A showcase of bugs found via fuzz testing Rust codebases. It serves multiple purposes:
These bugs aren't nearly as serious as the memory-safety issues afl has discovered in C and C++ projects. That's because Rust is memory-safe by default! Have you fuzzed Rust code and found a bug? Please consider adding it to this table via a pull request!
Security issues are marked with a ❗️ in the "Security?" column. Denial of service, including panics and out-of-memory, are not considered security issues.
Crate Information Fuzzer Category Security? alloy-json-abi Stack Overflow in JsonAbi::parse libfuzzerso artichoke infinite loop in bison-generated C code libfuzzer loop asn1 #32 afl oom async-h1 non-ASCII input to method libfuzzer panic bcrypt indexing on non-utf8 boundry libfuzzer utf-8 bincode invalid system time panic libfuzzer panic bincode invalid duration panic libfuzzer panic bmfont panic on unwrapping libfuzzer panic boa invalid spans honggfuzz logic boa Could not convert to BigInt honggfuzz logic boa invalid utf16 honggfuzz logic boa assignment to number honggfuzz logic boa division by zero honggfuzz arith boa assertion failure libfuzzer panic brotli-rs #10 afl panic brotli-rs #11 afl panic brotli-rs #12 afl panic brotli-rs #2 afl panic brotli-rs #3 afl panic brotli-rs #4 afl panic brotli-rs #5 afl oor brotli-rs #6 afl arith brotli-rs #7 afl oor brotli-rs #8 afl arith brotli-rs #9 afl arith bson #116 libfuzzer oom bson multiple bugs, including arithmetic overflow libfuzzer arith, other, unwrap bson arithmetic overflow leading to out of memory libfuzzer arith, oom capnproto-rust Multiple bugs, including a memory safety bug libfuzzer ❗️ capnproto-rust reddit, e72746c libfuzzer logic capnproto-rust Out-of-bounds read libfuzzer oor ❗️ chrono overflow in date arithmetic libfuzzer arith chrono panic in checked_add_days libfuzzer + bolero panic clap issue/2264 afl utf-8 claxon 0fd8815 libfuzzer unwrap claxon 21b1db4 libfuzzer oor claxon 875c3b2 libfuzzer logic claxon c036944 libfuzzer logic claxon Massive slowdown on malformed input libfuzzer other claxon Memory disclosure on malformed input afl + libdiffuzz uninit ❗️ comrak #65 libfuzzer oor cookie indexing on non-utf8 boundry libfuzzer utf-8 cpp_demangle Multiple panics afl unwrap, arith cranelift #418 libfuzzer logic csscolorparser indexing on non-utf8 boundry libfuzzer utf-8 cssparser floating-point parsing imprecision libfuzzer logic cursive grapheme boundary correctness libfuzzer utf-8 deflate-rs #40 afl logic deflate-rs #42 afl logic der arithmetic overflow leading to index out of bounds libfuzzer arith der-parser arithmetic overflow libfuzzer arith dhcp4r #6 libfuzzer oor encoding_rs #44 afl logic exmex #8 honggfuzz arith, logic exmex #13 libfuzzer utf-8 fatfs arithmetic overflow libfuzzer arith flac #3 afl oom flac index out of bounds libfuzzer oor flatgeobuf #85 libfuzzer oom flatgeobuf #86 libfuzzer oor flif #26 libfuzzer oom fontdue arithmetic overflow libfuzzer arith fontdue slow parsing libfuzzer other geo #531 libfuzzer logic geo #536 libfuzzer logic goblin memory exhaustion afl oom goblin memory exhaustion libfuzzer oom h2 #260 honggfuzz oor h2 #261 honggfuzz panic h2 #262 honggfuzz panic h2 assertion failure libfuzzer panic handlebars index out of bounds libfuzzer oor handlebars unwrap panic libfuzzer unwrap hjson-rust invalid utf8 libfuzzer utf-8 hjson-rust subtract with overflow libfuzzer arith hjson-rust removal index (is 0) should be < len libfuzzer logic hjson-rust panics on ParseIntError libfuzzer arith httparse #9 afl arith httpdate accepted dates like "May 35" libfuzzer logic, arith httpdate panic on "no character boundary" libfuzzer utf-8 human-name several panics libfuzzer logic, arith hyper arithmetic overflow libfuzzer arith image #1238 afl oor image #414 afl logic image #473 afl arith image #474 afl unwrap image #477 afl oor image #622 libfuzzer oom image #623 libfuzzer oom image #624 libfuzzer oom image #625 libfuzzer oor image #876 afl oor image #877 afl arith image #878 afl oor image Failed to break on an EOF afl oor image arithmetic overflow libfuzzer arith image-gif infinite loop libfuzzer loop inflate arithmetic overflow libfuzzer arith ipfix index out of bounds libfuzzer oor jpeg-decoder #38 afl unwrap jpeg-decoder #50 afl oom jpeg-decoder arithmetic overflow libfuzzer arith jpeg-decoder 180 libfuzzer logic jpeg-decoder arithmetic overflow libfuzzer arith json-rust arithmetic overflow afl arith json-rust issue/193 afl panic jsonschema issue/253 libfuzzer oor juniper panic on "no character boundary" libfuzzer utf-8 just #363 libfuzzer logic kalker index out of bounds libfuzzer oor lewton enormous CPU and memory consumption on crafted input afl other lewton index out of bounds honggfuzz oor lewton index out of bounds afl oor lewton index out of bounds afl oor lewton index out of bounds afl oor lewton infinite loop afl loop lewton large CPU and memory consumption on crafted input afl other lewton memory exhaustion due to integer underflow afl arith, oom lewton memory exhaustion afl oom lexical arithmetic overflow libfuzzer arith lexical arithmetic overflow libfuzzer arith lexical Out-of-bounds read in unsafe code libfuzzer oor libflate 258cf44 honggfuzz oor libflate 6157daa honggfuzz panic libflate dc77163 honggfuzz unwrap libflate Out-of-bounds read in unsafe code afl oor libflate internal assertion failure libfuzzer panic libpnet arithmetic overflow libfuzzer arith libstd overflow in range bounds calculation on Vec::drain rutenspitz arith lodepng-rust memory leak libfuzzer oom lopdf arithmetic overflow libfuzzer arith lz-fear index out of bounds libfuzzer oor lz-fear index out of bounds libfuzzer oor lz-fear memory exhaustion libfuzzer oom lz4_flex memcpy-param-overlap libfuzzer other lz4_flex heap-buffer-overflow libfuzzer oor ❗️ lzma-rs behavior mismatch with reference implementation libfuzzer logic matchit invalid utf-8 libfuzzer utf-8 minidump #7 libfuzzer panic minidump unbounded allocation libfuzzer oom minidump slicing out of bounds libfuzzer oor minidump creating backwards ranges libfuzzer panic minidump add with overflow #413 libfuzzer arith minidump add with overflow #422 libfuzzer arith minidump add with overflow #425 libfuzzer arith minidump infinitely extending vec OOM libfuzzer oom minidump subtract with overflow #439 libfuzzer arith minidump index OOB libfuzzer oor miniz_oxide Infinite loop exhausting memory libfuzzer loop, oom miniz_oxide Infinite loop libfuzzer loop Molten #41 libfuzzer utf-8 Molten #42 libfuzzer oor mongo_driver #55 libfuzzer unwrap mp3-metadata Multiple panics afl oor mp4ameta unbounded allocation libfuzzer oom mp4parse-rust #2 afl panic mp4parse-rust #4 afl panic mp4parse-rust #5 afl panic mp4parse-rust #6 afl panic msgpack-rust #151 afl oom naga slicing not on a character boundary libfuzzer utf-8 ncurses-rs string with \0 libfuzzer unwrap nifti out of bounds array slicing libfuzzer oor nom arithmetic overflow libfuzzer arith npy-rs arithmetic overflow due to incorrect parameter declaration libfuzzer arith, logic ntfs multiply with overflow libfuzzer arith ntfs index OOB libfuzzer oor ntp panic caused by unwrap on invalid input libfuzzer unwrap num panic on BigInt parsing libfuzzer unwrap pade index out of bounds and assertion failure test-fuzz panic pancurses string with \0 libfuzzer unwrap parity panic on BasicDecoder unchecked addition libfuzzer arith pcapng arithmetic overflow libfuzzer arith pdf index out of bounds libfuzzer oor pdf infinite loop libfuzzer loop pdf stack overflow (unbounded recursion) libfuzzer so pdf stack overflow (unbounded recursion) libfuzzer so pdf stack overflow (unbounded recursion) libfuzzer so pdf stack overflow (unbounded recursion) libfuzzer so pdf index out of bounds #122 libfuzzer oor pdf index out of bounds #123 libfuzzer oor pdf index out of bounds #124 libfuzzer oor pdf index out of bounds #126 libfuzzer oor pgp subtract with overflow libfuzzer arith phonenumber internal unwrap libfuzzer unwrap picky #10 libfuzzer unwrap picky-asn1-der #10 libfuzzer arith, oom, oor plist arithmetic overflow libfuzzer arith png crash on malformed input afl oom png incorrect buffer size due to integer overflow afl arith, oom png infinite loop on crafted input libfuzzer loop png panic on malformed input libfuzzer oor png panic on malformed input libfuzzer unwrap png panic on malformed input libfuzzer oor png panic on malformed input afl unwrap, logic prettytable-rs subtract with overflow libfuzzer arith proc-macro2 #54 afl utf-8 proc-macro2 #55 afl so prost Stack overflow afl so pulldown-cmark arithmetic overflow libfuzzer arith pulldown-cmark Overflow ParseIntError libfuzzer unwrap pulldown-cmark Panics and infinite loop libfuzzer loop, utf-8, oor pulldown-cmark string slice out of bounds libfuzzer oor pulldown-cmark beginning more than end slice index libfuzzer oor pulldown-cmark option unwrap parsing heading attributes libfuzzer unwrap quick-xml arithmetic overflow libfuzzer arith quick-xml arithmetic overflow libfuzzer arith quick-xml index out of bounds libfuzzer oor quick-xml internal unreachable panic libfuzzer panic rasn failed round trip libfuzzer logic rawloader abort on huge memory allocation afl oom rav1e Invalid assertion in rate control libfuzzer panic rav1e LRF crash when encoding tiny frames libfuzzer panic rav1e CDEF UV direction mismatch for 4:2:2 libfuzzer logic rav1e Safe wrappers for-sys dav1d libfuzzer logic rav1e Crash with 4 tiles for 1080p 4:2:2 libfuzzer logic rav1e Buffer underflow in CDEF pad_into_tmp16 libfuzzer so rav1e Tiling mismatch for 4:2:2 libfuzzer logic rav1e Encode-decode mismatch libfuzzer logic rav1e Crash on width or height of 1 libfuzzer panic rav1e Encoder admits invalid color configuration libfuzzer logic raven-uxn Three incorrect opcode implementations libfuzzer logic redis Multiplication overflow panics in the parser afl arith regex #417 afl utf-8 regex #84 afl unwrap regex called Option::unwrap() on a None value honggfuzz unwrap regex index out of bounds honggfuzz oor regex regex parsing panics with blog post libfuzzer unwrap regex Unexpected match branch honggfuzz logic regex issue/738 afl arith, oor, utf-8 reth Encode-decode mismatch test-fuzz logic risuto server DoS on user input date out of range libfuzzer + bolero panic risuto server DoS on user input date during a timezone change libfuzzer + bolero panic rmpv Unchecked vector pre-allocation afl oom ron stack overflow (unbounded recursion) libfuzzer so ron Maps are wrapped in a sequence libfuzzer logic roughenough handle truncated message afl oor roughenough incorrect range check fix libfuzzer logic roughenough reject messages with zero tags afl logic, oor roughenough reject short single tag messages afl logic, oor roughenough return Error instead of panicking afl panic roughenough validate tag offset not past end of message afl logic roughenough validate value offset not pass end of message afl logic ruint Encode-decode mismatch test-fuzz logic rust-ini invalid codepoint libfuzzer utf-8 rustc #24275 afl other rustc #50577 prog-fuzz logic rustc #50582 prog-fuzz logic rustc #50585 prog-fuzz logic rustc #50600 prog-fuzz logic rustc #50637 prog-fuzz loop rustc #51070 prog-fuzz logic rustc #62524 #62546 #62554 #62863 #62881 #62894 #62895 #62913 #62973 #63116 #63135 #66473 #68629 #68730 #68890 #69130 #69310 #69378 #69396 #69401 #69600 #69602 #70549 #70552 #70594 #70608 #70677 #70724 #70736 #70763 #70813 #70942 #71297 #71471 #71798 #72410 #84104 #84117 #84148 #84149 #86895 #88770 #92267 fuzz-rustc utf-8, panic, oom, loop, oor, unwrap rustc-demangle multiply with overflow libfuzzer arith rustc-serialize #109 afl arith rustc-serialize #110 afl panic semver logic error libfuzzer logic semver issue/227 afl unwrap Sequoia-PGP #514 libfuzzer arith Sequoia-PGP #515 libfuzzer utf-8 Sequoia-PGP #516 libfuzzer oor Sequoia-PGP #516 libfuzzer oor serde #75 afl arith serde #77 afl arith serde #82 afl so serde-yaml #49 libfuzzer so serde-yaml #88 libfuzzer logic simd-json NUL bytes allowed inside JSON libfuzzer logic simple_asn1 #9 libfuzzer arith, oor sleep-parser #3 honggfuzz oor, utf-8 smoltcp arithmetic underflow libfuzzer arith smoltcp index out of bounds libfuzzer oor smoltcp index out of bounds libfuzzer oor smoltcp index out of bounds libfuzzer oor smoltcp index out of bounds libfuzzer oor smoltcp index out of bounds libfuzzer oor smoltcp index out of bounds libfuzzer oor smoltcp index out of bounds libfuzzer oor snap #12 libfuzzer oor snmp-parser panic on unwrapping libfuzzer unwrap soroban-env incorrect comparison functions libfuzzer logic soroban-env incorrect comparison functions libfuzzer logic soroban-env incorrect conversion libfuzzer logic sqlformat panic on unwrapping error due to failure to parse int libfuzzer unwrap sqlparser stack overflow (unbounded recursion) libfuzzer so ssh-keys #3 afl oor ssh-keys panic on slice indexing libfuzzer oor ssh-parser arithmetic overflow libfuzzer arith sszb advance out of bounds, overflow test-fuzz panic, arith stellar-xdr incorrect comparison functions libfuzzer logic strftime-ruby panic on large padding with reduced rustc format args width and precision libfuzzer panic strftime-ruby partial write of multibyte UTF-8 character to core::fmt::Write libfuzzer utf-8 svgparser arithmetic overflow, bound checking panic, incorrect result libfuzzer arith, oor, logic svgparser endless loop libfuzzer loop swf-parser #23 libfuzzer logic sxd-document use after free libfuzzer uaf ❗️ symbolic-demangle extremely slow demangling, OOM libfuzzer oom symbolic-minidump segfault in exposed C++ library libfuzzer segfault ❗️ symbolic-unreal unbounded allocation libfuzzer oom symphonia panic on unwrapping libfuzzer unwrap syn Unrecognized literal libfuzzer logic syn panic when parsing impl libfuzzer logic tar-rs #23 afl arith tera #396 libfuzzer arith, logic tera unimplemented panic libfuzzer panic tf-demo-parser arithmetic overflow leading to out of memory libfuzzer arith, oom tiff index out of bounds afl oor tiff infinite loop on malformed input afl loop tiff memory exhaustion on malformed input afl oom tiff panic on attempt to divide by zero afl arith time issue/309 afl panic, arith tinytemplate beginning more than end on string slicing libfuzzer oor tinyvec arithmetic underflow rutenspitz arith tinyvec resize() could set incorrect size for inline storage rutenspitz logic tinyvec swap_remove() for last element worked incorrectly rutenspitz logic todotxt.rs index out of bounds libfuzzer oor tokei panic libfuzzer oor tokei consistency #725 libfuzzer logic toml #178 libfuzzer logic toml #179 libfuzzer logic toml #180 libfuzzer logic toml #181 libfuzzer logic toml #185 libfuzzer logic toml #186 libfuzzer logic toml stack overflow (unbounded recursion) libfuzzer so toml_edit stack overflow (unbounded recursion) libfuzzer so trust-dns-proto Incorrect length check in Encoding libfuzzer logic trust-dns-proto ZERO resouce records are mis-parsed libfuzzer logic trust-dns-proto Incorrect handling of escapes libfuzzer logic ttf-parser infinite loop libfuzzer loop ttf-parser assertion failure libfuzzer panic tui issue/446 afl arith ubyte multiply with overflow when parsing fractional number libfuzzer arith unicode-segmentation grapheme boundary correctness libfuzzer logic unicode-segmentation word boundary correctness libfuzzer logic unified-diff lines before 1, with no context libFuzzer logic url #108 afl oor url infinite loop libfuzzer loop url slicing error afl oor url out of index afl oor url failed round trip parse libfuzzer logic uuid index out of bounds libfuzzer oor v_escape heap buffer overflow libfuzzer oor ❗️ vector arithmetic overflow #1 libfuzzer arith vector arithmetic overflow #2 libfuzzer arith vector index out of bounds libfuzzer oor vial arithmetic overflow libfuzzer arith vosub arithmetic overflow libfuzzer arith vosub invalid slice libfuzzer oor vosub invalid slice libfuzzer oor vosub invalid slice libfuzzer panic vosub shift overflow libfuzzer arith wasmparser.rs arithmetic overflow libfuzzer arith wayland-rs #187 libfuzzer oor ws-rs arithmetic overflow libfuzzer arith xi-editor issue/1303 afl arith xml-rs #93 afl utf-8 xml-rs arithmetic overflow libfuzzer arith yaxpeax-x86 #12 arithmetic overflow libfuzzer arith yaxpeax-x86 #13 arithmetic overflow libfuzzer arith yaxpeax-x86 #15 arithmetic overflow libfuzzer arith zip-rs arithmetic overflow libfuzzer arith zip-rs arithmetic overflow libfuzzer arith zune-jpeg heap buffer overflow libfuzzer oor ❗️ Description of categories:
arith: Arithmetic error, eg. overflowslogic: Logic bugloop: Infinite loopoom: Out of memoryoor: Out of range accesssegfault: Program segfaultedso: Stack overflowuaf: Use after freeuninit: Program discloses contents of uninitialized memoryunwrap: Call to unwrap on None or Err(_)utf-8: Problem with UTF-8 strings handling, eg. get a char not at a char boundarypanic: A panic not covered by any of the aboveother: Anything that does not fit in another category, or unclear what the problem isRetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4