{"id":13594331,"url":"https://github.com/rust-fuzz/trophy-case","last_synced_at":"2025-05-15T16:01:58.447Z","repository":{"id":39351961,"uuid":"86652161","full_name":"rust-fuzz/trophy-case","owner":"rust-fuzz","description":"🏆 Collection of bugs uncovered by fuzzing Rust code","archived":false,"fork":false,"pushed_at":"2025-04-16T18:30:21.000Z","size":227,"stargazers_count":430,"open_issues_count":6,"forks_count":53,"subscribers_count":16,"default_branch":"master","last_synced_at":"2025-04-17T03:25:49.382Z","etag":null,"topics":["fuzz-testing","fuzzing","rust","trophies"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc0-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rust-fuzz.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-03-30T02:55:41.000Z","updated_at":"2025-04-16T18:30:24.000Z","dependencies_parsed_at":"2025-02-09T13:01:32.521Z","dependency_job_id":"f49f8662-be50-4226-af5d-f2c8c8f7cfa7","html_url":"https://github.com/rust-fuzz/trophy-case","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rust-fuzz%2Ftrophy-case","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rust-fuzz%2Ftrophy-case/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rust-fuzz%2Ftrophy-case/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rust-fuzz%2Ftrophy-case/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rust-fuzz","download_url":"https://codeload.github.com/rust-fuzz/trophy-case/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254374388,"owners_count":22060609,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fuzz-testing","fuzzing","rust","trophies"],"created_at":"2024-08-01T16:01:31.853Z","updated_at":"2025-05-15T16:01:58.428Z","avatar_url":"https://github.com/rust-fuzz.png","language":null,"readme":"# 🏆 Trophy Case 🏆\n\nA showcase of bugs found via fuzz testing Rust codebases. It serves multiple purposes:\n\n- Help the community see what issues are common in Rust codebases (useful when e.g. designing APIs)\n- Increase visibility of effective fuzz testing targets so people can reuse testing strategies\n- Provide insight into common issues they can expect to find if they use a certain fuzzer\n\nThese bugs aren't nearly as serious as the [memory-safety issues afl has discovered](http://lcamtuf.coredump.cx/afl/#bugs) in C and C++ projects. That's because Rust is memory-safe by default! Have you fuzzed Rust code and found a bug? Please consider adding it to this table via a pull request!\n\nSecurity issues are marked with a ❗️ in the \"Security?\" column. Denial of service, including panics and out-of-memory, are not considered security issues.\n\nCrate | Information | Fuzzer | Category | Security?\n----- | ----------- | ------ | ---------|----------\nalloy-json-abi | [Stack Overflow in JsonAbi::parse](https://github.com/alloy-rs/core/issues/702) | libfuzzer | `so`\nartichoke | [infinite loop in bison-generated C code](https://github.com/mruby/mruby/issues/5676) | libfuzzer | `loop`\nasn1 | [#32](https://github.com/alex/rust-asn1/issues/32) | afl | `oom`\nasync-h1 | [non-ASCII input to method](https://github.com/http-rs/async-h1/issues/187) | libfuzzer | `panic`\nbcrypt | [indexing on non-utf8 boundry](https://github.com/Keats/rust-bcrypt/issues/62) | libfuzzer | `utf-8`\nbincode | [invalid system time panic](https://github.com/bincode-org/bincode/pull/469) | libfuzzer | `panic`\nbincode | [invalid duration panic](https://github.com/bincode-org/bincode/pull/465) | libfuzzer | `panic`\nbmfont | [panic on unwrapping](https://github.com/netgusto/rust-bmfont/issues/2) | libfuzzer | `panic`\nboa | [invalid spans](https://github.com/boa-dev/boa/issues/771) | honggfuzz | `logic`\nboa | [Could not convert to BigInt](https://github.com/boa-dev/boa/issues/772) | honggfuzz | `logic`\nboa | [invalid utf16](https://github.com/boa-dev/boa/issues/778) | honggfuzz | `logic`\nboa | [assignment to number](https://github.com/boa-dev/boa/issues/779) | honggfuzz | `logic`\nboa | [division by zero](https://github.com/boa-dev/boa/issues/780) | honggfuzz | `arith`\nboa | [assertion failure](https://github.com/boa-dev/boa/issues/1768) | libfuzzer | `panic`\nbrotli-rs | [#10](https://github.com/ende76/brotli-rs/issues/10) | afl | `panic`\nbrotli-rs | [#11](https://github.com/ende76/brotli-rs/issues/11) | afl | `panic`\nbrotli-rs | [#12](https://github.com/ende76/brotli-rs/issues/12) | afl | `panic`\nbrotli-rs | [#2](https://github.com/ende76/brotli-rs/issues/2) | afl | `panic`\nbrotli-rs | [#3](https://github.com/ende76/brotli-rs/issues/3) | afl | `panic`\nbrotli-rs | [#4](https://github.com/ende76/brotli-rs/issues/4) | afl | `panic`\nbrotli-rs | [#5](https://github.com/ende76/brotli-rs/issues/5) | afl | `oor`\nbrotli-rs | [#6](https://github.com/ende76/brotli-rs/issues/6) | afl | `arith`\nbrotli-rs | [#7](https://github.com/ende76/brotli-rs/issues/7) | afl | `oor`\nbrotli-rs | [#8](https://github.com/ende76/brotli-rs/issues/8) | afl | `arith`\nbrotli-rs | [#9](https://github.com/ende76/brotli-rs/issues/9) | afl | `arith`\nbson | [#116](https://github.com/zonyitoo/bson-rs/issues/116) | libfuzzer | `oom`\nbson | [multiple bugs, including arithmetic overflow](https://github.com/zonyitoo/bson-rs/issues/64) | libfuzzer | `arith`, `other`, `unwrap`\nbson | [arithmetic overflow leading to out of memory](https://github.com/mongodb/bson-rust/issues/243) | libfuzzer | `arith`, `oom`\ncapnproto-rust | [Multiple bugs, including a memory safety bug](https://dwrensha.github.io/capnproto-rust/2017/02/27/cargo-fuzz.html) | libfuzzer | | ❗️\ncapnproto-rust | [reddit](https://www.reddit.com/r/rust/comments/89y5eo/fuzzing_as_a_service_startup_looking_for_rust/dwueuww/), [`e72746c`](https://github.com/capnproto/capnproto-rust/commit/e72746cdd4c672a4b8881ed2ed0375b69d1afb3a) | libfuzzer | `logic`\ncapnproto-rust | [Out-of-bounds read](https://dwrensha.github.io/capnproto-rust/2022/11/30/out_of_bounds_memory_access_bug.html) | libfuzzer | `oor` | ❗️\nchrono | [overflow in date arithmetic](https://github.com/chronotope/chrono/issues/645) | libfuzzer | `arith`\nchrono | [panic in checked_add_days](https://github.com/chronotope/chrono/pull/941) | libfuzzer + [bolero](https://camshaft.github.io/bolero/) | `panic`\nclap | [issue/2264](https://github.com/clap-rs/clap/issues/2264) | afl | `utf-8`\nclaxon | [0fd8815](https://github.com/ruuda/claxon/commit/0fd88158a4d29c27f8218a324505583906228289) | libfuzzer | `unwrap`\nclaxon | [21b1db4](https://github.com/ruuda/claxon/commit/21b1db4a7891afdd453ee60085afc92cf61913ca) | libfuzzer | `oor`\nclaxon | [875c3b2](https://github.com/ruuda/claxon/commit/875c3b2e76326a5672af9d9ac8f7f36def514834) | libfuzzer | `logic`\nclaxon | [c036944](https://github.com/ruuda/claxon/commit/c036944b93ed8f96701d39b3a76392d30fc12d19) | libfuzzer | `logic`\nclaxon | [Massive slowdown on malformed input](https://github.com/ruuda/claxon/commit/0ec74f400cf71b376be59b16d7411d951d5eaecc) | libfuzzer | `other`\nclaxon | [Memory disclosure on malformed input](https://github.com/ruuda/claxon/issues/10)  | afl + [libdiffuzz](https://github.com/Shnatsel/libdiffuzz) | `uninit` | ❗️\ncomrak | [#65](https://github.com/kivikakk/comrak/pull/65) | libfuzzer | `oor`\ncookie | [indexing on non-utf8 boundry](https://github.com/SergioBenitez/cookie-rs/issues/178) | libfuzzer | `utf-8`\ncpp_demangle | [Multiple panics](https://github.com/fitzgen/cpp_demangle/pull/41) | afl | `unwrap`, `arith`\ncranelift | [#418](https://github.com/CraneStation/cranelift/issues/418) | libfuzzer | `logic`\ncsscolorparser | [indexing on non-utf8 boundry](https://github.com/mazznoer/csscolorparser-rs/pull/7) | libfuzzer | `utf-8`\ncssparser | [floating-point parsing imprecision](https://github.com/servo/rust-cssparser/issues/167) | libfuzzer | `logic`\ncursive | [grapheme boundary correctness](https://github.com/gyscos/cursive/issues/489) | libfuzzer | `utf-8`\ndeflate-rs | [#40](https://github.com/image-rs/deflate-rs/issues/40) | afl | `logic`\ndeflate-rs | [#42](https://github.com/image-rs/deflate-rs/issues/42) | afl | `logic`\nder | [arithmetic overflow leading to index out of bounds](https://github.com/RustCrypto/formats/pull/447) | libfuzzer | `arith`\nder-parser | [arithmetic overflow](https://github.com/rusticata/der-parser/issues/2) | libfuzzer | `arith`\ndhcp4r | [#6](https://github.com/krolaw/dhcp4r/issues/6) | libfuzzer | `oor`\nencoding_rs | [#44](https://github.com/hsivonen/encoding_rs/issues/44) | afl | `logic`\nexmex | [#8](https://github.com/bertiqwerty/exmex/issues/8) | honggfuzz | `arith`, `logic`\nexmex | [#13](https://github.com/bertiqwerty/exmex/issues/13) | libfuzzer | `utf-8`\nfatfs | [arithmetic overflow](https://github.com/rafalh/rust-fatfs/issues/56) | libfuzzer | `arith`\nflac | [#3](https://github.com/sourrust/flac/issues/3) | afl | `oom`\nflac | [index out of bounds](https://github.com/sourrust/flac/issues/11) | libfuzzer | `oor`\nflatgeobuf | [#85](https://github.com/bjornharrtell/flatgeobuf/issues/85) | libfuzzer | `oom`\nflatgeobuf | [#86](https://github.com/bjornharrtell/flatgeobuf/issues/86) | libfuzzer | `oor`\nflif | [#26](https://github.com/dgriffen/flif.rs/pull/26) | libfuzzer | `oom`\nfontdue | [arithmetic overflow](https://github.com/mooman219/fontdue/issues/35) | libfuzzer | `arith`\nfontdue | [slow parsing](https://github.com/mooman219/fontdue/issues/97) | libfuzzer | `other`\ngeo | [#531](https://github.com/georust/geo/issues/531) | libfuzzer | `logic`\ngeo | [#536](https://github.com/georust/geo/issues/536) | libfuzzer | `logic`\ngoblin | [memory exhaustion](https://github.com/m4b/goblin/issues/120) | afl | `oom`\ngoblin | [memory exhaustion](https://github.com/m4b/goblin/pull/298) | libfuzzer | `oom`\nh2 | [#260](https://github.com/carllerche/h2/pull/260) | honggfuzz | `oor`\nh2 | [#261](https://github.com/carllerche/h2/pull/261) | honggfuzz | `panic`\nh2 | [#262](https://github.com/carllerche/h2/pull/262) | honggfuzz | `panic`\nh2 | [assertion failure](https://github.com/hyperium/h2/issues/581) | libfuzzer | `panic`\nhandlebars | [index out of bounds](https://github.com/sunng87/handlebars-rust/pull/430) | libfuzzer | `oor`\nhandlebars | [unwrap panic](https://github.com/sunng87/handlebars-rust/issues/427) | libfuzzer | `unwrap`\nhjson-rust | [invalid utf8](https://github.com/hjson/hjson-rust/issues/19) | libfuzzer | `utf-8`\nhjson-rust | [subtract with overflow](https://github.com/hjson/hjson-rust/issues/20) | libfuzzer | `arith`\nhjson-rust | [removal index (is 0) should be \u003c len](https://github.com/hjson/hjson-rust/issues/21) | libfuzzer | `logic`\nhjson-rust | [panics on ParseIntError](https://github.com/hjson/hjson-rust/issues/22) | libfuzzer | `arith`\nhttparse | [#9](https://github.com/seanmonstar/httparse/issues/9) | afl | `arith`\nhttpdate | [accepted dates like \"May 35\"](https://pyfisch.org/blog/fuzzing-all-crates/) | libfuzzer | `logic`, `arith`\nhttpdate | [panic on \"no character boundary\"](https://pyfisch.org/blog/fuzzing-all-crates/) | libfuzzer | `utf-8`\nhuman-name | [several panics](https://github.com/djudd/human-name/blob/540321097277498c3977f25fdd0801aed9e96ce1/src/lib.rs#L660-L687) | libfuzzer | `logic`, `arith`\nhyper | [arithmetic overflow](https://github.com/hyperium/hyper/pull/1076) | libfuzzer | `arith`\nimage | [#1238](https://github.com/image-rs/image/issues/1238) | afl | `oor`\nimage | [#414](https://github.com/PistonDevelopers/image/issues/414) | afl | `logic`\nimage | [#473](https://github.com/PistonDevelopers/image/issues/473) | afl | `arith`\nimage | [#474](https://github.com/PistonDevelopers/image/issues/474) | afl | `unwrap`\nimage | [#477](https://github.com/PistonDevelopers/image/issues/477) | afl | `oor`\nimage | [#622](https://github.com/PistonDevelopers/image/issues/622) | libfuzzer | `oom`\nimage | [#623](https://github.com/PistonDevelopers/image/issues/623) | libfuzzer | `oom`\nimage | [#624](https://github.com/PistonDevelopers/image/issues/624) | libfuzzer | `oom`\nimage | [#625](https://github.com/PistonDevelopers/image/issues/625) | libfuzzer | `oor`\nimage | [#876](https://github.com/PistonDevelopers/image/issues/876) | afl | `oor`\nimage | [#877](https://github.com/PistonDevelopers/image/issues/877) | afl | `arith`\nimage | [#878](https://github.com/PistonDevelopers/image/issues/878) | afl | `oor`\nimage | [Failed to break on an EOF](https://github.com/PistonDevelopers/image/issues/868) | afl | `oor`\nimage | [arithmetic overflow](https://github.com/image-rs/image/pull/1563) | libfuzzer | `arith`\nimage-gif | [infinite loop](https://github.com/image-rs/image-gif/issues/101) | libfuzzer | `loop`\ninflate | [arithmetic overflow](https://github.com/PistonDevelopers/inflate/issues/14) | libfuzzer | `arith`\nipfix | [index out of bounds](https://github.com/DominoTree/rs-ipfix/issues/1) | libfuzzer | `oor`\njpeg-decoder | [#38](https://github.com/image-rs/jpeg-decoder/issues/38) | afl | `unwrap`\njpeg-decoder | [#50](https://github.com/image-rs/jpeg-decoder/issues/50) | afl | `oom`\njpeg-decoder | [arithmetic overflow](https://github.com/image-rs/jpeg-decoder/issues/69) | libfuzzer | `arith`\njpeg-decoder | [180](https://github.com/image-rs/jpeg-decoder/issues/180) | libfuzzer | `logic`\njpeg-decoder | [arithmetic overflow](https://github.com/image-rs/jpeg-decoder/pull/206) | libfuzzer | `arith`\njson-rust | [arithmetic overflow](https://github.com/maciejhirsz/json-rust/issues/139) | afl | `arith`\njson-rust | [issue/193](https://github.com/maciejhirsz/json-rust/issues/193) | afl | `panic`  \njsonschema | [issue/253](https://github.com/Stranger6667/jsonschema-rs/issues/253) | libfuzzer | `oor`  \njuniper | [panic on \"no character boundary\"](https://github.com/graphql-rust/juniper/pull/645) | libfuzzer | `utf-8`\njust | [#363](https://github.com/casey/just/issues/363) | libfuzzer | `logic`\nkalker | [index out of bounds](https://github.com/PaddiM8/kalker/issues/57) | libfuzzer | `oor`\nlewton | [enormous CPU and memory consumption on crafted input](https://github.com/RustAudio/lewton/issues/35) | afl | `other`\nlewton | [index out of bounds](https://github.com/RustAudio/lewton/issues/27) | honggfuzz | `oor`\nlewton | [index out of bounds](https://github.com/RustAudio/lewton/issues/33) | afl | `oor`\nlewton | [index out of bounds](https://github.com/RustAudio/lewton/issues/42) | afl | `oor`\nlewton | [index out of bounds](https://github.com/RustAudio/lewton/issues/44) | afl | `oor`\nlewton | [infinite loop](https://github.com/RustAudio/lewton/issues/46) | afl | `loop`\nlewton | [large CPU and memory consumption on crafted input](https://github.com/RustAudio/lewton/issues/41) | afl | `other`\nlewton | [memory exhaustion due to integer underflow](https://github.com/RustAudio/lewton/issues/32) | afl | `arith`, `oom`\nlewton | [memory exhaustion](https://github.com/RustAudio/lewton/issues/43) | afl | `oom`\nlexical | [arithmetic overflow](https://github.com/Alexhuszagh/rust-lexical/commit/466a63395e8d890cfa1fb650abb6e78fafe11771) | libfuzzer | `arith`\nlexical | [arithmetic overflow](https://github.com/Alexhuszagh/rust-lexical/commit/cc8778384e6d77031b45aef2cb9cb831670573d6) | libfuzzer | `arith`\nlexical | [Out-of-bounds read in unsafe code](https://github.com/Alexhuszagh/rust-lexical/commit/cc8778384e6d77031b45aef2cb9cb831670573d6) | libfuzzer | `oor`\nlibflate | [258cf44](https://github.com/sile/libflate/commit/258cf4430eb7e65bf904460b0334edcefb5d41a3) | honggfuzz | `oor`\nlibflate | [6157daa](https://github.com/sile/libflate/commit/6157daa468bc2d5c332c055570bfddefce3f5a3b) | honggfuzz | `panic`\nlibflate | [dc77163](https://github.com/sile/libflate/commit/dc77163c1cddf15a847f6217b4d838724dee5be0) | honggfuzz | `unwrap`\nlibflate | [Out-of-bounds read in unsafe code](https://github.com/sile/libflate/issues/16) | afl | `oor`\nlibflate | [internal assertion failure](https://github.com/sile/libflate/issues/64) | libfuzzer | `panic`\nlibpnet | [arithmetic overflow](https://github.com/libpnet/libpnet/pull/250) | libfuzzer | `arith`\nlibstd | [overflow in range bounds calculation on Vec::drain](https://github.com/rust-lang/rust/issues/74909) | [rutenspitz] | `arith`\nlodepng-rust | [memory