Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Panic when parsing malformed phone number #43

Closed
5225225 opened this issue Nov 11, 2021 · 0 comments · Fixed by #44
Closed

Panic when parsing malformed phone number #43

5225225 opened this issue Nov 11, 2021 · 0 comments · Fixed by #44

Comments

@5225225
Copy link

5225225 commented Nov 11, 2021 

#![no_main]
use libfuzzer_sys::fuzz_target;

fuzz_target!(|data: &str| {
    phonenumber::parse(None, data);
});

Input: " 2 22#:"

stack trace:

thread '<unnamed>' panicked at 'called `Option::unwrap()` on a `None` value', /home/jess/src/rust-phonenumber/src/parser/natural.rs:31:31
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
==1196841== ERROR: libFuzzer: deadly signal
    #0 0x558960d73251 in __sanitizer_print_stack_trace /rustc/llvm/src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:87:3
    #1 0x5589618a01f8 in fuzzer::PrintStackTrace() (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x124a1f8)
    #2 0x55896187a2d5 in fuzzer::Fuzzer::CrashCallback() (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x12242d5)
    #3 0x7f5e7670b86f  (/usr/lib/libpthread.so.0+0x1386f)
    #4 0x7f5e7641bd21 in raise (/usr/lib/libc.so.6+0x3cd21)
    #5 0x7f5e76405861 in abort (/usr/lib/libc.so.6+0x26861)
    #6 0x558961927796 in std::sys::unix::abort_internal::h2b5353982e294b6c /rustc/8b09ba6a5d5c644fe0f1c27c7f9c80b334241707/library/std/src/sys/unix/mod.rs:259:14
    #7 0x558960cecac5 in std::process::abort::h64b8d5b89778f542 /rustc/8b09ba6a5d5c644fe0f1c27c7f9c80b334241707/library/std/src/process.rs:1987:5
    #8 0x558961865765 in libfuzzer_sys::initialize::_$u7b$$u7b$closure$u7d$$u7d$::h811575f9bb402bcd (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x120f765)
    #9 0x55896191be48 in std::panicking::rust_panic_with_hook::hf8e86850fbbd03b1 /rustc/8b09ba6a5d5c644fe0f1c27c7f9c80b334241707/library/std/src/panicking.rs:610:17
    #10 0x55896191b8d1 in std::panicking::begin_panic_handler::_$u7b$$u7b$closure$u7d$$u7d$::h590a0d6060ff866e /rustc/8b09ba6a5d5c644fe0f1c27c7f9c80b334241707/library/std/src/panicking.rs:500:13
    #11 0x558961918893 in std::sys_common::backtrace::__rust_end_short_backtrace::h260b8bd1c848a03c /rustc/8b09ba6a5d5c644fe0f1c27c7f9c80b334241707/library/std/src/sys_common/backtrace.rs:139:18
    #12 0x55896191b868 in rust_begin_unwind /rustc/8b09ba6a5d5c644fe0f1c27c7f9c80b334241707/library/std/src/panicking.rs:498:5
    #13 0x558960cee030 in core::panicking::panic_fmt::h7b8580d81fcbbacd /rustc/8b09ba6a5d5c644fe0f1c27c7f9c80b334241707/library/core/src/panicking.rs:106:14
    #14 0x558960cedf7c in core::panicking::panic::h50b51d19800453c0 /rustc/8b09ba6a5d5c644fe0f1c27c7f9c80b334241707/library/core/src/panicking.rs:47:5
    #15 0x558960f8b253 in phonenumber::parser::natural::phone_number::h0fa34d8d9465ee72 (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x935253)
    #16 0x558960ee6028 in _$LT$$LP$A$C$B$RP$$u20$as$u20$nom..branch..Alt$LT$Input$C$Output$C$Error$GT$$GT$::choice::hb1d4cb7a3a5ac067 (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x890028)
    #17 0x558960f905e2 in phonenumber::parser::parse_with::phone_number::h6f3cab01067dc854 (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x93a5e2)
    #18 0x558960d9e78b in phonenumber::parser::parse_with::h67d248e390f231c7 (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x74878b)
    #19 0x558960db9fbb in rust_fuzzer_test_input (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x763fbb)
    #20 0x5589618658b8 in __rust_try (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x120f8b8)
    #21 0x558961864d88 in LLVMFuzzerTestOneInput (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x120ed88)
    #22 0x55896187a811 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1224811)
    #23 0x55896187fe1f in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1229e1f)
    #24 0x558961880d18 in fuzzer::Fuzzer::MutateAndTestOne() (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x122ad18)
    #25 0x558961883117 in fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x122d117)
    #26 0x558961873d50 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x121dd50)
    #27 0x558960cee802 in main (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x698802)
    #28 0x7f5e76406b24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24)
    #29 0x558960cee9ad in _start (/home/jess/.cache/cargo/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x6989ad)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bail out if regexp doesn't match when looking for extensions fabricedesre/rust-phonenumber
1 participant
@5225225