-
Notifications
You must be signed in to change notification settings - Fork 255
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[fuzz-test] Arithmetic overflow occurs while using API Layout::split() #520
Comments
Please update the info to just the ratatui info (not the tui-rs repo). Tui-rs will likely never receive more updates AFAICT. You mentioned this affects layout::split, but the code examples are for Rect::inner. Can you please test these against the main branch rather than the released code, and add a permalink instead of pasting code directly Lines 522 to 532 in 5498a88
You might find it quicker to submit a PR to fix some of these fuzz issues rather than type up a full issue. That arithmetic for inner() should be saturating. |
TODO:
|
The overflow path starts from Sorry for hard-looking sample codes, it's used on fuzzers. I'll simplify the issue and open the pr. |
I'm not concerned about it. It would be nice to show the code from Ratatui rather than Tui, and if possible with a github permalink (these help show the problem in the context). I wonder how hard it would be to make the fuzzer your're using do that by default (or is the issue text here manually created)? The url format is pretty easy to construct given the filename, lines and git hash. E.g.: Can you retest this is fixed? What fuzzer are you using for this? |
Lines 228 to 242 in c5ea656
This also has been fixed on #523 . We're using |
Thanks again for this :) |
Description
I executed fuzzing to test tui-0.19.0 APIs. This reproduced on ratatui as well. More than one overflow occurs for different input values while running
Layout::split()
. I'll just list up 3 cases with fuzz inputs for reproduce.To Reproduce
case 1
fuzz input :
(65535, 18503, 64000, 61439, 64, 255, 18443)
case 2
fuzz input :
(65535, 65535, 65535, 65535, 65535, 65535, 65535)
case 3
fuzz input :
(18504, 65535, 18504, 18504, 1, 18504, 18504)
Expected behavior
Adding assert statement or modifying to use checked operation would resolve this issue.
The text was updated successfully, but these errors were encountered: