[PR] fix(rust): fix several panics detected by cargo-fuzz [fory]

Sun, 15 Mar 2026 05:49:36 -0700 


BaldDemian opened a new pull request, #3483:
URL: https://github.com/apache/fory/pull/3483

   ## Why?
   
   Fix several new panics when feeding corner-case input found by cargo-fuzz
   
   ## What does this PR do?
   - In `rust/README.md`, the right command to run all tests seems to be `cargo 
test --workspace`. Run `cargo test --features tests` will get: 
     <img width= "649" height="85" alt="Screenshot 2026-03-15 at 6 16 51 AM" 
src="https://github.com/user-attachments/assets/98f52bb3-0227-41f0-8b09-78439cb6531f";
 />
   
   - In `rust/fory-core/src/meta/type_meta.rs`, 
     - 
https://github.com/apache/fory/blob/5fc06f1db45337346db4ed380906c013f1e2f3f7/rust/fory-core/src/meta/type_meta.rs#L645
       will panic if `encoding_idx` exceeds the size of `encodings`.
     - 
https://github.com/apache/fory/blob/5fc06f1db45337346db4ed380906c013f1e2f3f7/rust/fory-core/src/meta/type_meta.rs#L836
       will cause OOM if `num_fields` is too large. I limit the max value of 
`num_fields` to `i16::MAX` since `field_id` is `i16`
   
   - In `rust/fory-core/src/row/bit_util.rs`, use saturating_add/mul to prevent 
potential overflow panic. But would it be better to return error instead of 
saturating_add/mul ?🤔
   
   - In `rust/fory-core/src/row/reader.rs`, direct access into slice using `[]` 
may cause out-of-bounds panic.
     
   - In `rust/fory-core/src/serializer/collection.rs`, 
`rust/fory-core/src/serializer/map.rs` and 
`rust/fory-core/src/serializer/primitive_list.rs`, we should check the 
remaining bytes in the buffer **before** allocating `Vec`. This can also 
prevent OOM.
   
   - In `rust/fory-core/src/serializer/skip.rs`, `generics.first().unwrap()` 
and `generics.get(1).unwrap()` will panic if the size of `generics` is not long 
enough.
   
   ## Related issues
   N/A
   
   ## AI Contribution Checklist
   
   N/A
   
   ## Does this PR introduce any user-facing change?
   
   N/A
   
   ## Benchmark
   
   This PR only adds additional check in case of corner-case input and thus 
won't has major influence on the performance.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to