This repository was archived by the owner on Aug 6, 2023. It is now read-only.
This repository was archived by the owner on Aug 6, 2023. It is now read-only.
Some arithmetic overflow bugs found by afl.rs #446
Closed
Description
I've using afl.rs to fuzz this crate. And I've found several API may panic due to arithmetic overflow.
There are four APIs we find may panic. We just download tui.rs from this respository and add it as a dependency to our fuzzing target. The codes to replay this panics are
let rect1 = tui::layout::Rect::new(12336 ,12336 ,12336 ,12336);
let rect2 = tui::layout::Rect::new(58928 ,12336 ,12336 ,0);
let _ = tui::layout::Rect::union(rect1 ,rect2);let rect1 = tui::layout::Rect::new(12336 ,12336 ,12336 ,12336);
let rect2 = tui::layout::Rect::new(12336 ,65328 ,12336 ,12336);
let _ = tui::layout::Rect::intersection(rect1 ,rect2);let rect1 = tui::layout::Rect::new(12336 ,12336 ,12336 ,12336);
let rect2 = tui::layout::Rect::new(57648 ,12336 ,65328 ,48);
let _ = tui::layout::Rect::intersects(rect1 ,rect2);let rect1 = tui::layout::Rect::new(12336 ,12336 ,12336 ,12336);
let mut buf1 = tui::buffer::Buffer::empty(rect1);
let rect2 = tui::layout::Rect::new(12336 ,12336 ,12336 ,12336);
let buf2 = tui::buffer::Buffer::empty(rect2);
let _ = tui::buffer::Buffer::merge(&mut buf1 ,&buf2);we also put these code on first, second, third, fourth.
The bug report is
I hope you can check if these are real bugs need to be fixed. Thanks a lot.