Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Program unexpected panic when slice start index used #948

Closed
bhao-Soo opened this issue Jan 28, 2023 · 3 comments
Closed

Program unexpected panic when slice start index used #948

bhao-Soo opened this issue Jan 28, 2023 · 3 comments
Labels
invalid

Comments

@bhao-Soo
Copy link

What version of regex are you using?

1.7.1

Describe the bug at a high level.

Program range start index out of range for slice, which causing a panic.

What are the steps to reproduce the behavior?

Using auto-generated fuzz target can reproduce the behavior. it was uploaded to the issue platform.
start_index_out_of_range.zip

Similar problems were found in the fuzzy test:

  • regex/src/exec.rs:715:32
  • regex/src/dfa.rs:1415:45
  • regex/src/dfa.rs:1444:54
  • regex/src/exec.rs:702:28
  • regex/src/re_trait.rs:23:23
  • regex/src/re_set.rs:448:1

What is the actual behavior?

Panic happens, the program crashes.

What is the expected behavior?

Handle start index out of range without causing a panic
@BurntSushi
Copy link
Member

I added these debug statements to the body of your main function:

    std::dbg!(_param0);
    std::dbg!(_param1);
    std::dbg!(_param2);

And then ran your program and got:

$ cargo run crash_input
   Compiling start_index_out_of_range v0.1.0 (/home/andrew/tmp/issues/regex/i948/start_index_out_of_range)
    Finished dev [unoptimized + debuginfo] target(s) in 0.30s
     Running `target/debug/start_index_out_of_range crash_input`
data = [0, 59, 0, 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, 20, 59, 58, 59, 59, 1, 27, 58, 68, 59, 74, 91, 59, 59, 59, 45, 45, 93, 47, 59, 42, 31, 93, 47, 27, 58, 59, 45, 45, 45, 27, 58, 59, 59, 59, 59, 60, 59, 59, 59, 58, 0]
data len = 55
[main.rs:88] _param0 = "\0 \0\0\0\u{14};:;;\u{1}\u{1b}:D;J[;;;--]"
[main.rs:89] _param1 = "/;*\u{1f}]/\u{1b}:;---\u{1b}:;;;;<;;;:\0"
[main.rs:90] _param2 = 16607023625928704
thread 'main' panicked at 'range start index 16607023625928704 out of range for slice of length 24', /home/andrew/.cargo/registry/src/github.aaakk.us.kg-1ecc6299db9ec823/regex-1.7.1/src/exec.rs:702:28

Thus, while the panic is originating inside the regex library, the panic comes from providing an invalid offset in the first place. This isn't an issue with the regex library.

@BurntSushi BurntSushi closed this as not planned Won't fix, can't repro, duplicate, stale Jan 28, 2023
@BurntSushi
Copy link
Member

In the future, when reporting a bug, please provide a program that looks more like this:

fn main() {
    let pattern = "\0 \0\0\0\u{14};:;;\u{1}\u{1b}:D;J[;;;--]";
    let haystack = "/;*\u{1f}]/\u{1b}:;---\u{1b}:;;;;<;;;:\0";
    let at = 16607023625928704;
    let re = regex::Regex::new(pattern).unwrap();
    let result = re.shortest_match_at(haystack, at);
    dbg!(result);
}

This makes it much clearer what's going on and that the fault lies with the input. Your submission instead contains what looks like auto-generated code and the actual relevant input parameters are not clear.

This was referenced Jan 28, 2023
Closed
Closed
@bhao-Soo
Copy link
Author

Thank you very much for your timely reply. I have understood the reason, and I will make improvements to your suggestions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
invalid
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@BurntSushi @bhao-Soo