Panic on attempt to subtract with overflow

Question

Panic on attempt to subtract with overflow

Closed this issue 6 years ago · 1 comments

Found using honggfuzz.

\x0D\x31 causes the panic.

thread 'main' panicked at 'attempt to subtract with overflow', /home/user/.cargo/git/checkouts/dtparse-4231ce982140a2f6/73a7aca/src/lib.rs:1230:37
stack backtrace:
   0: std::sys::unix::backtrace::tracing::imp::unwind_backtrace
             at libstd/sys/unix/backtrace/tracing/gcc_s.rs:49
   1: std::sys_common::backtrace::print
             at libstd/sys_common/backtrace.rs:71
             at libstd/sys_common/backtrace.rs:59
   2: std::panicking::default_hook::{{closure}}
             at libstd/panicking.rs:211
   3: std::panicking::default_hook
             at libstd/panicking.rs:227
   4: std::panicking::rust_panic_with_hook
             at libstd/panicking.rs:463
   5: std::panicking::begin_panic_fmt
             at libstd/panicking.rs:350
   6: rust_begin_unwind
             at libstd/panicking.rs:328
   7: core::panicking::panic_fmt
             at libcore/panicking.rs:71
   8: core::panicking::panic
             at libcore/panicking.rs:51
   9: dtparse::Parser::find_hms_index
             at /home/user/.cargo/git/checkouts/dtparse-4231ce982140a2f6/73a7aca/src/lib.rs:1230
  10: dtparse::Parser::parse_numeric_token
             at /home/user/.cargo/git/checkouts/dtparse-4231ce982140a2f6/73a7aca/src/lib.rs:1109
  11: dtparse::Parser::parse_with_tokens
             at /home/user/.cargo/git/checkouts/dtparse-4231ce982140a2f6/73a7aca/src/lib.rs:819
  12: dtparse::Parser::parse
             at /home/user/.cargo/git/checkouts/dtparse-4231ce982140a2f6/73a7aca/src/lib.rs:772
  13: dtparse::parse
             at /home/user/.cargo/git/checkouts/dtparse-4231ce982140a2f6/73a7aca/src/lib.rs:1311
  14: dtparse_parse::main::{{closure}}
             at /home/user/daniel/targets/common/src/lib.rs:300
             at fuzzer-honggfuzz/src/bin/dtparse_parse.rs:8
  15: honggfuzz::fuzz
             at /home/user/.cargo/registry/src/github.com-1ecc6299db9ec823/honggfuzz-0.5.20/src/lib.rs:301
  16: dtparse_parse::main
             at fuzzer-honggfuzz/src/bin/dtparse_parse.rs:7
  17: std::rt::lang_start::{{closure}}
             at /checkout/src/libstd/rt.rs:74
  18: std::panicking::try::do_call
             at libstd/rt.rs:59
             at libstd/panicking.rs:310
  19: __rust_maybe_catch_panic
             at libpanic_unwind/lib.rs:105
  20: std::rt::lang_start_internal
             at libstd/panicking.rs:289
             at libstd/panic.rs:374
             at libstd/rt.rs:58
  21: std::rt::lang_start
             at /checkout/src/libstd/rt.rs:74
  22: main
  23: __libc_start_main
  24: _start

Answer 1 · 2018-06-30T02:58:13.000Z

This one was super interesting, thanks for the report!