bson-rust: Bugs in decoder found by fuzzing

Found the following:

“thread ‘<unnamed>’ panicked at ‘No such local time’” From: chrono-0.2.25/src/offset/mod.rs:151 via src/decoder/mod.rs:172
“thread ‘<unnamed>’ panicked at ‘attempt to multiply with overflow’” - src/decoder/mod.rs:172
“thread ‘<unnamed>’ panicked at ‘attempt to subtract with overflow’” src/decoder/mod.rs:45
“AddressSanitizer failed to allocate 0xffffffff93000000 bytes” (whatever that means in real life)

Full logs: https://gist.github.com/killercup/5e8623e0d8b0fe9868b45eb223ef51d8 (See last few lines for inputs used, in bytes or base64)

See https://github.com/rust-fuzz/targets/pull/51 for sources, I ran it with

$ env ASAN_OPTIONS="detect_odr_violation=0 allocator_may_return_null=1" ./run-fuzzer.sh bson read_bson

cc https://github.com/rust-fuzz/targets/issues/39

About this issue

Original URL
State: closed
Created 7 years ago
Comments: 17 (13 by maintainers)

Commits related to this issue

[#64] Captured invalid timestamp, preventing chrono panicking — committed to mongodb/bson-rust by zonyitoo 6 years ago
[#64] Do not panic if length of UTF-8 string is invalid — committed to mongodb/bson-rust by zonyitoo 6 years ago
[#64] Do not panic if length of UTF-8 string is invalid — committed to mongodb/bson-rust by zonyitoo 6 years ago
[#64] Do not panic if length of UTF-8 string is invalid — committed to mongodb/bson-rust by zonyitoo 6 years ago
[#64] Saturating timstamp to fit u32 useconds of chrono API — committed to mongodb/bson-rust by zonyitoo 6 years ago
[#64] Reverted saturating usec of UTC time — committed to mongodb/bson-rust by zonyitoo 6 years ago
[#64] Compatible if time is nagative — committed to mongodb/bson-rust by zonyitoo 6 years ago
[#64] Captured invalid timestamp, preventing chrono panicking — committed to lrlna/bson-rs by zonyitoo 6 years ago
[#64] Do not panic if length of UTF-8 string is invalid — committed to lrlna/bson-rs by zonyitoo 6 years ago
[#64] Saturating timstamp to fit u32 useconds of chrono API — committed to lrlna/bson-rs by zonyitoo 6 years ago
[#64] Reverted saturating usec of UTC time — committed to lrlna/bson-rs by zonyitoo 6 years ago
[#64] Compatible if time is nagative — committed to lrlna/bson-rs by zonyitoo 6 years ago

Most upvoted comments

@zonyitoo note that mgo is neither an official MongoDB driver nor actively maintained; the official (albeit pre-stable) Go driver is here

+2

saghm on Jun 28, 2018

Great investigations, thanks @zonyitoo + @neosilky!

+1

kyeah on Jul 3, 2018

Read more comments on GitHub

← mongock: Use mongock with springboot 2.0.7 but do not work

bson-rust: ObjectId (de)serialization problem →