Don’t panic on invalid object references.fuzz

author: Edward Barnard 2017-03-03 13:59:05 +0000
committer: Edward Barnard 2017-03-03 13:59:05 +0000
commit: 8eef734830f302066f61c826d6e132a1bb9fc650 (patch)
tree: 51217c6acffce9624cbc49d14510f099cb116737
parent: af6c771aca701c566920eac04141c16c2b7c6c91 (diff)
download: rust-plist-fuzz.tar.bz2
2 files changed, 7 insertions, 1 deletions
diff --git a/src/binary/reader.rs b/src/binary/reader.rs
index 600d3b3..474e69d 100644
--- a/src/binary/reader.rs
+++ b/src/binary/reader.rs
@@ -145,7 +145,7 @@ impl<R: Read + Seek> EventReader<R> {
 
     fn seek_to_object(&mut self, object_ref: u64) -> Result<u64> {
         let object_ref = try!(u64_to_usize(object_ref));
-        let offset = *&self.object_offsets[object_ref];
+        let offset = *self.object_offsets.get(object_ref).ok_or(Error::InvalidData)?;
         let pos = try!(self.reader.seek(SeekFrom::Start(offset)));
         Ok(pos)
     }
diff --git a/tests/fuzzer.rs b/tests/fuzzer.rs
index 701df5e..4d7b151 100644
--- a/tests/fuzzer.rs
+++ b/tests/fuzzer.rs
@@ -15,6 +15,12 @@ fn too_large_allocation_2() {
     test_fuzzer_data_err(data);
 }
 
+#[test]
+fn empty_offset_table() {
+    let data = b"bplist00;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00<)\x9fXTX(";
+    test_fuzzer_data_err(data);
+}
+
 fn test_fuzzer_data_err(data: &[u8]) {
     let cursor = Cursor::new(data);
     let res = Plist::read(cursor);
author	Edward Barnard	2017-03-03 13:59:05 +0000
committer	Edward Barnard	2017-03-03 13:59:05 +0000
commit	8eef734830f302066f61c826d6e132a1bb9fc650 (patch)
tree	51217c6acffce9624cbc49d14510f099cb116737
parent	af6c771aca701c566920eac04141c16c2b7c6c91 (diff)
download	rust-plist-fuzz.tar.bz2