fix: invalid memcopy bug in fuzzer

cloudwego · Oct 18, 2023 · 6ab0d88 · 6ab0d88
1 parent c838482
commit 6ab0d88
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 225 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -33,7 +33,9 @@ jobs:
       run: |
         cargo check
         cargo test
-        cargo bench
+        cargo bench check
+        cargo fuzz check
+        cargo +nightly fuzz run fuzz_value 
 
   test-linux-aarch64:
     runs-on: [self-hosted, arm]

diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock
diff --git a/fuzz/fuzz_targets/from_slice.rs b/fuzz/fuzz_targets/from_slice.rs
@@ -3,5 +3,7 @@
 use libfuzzer_sys::fuzz_target;
 
 fuzz_target!(|data: &[u8]| {
-    _ = sonic_rs::value::to_dom(data);
+    if let Ok(dom) = sonic_rs::value::dom_from_slice(data) {
+        let _ = sonic_rs::to_string(&dom).unwrap();
+    }
 });
diff --git a/src/reader.rs b/src/reader.rs
@@ -51,7 +51,8 @@ pub trait Reader<'de>: Sealed {
     fn slice_unchecked(&self, start: usize, end: usize) -> &'de [u8];
 
     #[cold]
-    fn position_of_index(&self, i: usize) -> Position {
+    fn position_of_index(&self, mut i: usize) -> Position {
+        i = i.min(self.as_u8_slice().len());
         let mut position = Position { line: 1, column: 0 };
         for ch in &self.as_u8_slice()[..i] {
             match *ch {

diff --git a/src/value/node.rs b/src/value/node.rs
@@ -976,7 +976,7 @@ impl Document {
         let dst = alloc.try_alloc_layout(layout).map_err(Error::custom)?;
         let json_buf = unsafe {
             let dst = dst.as_ptr();
-            std::ptr::copy_nonoverlapping(json.as_ptr(), dst, real_size);
+            std::ptr::copy_nonoverlapping(json.as_ptr(), dst, len);
             *(dst.add(len)) = b'x';
             *(dst.add(len + 1)) = b'"';
             *(dst.add(len + 2)) = b'x';