Crashes found by honggfuzz

[killercup]

Howdy! This is a 🐛 bug report for two crashes I found with the following fuzzer script that you can also find in rust-fuzz/targets#114:

pub fn fuzz_sleep_parser_header(data: &[u8]) {
    if let Ok(header) = sleep_parser::Header::from_vec(data) {
        sleep_parser::Header::from_vec(&header.to_vec()).unwrap();
    }
}

Should this assertion of from_vec¹ -> to_vec -> from_vec hold?

If yes, with data as either of

• b"\x05\x02W\x01\x00\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xfb\x03p\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xb0\xbb9\xb0\xf5\xf5"
• b"\x05\x02W\x01\x00\x00\x00\x12\x12\x12\x00\x00S\xc3\xcf\x8a2\xcc\xd1\xce9\xc4K\x9343\x00602\xb5\x07"

the current git master crashes. I have not investigated further.

---

¹ Why is this called from_vec when it takes a slice? I'd probably call it from_bytes which is more precise.

[yoshuawuyts]

Awesome, this is a great find! It shouldn't ever be crashing tbh, so we should probably fix this!

edit: yeah, it should probably be called from_bytes, haha. Good one!

[yoshuawuyts]

@killercup by the way, do you maybe still have the code for the fuzzer? Would be great if we could check it in for future parts :D

[killercup]

The code is in rust-fuzz/targets#114 but i can make a PR to add it here too

Edit: #5

[yoshuawuyts]

Woah, didn't realize sleep-parser was in the test suite :D That's great!