Heap allocation size failed

[nyw0102]

🐛 Bug Description

During Fuzzing testing, the "Heap allocation size failed" crash occurs. It seems the size of input file is so large that it exceeds the size of heap area.

twiggy version:0.7.0

🌍 Test Case

Upload the test case and link to it here. For example, a .wasm file that
Twiggy fails to parse.

twiggy_crashes.zip

👟 Steps to Reproduce

Run twiggy top -r test_case

😲 Actual Behavior

Here is ASAN log:

==534465==ERROR: AddressSanitizer: requested allocation size 0x121f9f9f8d8 (0x121f9fa08d8 after adjustments for alignment, red zones etc.) exceeds maximum supported size of 0x10000000000 (thread T0)
    #0 0x5584dfde1dff in malloc /rustc/llvm/src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3
    #1 0x5584e08d474f in alloc::raw_vec::RawVecInner$LT$A$GT$::try_allocate_in::h02fb9c56e7189ba4 (/home/nyw0102/FoundBugs/twiggy/target/x86_64-unknown-linux-gnu/debug/twiggy+0x105974f) (BuildId: dd98140a0481917409218190cb66651705c2fc89)
    #2 0x5584e006fe3a in alloc::raw_vec::RawVecInner$LT$A$GT$::with_capacity_in::hbb59a5362c146075 /rustc/9322d183f45e0fd5a509820874cc5ff27744a479/library/alloc/src/raw_vec.rs:423:15
    #3 0x5584dfff7d12 in alloc::raw_vec::RawVec$LT$T$C$A$GT$::with_capacity_in::hab62a71c3db72127 /rustc/9322d183f45e0fd5a509820874cc5ff27744a479/library/alloc/src/raw_vec.rs:194:20
    #4 0x5584dfff7d12 in alloc::vec::Vec$LT$T$C$A$GT$::with_capacity_in::h911fd09836b57273 /rustc/9322d183f45e0fd5a509820874cc5ff27744a479/library/alloc/src/vec/mod.rs:803:20
    #5 0x5584dfff7d12 in alloc::vec::Vec$LT$T$GT$::with_capacity::h9ef1203b859b069a /rustc/9322d183f45e0fd5a509820874cc5ff27744a479/library/alloc/src/vec/mod.rs:483:9
    #6 0x5584dff12196 in object::read::macho::MachOFile::parse::heca7b96bee486baa /home/nyw0102/.cargo/registry/src/index.crates.io-6f17d22bba15001f/object-0.17.0/src/read/macho.rs:38:21
    #7 0x5584dff15d22 in object::read::any::File::parse::h243dabcf0a3a949f /home/nyw0102/.cargo/registry/src/index.crates.io-6f17d22bba15001f/object-0.17.0/src/read/any.rs:119:63
    #8 0x5584dfe2e927 in twiggy_parser::object_parse::parse::hbdcf2e85d988e757 /home/nyw0102/FoundBugs/twiggy/parser/object_parse/mod.rs:32:30
    #9 0x5584dfe126e1 in twiggy_parser::parse_other::h47ebdb1aa04a0a70 /home/nyw0102/FoundBugs/twiggy/parser/./parser.rs:101:5
    #10 0x5584dfe11c93 in twiggy_parser::parse_auto::h95f41ad780ccaa7c /home/nyw0102/FoundBugs/twiggy/parser/./parser.rs:72:19
    #11 0x5584dfe11257 in twiggy_parser::read_and_parse::h3ccf8014f39c1ea2 /home/nyw0102/FoundBugs/twiggy/parser/./parser.rs:34:36
    #12 0x5584dfe0e708 in twiggy::run::h6042b8980fe67370 /home/nyw0102/FoundBugs/twiggy/twiggy/./twiggy.rs:21:21
    #13 0x5584dfe0de9c in twiggy::main::hb6da1dbcbf73bd14 /home/nyw0102/FoundBugs/twiggy/twiggy/./twiggy.rs:14:21
