x30,0x2,0x2,0xfe,0xfd,0xfd,0x28,0x45,0x54,0xab,0xab,0xab,0x2,0x2,0x2,0x30,0x2,0x58,0x58,0x58,0xff,0xff,0xff,0xff,0xff,0xff,0x58,0x58,0xff,0xff,0xff,0xff,0xff,0x1,0x0,0x0,0x1,0x0,0x0,0x0,0x0,0xfd,0x54,0x4e,0xab,0xab,0xab,0xab,0xab,0xc6,0xc6,0xab,
01\x02\x02~\xfd\x04(TTY00\x02\x02\xfe\xfd\xfd(ET\xab\xab\xab\x02\x02\x020\x02XXX\xff\xff\xff\xff\xff\xffXX\xff\xff\xff\xff\xff\x01\x00\x00\x01\x00\x00\x00\x00\xfdTN\xab\xab\xab\xab\xab\xc6\xc6\xab
artifact_prefix='artifacts/'; Test unit written to artifacts/crash-4cca20a9976d4cbaec98d501d0f3c6baecde9c6d
Base64: MDECAn79BChUVFkwMAIC/v39KEVUq6urAgICMAJYWFj///////9YWP//////AQAAAQAAAAD9VE6rq6urq8bGqw==
The text was updated successfully, but these errors were encountered:
Found using
cargo-fuzz
.It seems
v[2].content
on line 170 ofsnmp.rs
isBoolean(true)
which cannot be turned into a slice and fails.The text was updated successfully, but these errors were encountered: