Panic in lzma.writeRep #3
Comments
|
Just to make clear the panic indicates a bug in the encoder that needs to be fixed. |
|
The issue is not with the encoder but with the decoder. The input generated by go-fuzz is certainly malformed but I believe decoding libraries should not panic upon invalid inputs when possible (exception might be when allocating buffers but even these can be mitigated). The panic can be reproduced manually by running: using this as input: https://github.com/pmezard/xz/blob/fuzz/lzma/corpus/bad_dist_out_of_range.lzma in the fuzzing branch I pushed here: https://github.com/pmezard/xz/tree/fuzz The trivial reader code is here: https://github.com/pmezard/xz/blob/fuzz/lzma/lzmareader/lzmareader.go and go-fuzz function: https://github.com/pmezard/xz/blob/fuzz/lzma/fuzz.go |
|
Hi, many thanks for the comprehensive information. I will have to work on it, but can't start before Sunday. |
|
The code has been rewritten and and tested against multiple corpora. I'm planning fuzzing tests for v0.7. |
|
I labeled the issue as enhancement, because the open action is fuzzing the bug is fixed. |
@pmezard reported a panic in the master tree that he has found using go-fuzz. Many thanks for that. I have asked for the go-fuzz code and the crasher sequence to check what caused the bug and to fix it in the dev tree.
The text was updated successfully, but these errors were encountered: