Skip to content

Integer overflow when parsing JSON #75

New issue
New issue
Closed
Closed
Integer overflow when parsing JSON#75
Labels
bug
@frewsxcv

Description

@frewsxcv
frewsxcv
opened on May 16, 2015

Code

#![feature(plugin)]
#![plugin(afl_coverage_plugin)]

extern crate afl_coverage;

extern crate serde;

use std::io::{self, Read, Cursor};

use serde::json::{self, Value};


fn main() {
    let mut input = String::new();
    let result = io::stdin().read_to_string(&mut input);
    if result.is_ok() {
        let _: Result<Value, _> = json::from_str(&input);
    }
}

Input

777777777777777777777777777

Crash

root@vultr:~/afl-staging-area2# cargo run < outputs/crashes/id\:000000\,sig\:04\,src\:000000\,op\:havoc\,rep\:16
     Running `target/debug/afl-staging-area2`
thread '<main>' panicked at 'arithmetic operation overflowed', /root/serde/src/json/de.rs:201
An unknown error occurred

To learn more, run the command again with --verbose.

This bug was found using https://github.com/kmcallister/afl.rs 👍

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions