Skip to content

Panic attempt to subtract with overflow in src/wavpack/properties.rs #491

New issue
New issue
Closed
#496
Closed
Panic attempt to subtract with overflow in src/wavpack/properties.rs#491
#496
Labels
bugSomething isn't working
@qarmin

Description

@qarmin
qarmin
opened on Nov 26, 2024

Reproducer

I tried this code:

#![no_main]

use libfuzzer_sys::{fuzz_target, Corpus};
use lofty::file::AudioFile;
use lofty::file::{FileType, TaggedFileExt};
use lofty::probe::Probe;

const ALL_FILE_TYPES: &[FileType] = &[
    FileType::Aac,
    FileType::Aiff,
    FileType::Ape,
    FileType::Flac,
    FileType::Mpeg,
    FileType::Mp4,
    FileType::Mpc,
    FileType::Opus,
    FileType::Vorbis,
    FileType::Speex,
    FileType::Wav,
    FileType::WavPack,
];

fuzz_target!(|data: &[u8]| -> Corpus {
    let mut corpus = Corpus::Reject;
    for i in ALL_FILE_TYPES {
        let s = std::io::Cursor::new(data);
        let tagged_file = match Probe::with_file_type(s, *i).read() {
            Ok(t) => t,
            Err(_e) => {
                continue;
            }
        };
        corpus = Corpus::Keep;
        tagged_file.properties();
        tagged_file.tags();
        tagged_file.primary_tag();
    }

    corpus
});

Summary

thread 'main' panicked at /home/runner/.cargo/git/checkouts/lofty-rs-f5e48f8219b271cf/dd4e926/lofty/src/wavpack/properties.rs:190:27:
attempt to subtract with overflow
stack backtrace:
   0: rust_begin_unwind
             at /rustc/a47555110cf09b3ed59811d9b02235443e76a595/library/std/src/panicking.rs:665:5
   1: core::panicking::panic_fmt
             at /rustc/a47555110cf09b3ed59811d9b02235443e76a595/library/core/src/panicking.rs:76:14
   2: core::panicking::panic_const::panic_const_sub_overflow
             at /rustc/a47555110cf09b3ed59811d9b02235443e76a595/library/core/src/panicking.rs:182:21
   3: lofty::wavpack::properties::read_properties
             at /home/runner/.cargo/git/checkouts/lofty-rs-f5e48f8219b271cf/dd4e926/lofty/src/wavpack/properties.rs:190:27
   4: lofty::wavpack::read::read_from
             at /home/runner/.cargo/git/checkouts/lofty-rs-f5e48f8219b271cf/dd4e926/lofty/src/wavpack/read.rs:56:4
   5: <lofty::wavpack::WavPackFile as lofty::file::audio_file::AudioFile>::read_from
             at /home/runner/.cargo/git/checkouts/lofty-rs-f5e48f8219b271cf/dd4e926/lofty/src/wavpack/mod.rs:14:10
   6: lofty::probe::Probe<R>::read
             at /home/runner/.cargo/git/checkouts/lofty-rs-f5e48f8219b271cf/dd4e926/lofty/src/probe.rs:479:26
   7: lofty::check_file
             at /home/runner/work/Automated-Fuzzer/Automated-Fuzzer/src/crates/lofty/src/main.rs:42:33
   8: lofty::main
             at /home/runner/work/Automated-Fuzzer/Automated-Fuzzer/src/crates/lofty/src/main.rs:26:9
   9: core::ops::function::FnOnce::call_once
             at /home/runner/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/ops/function.rs:250:5
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.

Expected behavior

No response

Assets

crash-b583ce7029fc17100e2aabfa4679865a2a5fd9a4_minimized.zip

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions