Fuzzing Rust

2018/06/22

Tweet

I spent some time fuzzing various Rust fuzzing tools against Rust libraries. This table is a list of all the issues I found and links to my bug report.

Date Project Description Link
2017-03-13 ntp Fix panic caused by a malformed input PR
2017-03-23 npy-rs Fix panic caused by trying to deal with parsing incorrect size int Issue PR
2017-03-24 snmp-parser Panic on unwrapping of None value Issue
2017-03-24 der-parser Panic on overflow in subtraction Issue
2017-03-24 pcapng-rs Panic on overflow in subtraction Issue
2017-03-25 x509-parser Panic on overflow in addition Issue
2017-03-25 ssh-keys Panic on invalid input Issue
2017-03-28 rust-bmfont Panic on unwrapping of Err value Issue
2017-03-28 todotxt.rs Panic on array index out of bounds Issue
2017-05-23 ssh-parser Panic on overflow in subtraction Issue
2017-06-07 rust-bitcoin Sanity checks for vector length PR
2017-07-24 image Add a sanity check to fix arithmetic overflow PR
2017-09-11 radius-parser Panic on attempt to subtract with overflow Issue
2017-12-27 flif.rs Panic on attempt to subtract with overflow Issue
2018-06-22 obj_rs Panic on attempt to subtract with overflow Issue
2018-06-22 xmas-elf Panic on array index out of bounds Issue
2018-06-22 accept-language-rs Panic on array index out of bounds Issue
2018-06-25 dtparse Panic on unwrap of Err value Issue
2018-06-26 dtparse Panic on attempt to subtract with overflow Issue
2018-06-26 libflate Panics on debug_assert failures Issue
2018-06-26 bson-rs Panic on attempt to multiply with overflow Issue
2018-06-26 bson-rs Panic on attempt to subtract with overflow Issue
2018-06-26 bson-rs Panic on No such local time Issue
2018-07-01 dtparse Panic on invalid time Issue
2019-07-07 adsb Panic on attempt to multiply with overflow Issue

Tweet