OSS-Fuzz issue 66862

[oss-fuzz-robot]

OSS-Fuzz has found a bug in this project. Please see https://oss-fuzz.com/testcase?key=6449530444775424 for details and reproducers.

This issue is mirrored from https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66862 and will auto-close if the status changes there.

If you have trouble accessing this report, please file an issue at https://github.com/google/oss-fuzz/issues/new.

[fintelia]

+----------------------------------------Release Build Stacktrace----------------------------------------+
Command: /mnt/scratch0/clusterfuzz/resources/platform/linux/unshare -c -n /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_image-png_b0e58386fac39f658accbcc17c96e929fd304259/revisions/buf_independent -rss_limit_mb=2560 -timeout=60 -runs=100 /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-6b009d9c7ae1c0a28e19116bc6b061fbea68e01f
Time ran: 0.37444591522216797
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 929925152
INFO: Loaded 1 modules   (33967 inline 8-bit counters): 33967 [0x562349469800, 0x562349471caf),
INFO: Loaded 1 PC tables (33967 PCs): 33967 [0x562349471cb0,0x5623494f67a0),
/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_image-png_b0e58386fac39f658accbcc17c96e929fd304259/revisions/buf_independent: Running 1 inputs 100 time(s) each.
Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-6b009d9c7ae1c0a28e19116bc6b061fbea68e01f
thread '<unnamed>' panicked at fuzz_targets/buf_independent.rs:78:34:
Small buffer failed Format(FormatError { inner: CorruptFlateStream { err: InsufficientInput } })
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
AddressSanitizer:DEADLYSIGNAL
=================================================================
==25374==ERROR: AddressSanitizer: ABRT on unknown address 0x05390000631e (pc 0x79d25824800b bp 0x7ffd00ce9970 sp 0x7ffd00ce96e0 T0)
    #0 0x79d25824800b in raise /build/glibc-SzIz7B/glibc-2.31/sysdeps/unix/sysv/linux/raise.c:51:1
    #1 0x79d258227858 in abort /build/glibc-SzIz7B/glibc-2.31/stdlib/abort.c:79:7
    #2 0x5623492ed7d6 in std::sys::pal::unix::abort_internal::hef0064a96a744e94 /rustc/bb594538fc6e84213a6b8d5e165442570aa48923/library/std/src/sys/pal/unix/mod.rs:370:14
    #3 0x562348fc6076 in std::process::abort::h53224d60b9ff9b4f /rustc/bb594538fc6e84213a6b8d5e165442570aa48923/library/std/src/process.rs:2279:5
    #4 0x562349218934 in libfuzzer_sys::initialize::_$u7b$$u7b$closure$u7d$$u7d$::h08832693b52eac7c /rust/git/checkouts/libfuzzer-sys-e07fde05820d7bc6/35ce7d7/src/lib.rs:51:9
    #5 0x5623492e287f in _$LT$alloc..boxed..Box$LT$F$C$A$GT$$u20$as$u20$core..ops..function..Fn$LT$Args$GT$$GT$::call::h0f1d4fd9cb21869d /rustc/bb594538fc6e84213a6b8d5e165442570aa48923/library/alloc/src/boxed.rs:2030:9
    #6 0x5623492e287f in std::panicking::rust_panic_with_hook::h55549baaf7aa2e9c /rustc/bb594538fc6e84213a6b8d5e165442570aa48923/library/std/src/panicking.rs:786:13
    #7 0x5623492e25c1 in std::panicking::begin_panic_handler::_$u7b$$u7b$closure$u7d$$u7d$::ha0f2b022514542bd /rustc/bb594538fc6e84213a6b8d5e165442570aa48923/library/std/src/panicking.rs:660:13
    #8 0x5623492dfb75 in std::sys_common::backtrace::__rust_end_short_backtrace::h710104fb518da581 /rustc/bb594538fc6e84213a6b8d5e165442570aa48923/library/std/src/sys_common/backtrace.rs:171:18
    #9 0x5623492e22f3 in rust_begin_unwind /rustc/bb594538fc6e84213a6b8d5e165442570aa48923/library/std/src/panicking.rs:648:5
    #10 0x562348fc8a04 in core::panicking::panic_fmt::h98f81ca1314e2b14 /rustc/bb594538fc6e84213a6b8d5e165442570aa48923/library/core/src/panicking.rs:72:14
    #11 0x5623490c4b1a in buf_independent::png_compare::h9104ec2be2af6235 image-png/fuzz/fuzz_targets/buf_independent.rs:78:34
    #12 0x5623490c4b1a in rust_fuzzer_test_input image-png/fuzz/fuzz_targets/buf_independent.rs:48:13
    #13 0x562349218997 in __rust_try libfuzzer_sys.dff32f7e85d577af-cgu.0:0
    #14 0x56234921856b in std::panicking::try::h6288855f969a0d3c /rustc/bb594538fc6e84213a6b8d5e165442570aa48923/library/std/src/panicking.rs:519:19
    #15 0x56234921856b in std::panic::catch_unwind::hdafd46eff12a62ea /rustc/bb594538fc6e84213a6b8d5e165442570aa48923/library/std/src/panic.rs:142:14
    #16 0x56234921856b in LLVMFuzzerTestOneInput /rust/git/checkouts/libfuzzer-sys-e07fde05820d7bc6/35ce7d7/src/lib.rs:25:22
    #17 0x562349236fe3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #18 0x562349222742 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
    #19 0x562349227fec in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
    #20 0x562349251522 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #21 0x79d258229082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/libc-start.c:308:16
    #22 0x562348fc9e8d in _start
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT (/lib/x86_64-linux-gnu/libc.so.6+0x4300b) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
==25374==ABORTING

clusterfuzz-testcase-minimized-buf_independent-6449530444775424.zip