The GitHub Actions job "Fory CI" on fory.git/main has succeeded. Run started by GitHub user chaokunyang (triggered by chaokunyang).
Head commit for run: 209884967501428858dc1f73d2c5fc75fe8f3a7f / Peiyang He <[email protected]> fix(rust): fix several panics detected by cargo-fuzz (#3483) ## Why? Fix several new panics when feeding corner-case input found by cargo-fuzz ## What does this PR do? - In `rust/README.md`, the right command to run all tests seems to be `cargo test --workspace`. Run `cargo test --features tests` will get: <img width= "649" height="85" alt="Screenshot 2026-03-15 at 6 16 51 AM" src="https://github.com/user-attachments/assets/98f52bb3-0227-41f0-8b09-78439cb6531f"; /> - In `rust/fory-core/src/meta/type_meta.rs`, - https://github.com/apache/fory/blob/5fc06f1db45337346db4ed380906c013f1e2f3f7/rust/fory-core/src/meta/type_meta.rs#L645 will panic if `encoding_idx` exceeds the size of `encodings`. - https://github.com/apache/fory/blob/5fc06f1db45337346db4ed380906c013f1e2f3f7/rust/fory-core/src/meta/type_meta.rs#L836 will cause OOM if `num_fields` is too large. I limit the max value of `num_fields` to `i16::MAX` since `field_id` is `i16` - In `rust/fory-core/src/row/bit_util.rs`, use saturating_add/mul to prevent potential overflow panic. But would it be better to return error instead of saturating_add/mul ?🤔 - In `rust/fory-core/src/row/reader.rs`, direct access into slice using `[]` may cause out-of-bounds panic. - In `rust/fory-core/src/serializer/collection.rs`, `rust/fory-core/src/serializer/map.rs` and `rust/fory-core/src/serializer/primitive_list.rs`, we should check the remaining bytes in the buffer **before** allocating `Vec`. This can also prevent OOM. - In `rust/fory-core/src/serializer/skip.rs`, `generics.first().unwrap()` and `generics.get(1).unwrap()` will panic if the size of `generics` is not long enough. ## Related issues N/A ## AI Contribution Checklist N/A ## Does this PR introduce any user-facing change? N/A ## Benchmark This PR only adds additional check in case of corner-case input and thus won't has major influence on the performance. Report URL: https://github.com/apache/fory/actions/runs/23433960256 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
