error "attempt to subtract with overflow" #132
Description
Hi, I encountered a panic while fuzzing the fixedbitset crate on a debug build.:
thread '<unnamed>' panicked at /root/bdata/crates_ud/fixedbitset/src/lib.rs:1307:15:
attempt to subtract with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
==12744== ERROR: libFuzzer: deadly signal
NOTE: libFuzzer has rudimentary signal handlers.
Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
MS: 2 CMP-CrossOver- DE: "\000\000\000\000\000\000\000\000"-; base unit: adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,
\000\000\000\000\000\000\000\000
The fuzz target is:
#![no_main]
#[macro_use]
extern crate libfuzzer_sys;
extern crate fixedbitset;
fn _to_u64(data:&[u8], index:usize)->u64 {
let data0 = _to_u32(data, index) as u64;
let data1 = _to_u32(data, index+4) as u64;
data0 << 32 | data1
}
fn _to_usize(data:&[u8], index:usize)->usize {
_to_u64(data, index) as usize
}
fn _to_u32(data:&[u8], index:usize)->u32 {
let data0 = _to_u16(data, index) as u32;
let data1 = _to_u16(data, index+2) as u32;
data0 << 16 | data1
}
fn _to_u8(data:&[u8], index:usize)->u8 {
data[index]
}
fn _to_u16(data:&[u8], index:usize)->u16 {
let data0 = _to_u8(data, index) as u16;
let data1 = _to_u8(data, index+1) as u16;
data0 << 8 | data1
}
fn test_function23(mut _param0 :usize) {
let _ = fixedbitset::Ones::last_positive_bit_and_unset(&mut (_param0));
}
fuzz_target!(|data: &[u8]| {
//actual body emit
if data.len() != 8 {return;}
let _param0 = _to_usize(data, 0);
test_function23(_param0);
});
This panic can be reproduced using the following raw bytes:
[0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]