Some panic cases found by afl.rs #972
Description
I have used afl.rs to fuzz all public API of the crate. And I found several cases may cause panic. The version I fuzz on is newest version. The code to replay these panics are as follows:
These 4 cases are about range start index out of range for slice error:
let _local0 = regex::Regex::new("\0\0\0\0$");
let _local1_param0_helper1 = _local0.unwrap();
let _local1 = regex::Regex::find_at(&(_local1_param0_helper1), "\r\0\u{1}\u{e}a", 2449958197290798336);
let _local2_param0_helper1 = _local1.unwrap();
regex::Match::end(&(_local2_param0_helper1));
let _local0 = regex::RegexBuilder::new("$");
let _local1 = regex::RegexBuilder::build(&(&_local0));
let _local2_param0_helper1 = _local1.unwrap();
regex::Regex::shortest_match_at(&(_local2_param0_helper1), "{S", 8897841259371199355);
let _local0 = regex::Regex::new("$$$$$$$$$$");
let _local1_param0_helper1 = _local0.unwrap();
let _local1 = regex::Regex::find_at(&(_local1_param0_helper1), "$$$$$$$$$$$", 2604246222170760228);
let _local2_param0_helper1 = _local1.unwrap();
regex::Match::end(&(_local2_param0_helper1));
let _local0 = regex::Regex::new("(\0\0\0\0\0\0\u{10}|\0\0\0\0\0)\0\0\0\0\0\0\0\0\0\u{10}|\0\0\0\0\0\0\0");
let _local1_param0_helper1 = _local0.unwrap();
let _local1 = regex::Regex::find_at(&(_local1_param0_helper1),
"\0\u{4}\0*****\u{17}***************\0\0\0\0\0\0\0\0\0\0", 35184372153856);
let _local2_param0_helper1 = _local1.unwrap();
regex::Match::end(&(_local2_param0_helper1));
These 3 cases are about out-of-bound error:
let _local0 = regex::Regex::new("[\\\\-^]\0\0\0\0\0\0\0\0\0\0\u{1}\0\0\0\0\u{3}\0\0\0\0\u{1e}\0\u{3}r\u{1}\0\u{f}\0\u{3}r|\u{17}\u{10}\0\0r|\0\0\0%\u{17}\u{10}\0\0r|\0\0");
let _local1_param0_helper1 = _local0.unwrap();
let _local1 = regex::Regex::find_at(&(_local1_param0_helper1),
"\0%r|\0r|\0\u{2}\0\u{3}\0\0|\u{17}\u{10}\0\0r|\0\0\u{1}\0\0\0\0\0\u{3}r|\u{17}\u{10}\0\0r\0\0\0\0\0#Y@\u{1}\u{1}\u{1}\u{1}\u{1}\u{1}\u{1}\u{1}\u{1}\u{1}\u{1}\u{1}",
15924992);
let _local2_param0_helper1 = _local1.unwrap();
regex::Match::end(&(_local2_param0_helper1));
let _local0 = regex::RegexSet::empty();
let _local1 = regex::RegexSet::matches(&(_local0), "\u{19}\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t2");
regex::SetMatches::matched(&(_local1), 9153857652018186505);
let _local0 = regex::bytes::RegexSet::empty();
let _local1 = regex::bytes::RegexSet::matches(&(_local0), &[137, 137, 137, 137, 137, 137, 137, 137, 137, 137, 137, 137, 137, 137, 137, 138]);
regex::bytes::SetMatches::matched(&(_local1), 9910603678816504201);
This case is about arithmetic overflow:
let _local0 = regex::Regex::new("E\0|\u{741}");
let _local1_param0_helper1 = _local0.unwrap();
let _local1 = regex::Regex::capture_locations(&(_local1_param0_helper1));
regex::CaptureLocations::get(&(_local1) ,9238929028971069751);
I also put these replay codes and more data that may cause panic on replays.
I hope you can check if these are real bugs need to be fixed. Thanks a lot.