From d748e3662ec52451331a9f49a12726c8e2b8f925 Mon Sep 17 00:00:00 2001 From: Moritz Borcherding Date: Mon, 1 Apr 2024 14:43:16 +0200 Subject: [PATCH] When we dont check for request size we need to take care that the left shift does not panic --- .../crash-c746b132a6561becc94bbaf80f0fcd22c805ae7e | Bin 0 -> 55 bytes fuzz/fuzz_targets/decode.rs | 2 +- src/decoding/bit_reader_reverse.rs | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) create mode 100644 fuzz/artifacts/decode/crash-c746b132a6561becc94bbaf80f0fcd22c805ae7e diff --git a/fuzz/artifacts/decode/crash-c746b132a6561becc94bbaf80f0fcd22c805ae7e b/fuzz/artifacts/decode/crash-c746b132a6561becc94bbaf80f0fcd22c805ae7e new file mode 100644 index 0000000000000000000000000000000000000000..eef44c0022a0bc542bdd1b2227e49d3b54233171 GIT binary patch literal 55 zcmdPcs{hwTU=~9PBZC|p0|x`=1IFc{4?{yESXmfA@c;k+%=iEP=YRkIzVv_Xe-ex# K60CoZumS+~KNPJ1 literal 0 HcmV?d00001 diff --git a/fuzz/fuzz_targets/decode.rs b/fuzz/fuzz_targets/decode.rs index ab38137..ec1cc4a 100644 --- a/fuzz/fuzz_targets/decode.rs +++ b/fuzz/fuzz_targets/decode.rs @@ -4,7 +4,7 @@ extern crate ruzstd; use ruzstd::frame_decoder; fuzz_target!(|data: &[u8]| { - let mut content = data.clone(); + let mut content = data; let mut frame_dec = frame_decoder::FrameDecoder::new(); match frame_dec.reset(&mut content){ diff --git a/src/decoding/bit_reader_reverse.rs b/src/decoding/bit_reader_reverse.rs index 13c9c75..639e465 100644 --- a/src/decoding/bit_reader_reverse.rs +++ b/src/decoding/bit_reader_reverse.rs @@ -127,7 +127,7 @@ impl<'s> BitReaderReversed<'s> { let emulated_read_shift = signed_n - self.bits_remaining(); let v = self.get_bits(self.bits_remaining() as u8); debug_assert!(self.idx == 0); - let value = v << emulated_read_shift; + let value = v.wrapping_shl(emulated_read_shift as u32); self.idx -= emulated_read_shift; return value; }