Daniel Lockyer

Fuzzing Rust

2018/06/22

I spent some time fuzzing various Rust fuzzing tools against Rust libraries. This table is a list of all the issues I found and links to my bug report.

DateProjectDescriptionLink
2017-03-13ntpFix panic caused by a malformed inputPR
2017-03-23npy-rsFix panic caused by trying to deal with parsing incorrect size intIssue PR
2017-03-24snmp-parserPanic on unwrapping of None valueIssue
2017-03-24der-parserPanic on overflow in subtractionIssue
2017-03-24pcapng-rsPanic on overflow in subtractionIssue
2017-03-25x509-parserPanic on overflow in additionIssue
2017-03-25ssh-keysPanic on invalid inputIssue
2017-03-28rust-bmfontPanic on unwrapping of Err valueIssue
2017-03-28todotxt.rsPanic on array index out of boundsIssue
2017-05-23ssh-parserPanic on overflow in subtractionIssue
2017-06-07rust-bitcoinSanity checks for vector lengthPR
2017-07-24imageAdd a sanity check to fix arithmetic overflowPR
2017-09-11radius-parserPanic on attempt to subtract with overflowIssue
2017-12-27flif.rsPanic on attempt to subtract with overflowIssue
2018-06-22obj_rsPanic on attempt to subtract with overflowIssue
2018-06-22xmas-elfPanic on array index out of boundsIssue
2018-06-22accept-language-rsPanic on array index out of boundsIssue
2018-06-25dtparsePanic on unwrap of Err valueIssue
2018-06-26dtparsePanic on attempt to subtract with overflowIssue
2018-06-26libflatePanics on debug_assert failuresIssue
2016-06-26bson-rsPanic on attempt to multiply with overflowIssue
2016-06-26bson-rsPanic on attempt to subtract with overflowIssue
2016-06-26bson-rsPanic on No such local timeIssue
2018-07-01dtparsePanic on invalid timeIssue

Share on Twitter