    #14 0x5584dfe0f98a in core::ops::function::FnOnce::call_once::h0aaa6ae14e176da5 /rustc/9322d183f45e0fd5a509820874cc5ff27744a479/library/core/src/ops/function.rs:250:5
    #15 0x5584e08bc13d in core::ops::function::impls::_$LT$impl$u20$core..ops..function..FnOnce$LT$A$GT$$u20$for$u20$$RF$F$GT$::call_once::h1043265cd580ed94 /rustc/9322d183f45e0fd5a509820874cc5ff27744a479/library/core/src/ops/function.rs:284:13
    #16 0x5584e08bc13d in std::panicking::try::do_call::hb5c29842f49b5948 /rustc/9322d183f45e0fd5a509820874cc5ff27744a479/library/std/src/panicking.rs:557:40
    #17 0x5584e08bc13d in std::panicking::try::h04f863188af5f3b4 /rustc/9322d183f45e0fd5a509820874cc5ff27744a479/library/std/src/panicking.rs:520:19
    #18 0x5584e08bc13d in std::panic::catch_unwind::h72fdd0df4ae3366f /rustc/9322d183f45e0fd5a509820874cc5ff27744a479/library/std/src/panic.rs:358:14
    #19 0x5584e08bc13d in std::rt::lang_start_internal::_$u7b$$u7b$closure$u7d$$u7d$::h7414bcd7e2ab39f1 /rustc/9322d183f45e0fd5a509820874cc5ff27744a479/library/std/src/rt.rs:174:48
    #20 0x5584e08bc13d in std::panicking::try::do_call::h38b2c552d6579f14 /rustc/9322d183f45e0fd5a509820874cc5ff27744a479/library/std/src/panicking.rs:557:40
    #21 0x5584e08bc13d in std::panicking::try::h739c9016fd0bbae4 /rustc/9322d183f45e0fd5a509820874cc5ff27744a479/library/std/src/panicking.rs:520:19
    #22 0x5584e08bc13d in std::panic::catch_unwind::h3c0759403b79e69b /rustc/9322d183f45e0fd5a509820874cc5ff27744a479/library/std/src/panic.rs:358:14
    #23 0x5584e08bc13d in std::rt::lang_start_internal::hcb6e57c5b744c08d /rustc/9322d183f45e0fd5a509820874cc5ff27744a479/library/std/src/rt.rs:174:20
    #24 0x5584dfe11728 in std::rt::lang_start::h52ff4ddbd26879f5 /rustc/9322d183f45e0fd5a509820874cc5ff27744a479/library/std/src/rt.rs:194:17
    #25 0x5584dfe0f6ad in main (/home/nyw0102/FoundBugs/twiggy/target/x86_64-unknown-linux-gnu/debug/twiggy+0x5946ad) (BuildId: dd98140a0481917409218190cb66651705c2fc89)

==534465==HINT: if you don't care about these errors you may set allocator_may_return_null=1
SUMMARY: AddressSanitizer: allocation-size-too-big (/home/nyw0102/FoundBugs/twiggy/target/x86_64-unknown-linux-gnu/debug/twiggy+0x105974f) (BuildId: dd98140a0481917409218190cb66651705c2fc89) in alloc::raw_vec::RawVecInner$LT$A$GT$::try_allocate_in::h02fb9c56e7189ba4
==534465==ABORTING

🤔 Expected Behavior

Memory safe code that does not contain "Heap allocation size failed" bug. I think limiting the size of input file might be helpful.

[bjorn3]

This is not an actual memory safety issue. ASAN just rejects malloc calls with a size above a certain threshold. These malloc calls are practically guaranteed to return NULL, which is completely safe and correctly interpreted by libstd as allocation failure, reporting an error and aborting the process. If you want to bypass the ASAN error, see the hint in the ASAN report:

HINT: if you don't care about these errors you may set allocator_may_return_null=1