leak](https://github.com/kornelski/lodepng-rust/issues/28) | libfuzzer | `oom`\nlopdf | [arithmetic overflow](https://github.com/J-F-Liu/lopdf/issues/153) | libfuzzer | `arith`\nlz-fear | [index out of bounds](https://github.com/main--/rust-lz-fear/issues/7) | libfuzzer | `oor`\nlz-fear | [index out of bounds](https://github.com/main--/rust-lz-fear/issues/8) | libfuzzer | `oor`\nlz-fear | [memory exhaustion](https://github.com/main--/rust-lz-fear/issues/6) | libfuzzer | `oom`\nlz4_flex | [memcpy-param-overlap](https://github.com/PSeitz/lz4_flex/commit/286ea4cf103078b5b814ef91b62fb2b4e038bceb#diff-2ccf95c39e3fe83bf326d3a07d4c388adb75795bc263b3622e0f804e033d5a0fR216) | libfuzzer | `other`\nlz4_flex | [heap-buffer-overflow](https://github.com/PSeitz/lz4_flex/commit/ce92fbf28c94a0f1f6ebc711c86d854e2c9e5622) | libfuzzer | `oor` | ❗️ \nlzma-rs | [behavior mismatch with reference implementation](https://github.com/gendx/lzma-rs/issues/35) | libfuzzer | `logic`\nmatchit | [invalid utf-8](https://github.com/ibraheemdev/matchit/issues/3) | libfuzzer | `utf-8`\nminidump | [#7](https://github.com/luser/rust-minidump/issues/7) | libfuzzer | `panic`\nminidump | [unbounded allocation](https://github.com/luser/rust-minidump/issues/381) | libfuzzer | `oom`\nminidump | [slicing out of bounds](https://github.com/luser/rust-minidump/pull/406) | libfuzzer | `oor`\nminidump | [creating backwards ranges](https://github.com/luser/rust-minidump/issues/407) | libfuzzer | `panic`\nminidump | [add with overflow #413](https://github.com/luser/rust-minidump/issues/413) | libfuzzer | `arith`\nminidump | [add with overflow #422](https://github.com/luser/rust-minidump/issues/422) | libfuzzer | `arith`\nminidump | [add with overflow #425](https://github.com/luser/rust-minidump/pull/425) | libfuzzer | `arith`\nminidump | [infinitely extending vec OOM](https://github.com/luser/rust-minidump/issues/428) | libfuzzer | `oom`\nminidump | [subtract with overflow #439](https://github.com/luser/rust-minidump/issues/439) | libfuzzer | `arith`\nminidump | [index OOB](https://github.com/luser/rust-minidump/issues/440) | libfuzzer | `oor`\nminiz_oxide | [Infinite loop exhausting memory](https://github.com/Frommi/miniz_oxide/commit/b53177a36853e265943fb01159da0fa99ebd430d) | libfuzzer | `loop`, `oom`\nminiz_oxide | [Infinite loop](https://github.com/Frommi/miniz_oxide/commit/91c23bdbd54f60f91a34a299a08ef55ff68e6f15) | libfuzzer | `loop`\nMolten | [#41](https://github.com/LeopoldArkham/Molten/issues/41) | libfuzzer | `utf-8`\nMolten | [#42](https://github.com/LeopoldArkham/Molten/issues/42) | libfuzzer | `oor`\nmongo_driver | [#55](https://github.com/thijsc/mongo-rust-driver/issues/55) | libfuzzer | `unwrap`\nmp3-metadata | [Multiple panics](https://github.com/GuillaumeGomez/mp3-metadata/pull/9) | afl | `oor`\nmp4ameta | [unbounded allocation](https://github.com/Saecki/rust-mp4ameta/issues/25) | libfuzzer | `oom`\nmp4parse-rust | [#2](https://github.com/mozilla/mp4parse-rust/issues/2) | afl | `panic`\nmp4parse-rust | [#4](https://github.com/mozilla/mp4parse-rust/issues/4) | afl | `panic`\nmp4parse-rust | [#5](https://github.com/mozilla/mp4parse-rust/issues/5) | afl | `panic`\nmp4parse-rust | [#6](https://github.com/mozilla/mp4parse-rust/issues/6) | afl | `panic`\nmsgpack-rust | [#151](https://github.com/3Hren/msgpack-rust/issues/151) | afl | `oom`\nnaga | [slicing not on a character boundary](https://github.com/gfx-rs/naga/issues/90) | libfuzzer | `utf-8`\nncurses-rs | [string with \\0](https://github.com/jeaye/ncurses-rs/issues/196) | libfuzzer | `unwrap`\nnifti | [out of bounds array slicing](https://github.com/Enet4/nifti-rs/pull/43) | libfuzzer | `oor`\nnom | [arithmetic overflow](https://github.com/Geal/nom/pull/486) | libfuzzer | `arith`\nnpy-rs | [arithmetic overflow due to incorrect parameter declaration](https://github.com/potocpav/npy-rs/pull/2) | libfuzzer | `arith`, `logic`\nntfs | [multiply with overflow](https://github.com/ColinFinck/ntfs/issues/1) | libfuzzer | `arith`\nntfs | [index OOB](https://github.com/ColinFinck/ntfs/issues/2) | libfuzzer | `oor`\nntp | [panic caused by unwrap on invalid input](https://github.com/JeffBelgum/ntp/commit/f23ded23c26a5326dae249905d298e8c5f51d371) | libfuzzer | `unwrap`\nnum | [panic on `BigInt` parsing](https://github.com/rust-num/num/issues/268) | libfuzzer | `unwrap`\npade | [index out of bounds and assertion failure](https://github.com/SorellaLabs/pade/pull/1) | [test-fuzz](https://github.com/trailofbits/test-fuzz/) | `panic`\npancurses | [string with \\0](https://github.com/ihalila/pancurses/issues/77) | libfuzzer | `unwrap`\nparity | [panic on `BasicDecoder` unchecked addition](https://github.com/paritytech/parity/issues/6226) | libfuzzer | `arith`\npcapng | [arithmetic overflow](https://github.com/richo/pcapng-rs/issues/6) | libfuzzer | `arith`\npdf | [index out of bounds](https://github.com/pdf-rs/pdf/pull/105) | libfuzzer | `oor`\npdf | [infinite loop](https://github.com/pdf-rs/pdf/issues/103) | libfuzzer | `loop`\npdf | [stack overflow (unbounded recursion)](https://github.com/pdf-rs/pdf/issues/121) | libfuzzer | `so`\npdf | [stack overflow (unbounded recursion)](https://github.com/pdf-rs/pdf/issues/121#issuecomment-1003432668) | libfuzzer | `so`\npdf | [stack overflow (unbounded recursion)](https://github.com/pdf-rs/pdf/issues/121#issuecomment-1003575433) | libfuzzer | `so`\npdf | [stack overflow (unbounded recursion)](https://github.com/pdf-rs/pdf/issues/121#issuecomment-1003581020) | libfuzzer | `so`\npdf | [index out of bounds #122](https://github.com/pdf-rs/pdf/issues/122) | libfuzzer | `oor`\npdf | [index out of bounds #123](https://github.com/pdf-rs/pdf/issues/123) | libfuzzer | `oor`\npdf | [index out of bounds #124](https://github.com/pdf-rs/pdf/pull/124) | libfuzzer | `oor`\npdf | [index out of bounds #126](https://github.com/pdf-rs/pdf/issues/126) | libfuzzer | `oor`\npgp | [subtract with overflow](https://github.com/rpgp/rpgp/issues/146) | libfuzzer | `arith`\nphonenumber | [internal unwrap](https://github.com/rustonaut/rust-phonenumber/issues/43) | libfuzzer | `unwrap`\npicky | [#10](https://github.com/Devolutions/picky-rs/pull/10) | libfuzzer | `unwrap`\npicky-asn1-der | [#10](https://github.com/Devolutions/picky-rs/pull/10) | libfuzzer | `arith`, `oom`, `oor`\nplist | [arithmetic overflow](https://github.com/ebarnard/rust-plist/pull/71) | libfuzzer | `arith`\npng | [crash on malformed input](https://github.com/PistonDevelopers/image-png/issues/103) | afl | `oom`\npng | [incorrect buffer size due to integer overflow](https://github.com/PistonDevelopers/image-png/issues/80) | afl | `arith`, `oom`\npng | [infinite loop on crafted input](https://github.com/PistonDevelopers/image-png/issues/217) | libfuzzer | `loop`\npng | [panic on malformed input](https://github.com/PistonDevelopers/image-png/issues/222) | libfuzzer | `oor`\npng | [panic on malformed input](https://github.com/PistonDevelopers/image-png/issues/79) | libfuzzer | `unwrap`\npng | [panic on malformed input](https://github.com/PistonDevelopers/image-png/issues/79#issuecomment-400560072) | libfuzzer | `oor`\npng | [panic on malformed input](https://github.com/PistonDevelopers/image-png/issues/79#issuecomment-400646862) | afl | `unwrap`, `logic`\nprettytable-rs | [subtract with overflow](https://github.com/phsym/prettytable-rs/issues/130) | libfuzzer | `arith`\nproc-macro2 | [#54](https://github.com/alexcrichton/proc-macro2/issues/54) | afl | `utf-8`\nproc-macro2 | [#55](https://github.com/alexcrichton/proc-macro2/issues/55) | afl | `so`\nprost | [Stack overflow](https://github.com/tokio-rs/prost/issues/267) | afl | `so`\npulldown-cmark | [arithmetic overflow](https://github.com/raphlinus/pulldown-cmark/issues/352) | libfuzzer | `arith`\npulldown-cmark | [Overflow ParseIntError](https://github.com/google/pulldown-cmark/issues/49) | libfuzzer | `unwrap`\npulldown-cmark | [Panics and infinite loop](https://github.com/google/pulldown-cmark/issues/81) | libfuzzer | `loop`, `utf-8`, `oor`\npulldown-cmark | [string slice out of bounds](https://github.com/raphlinus/pulldown-cmark/issues/521) | libfuzzer | `oor`\npulldown-cmark | [beginning more than end slice index](https://github.com/raphlinus/pulldown-cmark/issues/561) | libfuzzer | `oor`\npulldown-cmark | [option unwrap parsing heading attributes](https://github.com/raphlinus/pulldown-cmark/issues/571) | libfuzzer | `unwrap`\nquick-xml | [arithmetic overflow](https://github.com/tafia/quick-xml/issues/53) | libfuzzer | `arith`\nquick-xml | [arithmetic overflow](https://github.com/tafia/quick-xml/pull/55/commits/53a5c099df585dd65382ffd7f2912728eaa764d5) | libfuzzer | `arith`\nquick-xml | [index out of bounds](https://github.com/tafia/quick-xml/issues/94) | libfuzzer | `oor`\nquick-xml | [internal unreachable panic](https://github.com/tafia/quick-xml/issues/344) | libfuzzer | `panic`\nrasn | [failed round trip](https://github.com/XAMPPRocky/rasn/issues/57) | libfuzzer | `logic`\nrawloader | [abort on huge memory allocation](https://github.com/pedrocr/rawloader/commit/aaf584b4b10d859c9fb60c63d70c3d4437969c39) | afl | `oom`\nrav1e | [Invalid assertion in rate control](https://github.com/xiph/rav1e/pull/1630) | libfuzzer | `panic`\nrav1e | [LRF crash when encoding tiny frames](https://github.com/xiph/rav1e/pull/1797) | libfuzzer | `panic`\nrav1e | [CDEF UV direction mismatch for 4:2:2](https://github.com/xiph/rav1e/pull/2224) | libfuzzer | `logic`\nrav1e | [Safe wrappers for-sys dav1d](https://github.com/xiph/rav1e/pull/2225) | libfuzzer | `logic`\nrav1e | [Crash with 4 tiles for 1080p 4:2:2](https://github.com/xiph/rav1e/pull/2302) | libfuzzer | `logic`\nrav1e | [Buffer underflow in CDEF pad_into_tmp16](https://github.com/xiph/rav1e/pull/2536) | libfuzzer | `so`\nrav1e | [Tiling mismatch for 4:2:2](https://github.com/xiph/rav1e/pull/2537) | libfuzzer | `logic`\nrav1e | [Encode-decode mismatch ](https://github.com/xiph/rav1e/issues/1636) | libfuzzer | `logic`\nrav1e | [Crash on width or height of 1](https://github.com/xiph/rav1e/pull/2644) | libfuzzer | `panic`\nrav1e | [Encoder admits invalid color configuration](https://github.com/xiph/rav1e/issue/2586) | libfuzzer | `logic`\nraven-uxn | [Three incorrect opcode implementations](https://github.com/mkeeter/raven/pull/13) | libfuzzer | `logic`\nredis | [Multiplication overflow panics in the parser](https://github.com/redis-rs/redis-rs/pull/1145) | afl | `arith`\nregex | [#417](https://github.com/rust-lang/regex/issues/417) | afl | `utf-8`\nregex | [#84](https://github.com/rust-lang/regex/issues/84) | afl | `unwrap`\nregex | [called Option::unwrap() on a None value](https://github.com/rust-lang/regex/issues/465) | honggfuzz | `unwrap`\nregex | [index out of bounds](https://github.com/rust-lang/regex/issues/464) | honggfuzz | `oor`\nregex | [regex parsing panics](https://github.com/rust-lang/regex/pull/349) with [blog post](https://www.nibor.org/blog/fuzzing-is-magic---or-how-i-found-a-panic-in-rusts-regex-library/) | libfuzzer | `unwrap`\nregex | [Unexpected match branch](https://github.com/rust-lang/regex/issues/465) | honggfuzz | `logic`\nregex | [issue/738](https://github.com/rust-lang/regex/issues/738) | afl | `arith`, `oor`, `utf-8`\nreth | [Encode-decode mismatch](https://github.com/paradigmxyz/reth/pull/5153) | [test-fuzz](https://github.com/trailofbits/test-fuzz/) | `logic`\nrisuto | [server DoS on user input date out of range](https://github.com/Ekleog/risuto/commit/9c23cc863d7d346e8a5e61e98eb99431cf39896f) | libfuzzer + [bolero](https://camshaft.github.io/bolero/) | `panic`\nrisuto | [server DoS on user input date during a timezone change](https://github.com/Ekleog/risuto/commit/1a439709abd02b2e83c65a0b4688b591420c534c) | libfuzzer + [bolero](https://camshaft.github.io/bolero/) | `panic`\nrmpv | [Unchecked vector pre-allocation](https://github.com/3Hren/msgpack-rust/issues/151) | afl | `oom`\nron | [stack overflow (unbounded recursion)](https://github.com/ron-rs/ron/issues/307) | libfuzzer | `so`\nron | [Maps are wrapped in a sequence](https://github.com/ron-rs/ron/issues/338) | libfuzzer | `logic`\nroughenough | [handle truncated message](https://github.com/int08h/roughenough/commit/f1f4af2cdfa6f46a58038ca0551c6353d819ac57) | afl | `oor`\nroughenough | [incorrect range check fix](https://github.com/int08h/roughenough/commit/ed267f79b0bc070c5c63e5936db79e9d5aced30c) | libfuzzer | `logic`\nroughenough | [reject messages with zero tags](https://github.com/int08h/roughenough/commit/1b21bbc074b8acd146abce50e520eef84bbbec2d) | afl | `logic`, `oor`\nroughenough | [reject short single tag messages](https://github.com/int08h/roughenough/commit/e0d15dc1d9bfbd92518916dbfc306cda32c47ff3) | afl | `logic`, `oor`\nroughenough | [return Error instead of panicking](https://github.com/int08h/roughenough/commit/1ce57a140bcdd1c0c6dfbef1403a1aa11e2240ae) | afl | `panic`\nroughenough | [validate tag offset not past end of message](https://github.com/int08h/roughenough/commit/a029e5073603bf33f64c7550451d32d6ac62963c) | afl | `logic`\nroughenough | [validate value offset not pass end of message](https://github.com/int08h/roughenough/commit/9656fdab0f702ccd784a2e50eabcf94809bc31b5) | afl | `logic`\nruint | [Encode-decode mismatch](https://github.com/recmo/uint/pull/335) | [test-fuzz](https://github.com/trailofbits/test-fuzz/) | `logic`\nrust-ini | [invalid codepoint](https://github.com/zonyitoo/rust-ini/issues/75) | libfuzzer | `utf-8`\nrustc | [#24275](https://github.com/rust-lang/rust/issues/24275) | afl | `other`\nrustc | [#50577](https://github.com/rust-lang/rust/issues/50577) | [prog-fuzz] | `logic`\nrustc | [#50582](https://github.com/rust-lang/rust/issues/50582) | [prog-fuzz] | `logic`\nrustc | [#50585](https://github.com/rust-lang/rust/issues/50585) | [prog-fuzz] | `logic`\nrustc | [#50600](https://github.com/rust-lang/rust/issues/50600) | [prog-fuzz] | `logic`\nrustc | [#50637](https://github.com/rust-lang/rust/issues/50637) | [prog-fuzz] | `loop`\nrustc | [#51070](https://github.com/rust-lang/rust/pull/51070) | [prog-fuzz] | `logic`\nrustc | #62524 #62546 #62554 #62863 #62881 #62894 #62895 #62913 #62973 #63116 #63135 #66473 #68629 #68730 #68890 #69130 #69310 #69378 #69396 #69401 #69600 #69602 #70549 #70552 #70594 #70608 #70677 #70724 #70736 #70763 #70813 #70942 #71297 #71471 #71798 #72410 #84104 #84117 #84148 #84149 #86895 #88770 #92267 | [fuzz-rustc] | `utf-8`, `panic`, `oom`, `loop`, `oor`, `unwrap`\nrustc-demangle | [multiply with overflow](https://github.com/alexcrichton/rustc-demangle/issues/9) | libfuzzer | `arith`\nrustc-serialize | [#109](https://github.com/rust-lang/rustc-serialize/issues/109) | afl | `arith`\nrustc-serialize | [#110](https://github.com/rust-lang/rustc-serialize/issues/110) | afl | `panic`\nsemver | [logic error](https://github.com/steveklabnik/semver/issues/116#issuecomment-311215219) | libfuzzer | `logic`\nsemver | [issue/227](https://github.com/steveklabnik/semver/issues/227) | afl | `unwrap`\nSequoia-PGP | [#514](https://gitlab.com/sequoia-pgp/sequoia/-/issues/514) | libfuzzer | `arith`\nSequoia-PGP | [#515](https://gitlab.com/sequoia-pgp/sequoia/-/issues/515) | libfuzzer | `utf-8`\nSequoia-PGP | [#516](https://gitlab.com/sequoia-pgp/sequoia/-/issues/516) | libfuzzer | `oor`\nSequoia-PGP | [#516](https://gitlab.com/sequoia-pgp/sequoia/-/issues/517) | libfuzzer | `oor`\nserde | [#75](https://github.com/serde-rs/serde/issues/75) | afl | `arith`\nserde | [#77](https://github.com/serde-rs/serde/issues/77) | afl | `arith`\nserde | [#82](https://github.com/serde-rs/serde/issues/82) | afl | `so`\nserde-yaml | [#49](https://github.com/dtolnay/serde-yaml/issues/49) | libfuzzer | `so`\nserde-yaml | [#88](https://github.com/dtolnay/serde-yaml/pull/88) | libfuzzer | `logic`\nsimd-json | [NUL bytes allowed inside JSON](https://github.com/simd-lite/simd-json/issues/357) | libfuzzer | `logic`\nsimple_asn1 | [#9](https://github.com/acw/simple_asn1/pull/9) | libfuzzer | `arith`, `oor`\nsleep-parser | [#3](https://github.com/datrs/sleep-parser/issues/3) | honggfuzz | `oor`, `utf-8`\nsmoltcp | [arithmetic underflow](https://github.com/m-labs/smoltcp/commit/b33d867385e0f256f558d1268fa2c73470b7f34a) | libfuzzer | `arith`\nsmoltcp | [index out of bounds](https://github.com/m-labs/smoltcp/commit/181083f18c977b8a0463a67e360e4db20594fa21) | libfuzzer |  `oor`\nsmoltcp | [index out of bounds](https://github.com/m-labs/smoltcp/commit/2582d1573de37f23d77ed2b1e491d095c920ccfc) | libfuzzer | `oor`\nsmoltcp | [index out of bounds](https://github.com/m-labs/smoltcp/commit/2989fa334885916e9c8c76216a60b28c371a54cb) | libfuzzer | `oor`\nsmoltcp | [index out of bounds](https://github.com/m-labs/smoltcp/commit/31073835998016eb70982c69d0f2e5390dbc19b3) | libfuzzer | `oor`\nsmoltcp | [index out of bounds](https://github.com/m-labs/smoltcp/commit/3f43be8d8450db19fd427f48e8c658561591da1f) | libfuzzer | `oor`\nsmoltcp | [index out of bounds](https://github.com/m-labs/smoltcp/commit/c8ae7bdc219b82c62ee3410893fcc6d7455d64b0) | libfuzzer |  `oor`\nsmoltcp | [index out of bounds](https://github.com/m-labs/smoltcp/commit/ed2c376628b6566b0e48af2ca5a942d9fa288b9a) | libfuzzer | `oor`\nsnap | [#12](https://github.com/BurntSushi/rust-snappy/issues/12) | libfuzzer | `oor`\nsnmp-parser | [panic on unwrapping](https://github.com/rusticata/snmp-parser/issues/2) | libfuzzer | `unwrap`\nsoroban-env | [incorrect comparison functions](https://github.com/stellar/rs-soroban-env/pull/762) | libfuzzer | `logic`\nsoroban-env | [incorrect comparison functions](https://github.com/stellar/rs-soroban-env/pull/767) | libfuzzer | `logic`\nsoroban-env | [incorrect conversion](https://github.com/stellar/rs-soroban-env/pull/765) | libfuzzer | `logic`\nsqlformat | [panic on unwrapping error due to failure to parse int](https://github.com/shssoichiro/sqlformat-rs/issues/12) | libfuzzer | `unwrap`\nsqlparser | [stack overflow (unbounded recursion)](https://github.com/sqlparser-rs/sqlparser-rs/issues/305) | libfuzzer | `so`\nssh-keys | [#3](https://github.com/tailhook/ssh-keys/issues/3) | afl | `oor`\nssh-keys | [panic on slice indexing](https://github.com/tailhook/ssh-keys/issues/1) | libfuzzer | `oor`\nssh-parser | [arithmetic overflow](https://github.com/rusticata/ssh-parser/issues/1) | libfuzzer | `arith`\nsszb | [advance out of bounds, overflow](https://github.com/ghiliweld/sszb/pull/1) | [test-fuzz](https://github.com/trailofbits/test-fuzz/) | `panic`, `arith`\nstellar-xdr | [incorrect comparison functions](https://github.com/stellar/stellar-xdr/pull/78) | libfuzzer | `logic`\nstrftime-ruby | [panic on large padding with reduced rustc format args width and precision](https://github.com/artichoke/strftime-ruby/pull/172) | libfuzzer | `panic`\nstrftime-ruby | [partial write of multibyte UTF-8 character to `core::fmt::Write`](https://github.com/artichoke/strftime-ruby/pull/181) | libfuzzer | `utf-8`\nsvgparser | [arithmetic overflow, bound checking panic, incorrect result](https://github.com/RazrFalcon/libsvgparser/commit/4742f16e834445a682a0a4db62600d275a457390) | libfuzzer | `arith`, `oor`, `logic`\nsvgparser | [endless loop](https://github.com/RazrFalcon/libsvgparser/commit/c55d9a7d4d1e83f405be2e7bfddea89f579f6fc9) | libfuzzer | `loop`\nswf-parser | [#23](https://github.com/open-flash/swf-parser/issues/23) | libfuzzer | `logic`\nsxd-document | [use after free](https://github.com/shepmaster/sxd-document/issues/47) | libfuzzer | `uaf` | ❗️\nsymbolic-demangle | [extremely slow demangling, OOM](https://github.com/getsentry/symbolic/issues/477) | libfuzzer | `oom`\nsymbolic-minidump | [segfault in exposed C++ library](https://github.com/getsentry/symbolic/issues/478) | libfuzzer | `segfault` | ❗️\nsymbolic-unreal | [unbounded allocation](https://github.com/getsentry/symbolic/issues/476) | libfuzzer | `oom`\nsymphonia | [panic on unwrapping](https://github.com/pdeljanov/Symphonia/pull/58) | libfuzzer | `unwrap`\nsyn | [Unrecognized literal](https://github.com/dtolnay/syn/issues/897) | libfuzzer | `logic`\nsyn | [panic when parsing impl](https://github.com/dtolnay/syn/issues/1108) | libfuzzer | `logic`\ntar-rs | [#23](https://github.com/alexcrichton/tar-rs/issues/23) | afl | `arith`\ntera | [#396](https://github.com/Keats/tera/issues/396) | libfuzzer | `arith`, `logic`\ntera | [unimplemented panic](https://github.com/Keats/tera/issues/657) | libfuzzer | `panic`\ntf-demo-parser | [arithmetic overflow leading to out of memory](https://github.com/demostf/parser/issues/2) | libfuzzer | `arith`, `oom`\ntiff | [index out of bounds](https://github.com/PistonDevelopers/image-tiff/issues/28) | afl | `oor`\ntiff | [infinite loop on malformed input](https://github.com/PistonDevelopers/image-tiff/issues/31) | afl | `loop`\ntiff | [memory exhaustion on malformed input](https://github.com/PistonDevelopers/image-tiff/issues/29) | afl | `oom`\ntiff | [panic on attempt to divide by zero](https://github.com/PistonDevelopers/image-tiff/issues/33) | afl | `arith`\ntime | [issue/309](https://github.com/time-rs/time/issues/309) | afl | `panic`, `arith`\ntinytemplate | [beginning more than end on string slicing](https://github.com/bheisler/TinyTemplate/issues/22) | libfuzzer | `oor`\ntinyvec | [arithmetic underflow](https://github.com/Lokathor/tinyvec/pull/14) | [rutenspitz] | `arith`\ntinyvec | [resize() could set incorrect size for inline storage](https://github.com/Lokathor/tinyvec/pull/16) | [rutenspitz] | `logic`\ntinyvec | [swap_remove() for last element worked incorrectly](https://github.com/Lokathor/tinyvec/pull/15) | [rutenspitz] | `logic`\ntodotxt.rs | [index out of bounds](https://github.com/kstep/todotxt.rs/issues/1) | libfuzzer | `oor`\ntokei | [panic](https://github.com/XAMPPRocky/tokei/issues/727) | libfuzzer | `oor`\ntokei | consistency [#725](https://github.com/XAMPPRocky/tokei/issues/725) | libfuzzer | `logic`\ntoml | [#178](https://github.com/alexcrichton/toml-rs/issues/178) | libfuzzer | `logic`\ntoml | [#179](https://github.com/alexcrichton/toml-rs/issues/179) | libfuzzer | `logic`\ntoml | [#180](https://github.com/alexcrichton/toml-rs/issues/180) | libfuzzer | `logic`\ntoml | [#181](https://github.com/alexcrichton/toml-rs/issues/181) | libfuzzer | `logic`\ntoml | [#185](https://github.com/alexcrichton/toml-rs/issues/185) | libfuzzer | `logic`\ntoml | [#186](https://github.com/alexcrichton/toml-rs/issues/186) | libfuzzer | `logic`\ntoml | [stack overflow (unbounded recursion)](https://github.com/alexcrichton/toml-rs/issues/428) | libfuzzer | `so`\ntoml_edit | [stack overflow (unbounded recursion)](https://github.com/ordian/toml_edit/issues/206) | libfuzzer | `so`\ntrust-dns-proto | [Incorrect length check in Encoding](https://github.com/bluejekyll/trust-dns/issues/1570) | libfuzzer | `logic`\ntrust-dns-proto | [ZERO resouce records are mis-parsed](https://github.com/bluejekyll/trust-dns/issues/1571) | libfuzzer | `logic`\ntrust-dns-proto | [Incorrect handling of escapes](https://github.com/bluejekyll/trust-dns/issues/1575) | libfuzzer | `logic`\nttf-parser | [infinite loop](https://github.com/RazrFalcon/ttf-parser/issues/79) | libfuzzer | loop\nttf-parser | [assertion failure](https://github.com/RazrFalcon/ttf-parser/issues/80) | libfuzzer | `panic`\ntui | [issue/446](https://github.com/fdehau/tui-rs/issues/446) | afl | `arith` \nubyte | [multiply with overflow when parsing fractional number](https://github.com/SergioBenitez/ubyte/issues/5) | libfuzzer | `arith`\nunicode-segmentation | [grapheme boundary correctness](https://github.com/unicode-rs/unicode-segmentation/issues/19) | libfuzzer | `logic`\nunicode-segmentation | [word boundary correctness](https://github.com/unicode-rs/unicode-segmentation/issues/20) | libfuzzer | `logic`\nunified-diff | [lines before 1, with no context](https://github.com/notriddle/rust-unified-diff/commit/e7e8a91d74b6d26d7fbcd50dcbe056e0d8e4c03f#diff-b1a35a68f14e696205874893c07fd24fdb88882b47c23cc0e0c80a30c7d53759R260) | libFuzzer | `logic`\nurl | [#108](https://github.com/servo/rust-url/pull/108) | afl | `oor`\nurl | [infinite loop](https://github.com/servo/rust-url/issues/692) | libfuzzer | `loop`\nurl | [slicing error](https://github.com/servo/rust-url/issues/654) | afl | `oor`  \nurl | [out of index](https://github.com/servo/rust-url/issues/656) | afl | `oor`  \nurl | [failed round trip parse](https://github.com/servo/rust-url/issues/729) | libfuzzer | `logic`\nuuid | [index out of bounds](https://github.com/rust-lang-nursery/uuid/pull/81) | libfuzzer | `oor`\nv_escape | [heap buffer overflow](https://gitlab.com/r-iendo/v_escape/issues/2) | libfuzzer | `oor` | ❗️ \nvial | [arithmetic overflow](https://github.com/sigaloid/vial/issues/5) | libfuzzer | `arith`\nvosub | [arithmetic overflow](https://github.com/emk/subtitles-rs/commit/3afdb7e1c5e786e88653253243648dd9d49983f2) | libfuzzer | `arith`\nvosub | [invalid slice](https://github.com/emk/subtitles-rs/commit/20e430105b1fc02aa135788ba150a0dd49a7d1ef) | libfuzzer | `oor`\nvosub | [invalid slice](https://github.com/emk/subtitles-rs/commit/46df766dd22cb6a04a534611f08c23903e58746c) | libfuzzer | `oor`\nvosub | [invalid slice](https://github.com/emk/subtitles-rs/commit/f2f5309aa8173dfec4bb5816950d718a1ac669c2) | libfuzzer | `panic`\nvosub | [shift overflow](https://github.com/emk/subtitles-rs/commit/5d3364b96389d90deac0f024a57660951b7e1dd6) | libfuzzer | `arith`\nwasmparser.rs | [arithmetic overflow](https://github.com/yurydelendik/wasmparser.rs/issues/21#issuecomment-310253956) | libfuzzer | `arith`\nwayland-rs | [#187](https://github.com/Smithay/wayland-rs/pull/187) | libfuzzer | `oor` | \nws-rs | [arithmetic overflow](https://github.com/housleyjk/ws-rs/pull/179) | libfuzzer | `arith`\nxi-editor | [issue/1303](https://github.com/xi-editor/xi-editor/issues/1303) | afl | `arith`  \nxml-rs | [#93](https://github.com/netvl/xml-rs/issues/93) | afl | `utf-8`\nxml-rs | [arithmetic overflow](https://github.com/netvl/xml-rs/issues/204) | libfuzzer | `arith`\nyaxpeax-x86 | [#12 arithmetic overflow](https://github.com/iximeow/yaxpeax-x86/issues/12) | libfuzzer | `arith`\nyaxpeax-x86 | [#13 arithmetic overflow](https://github.com/iximeow/yaxpeax-x86/issues/13) | libfuzzer | `arith`\nyaxpeax-x86 | [#15 arithmetic overflow](https://github.com/iximeow/yaxpeax-x86/issues/15) | libfuzzer | `arith`\nzip-rs | [arithmetic overflow](https://github.com/mvdnes/zip-rs/issues/40) | libfuzzer | `arith`\nzip-rs | [arithmetic overflow](https://github.com/zip-rs/zip/issues/234) | libfuzzer | `arith`\nzune-jpeg | [heap buffer overflow](https://github.com/etemesi254/zune-jpeg/issues/10) | libfuzzer | `oor` | ❗️\n\n[fuzz-rustc]: https://github.com/dwrensha/fuzz-rustc/#bugs-found\n[prog-fuzz]: https://github.com/rust-fuzz/trophy-case/issues/36#issuecomment-388740655\n[rutenspitz]: https://github.com/jakubadamw/rutenspitz\n\n## Description of categories:\n\n* `arith`: Arithmetic error, eg. overflows\n* `logic`: Logic bug\n* `loop`: Infinite loop\n* `oom`: Out of memory\n* `oor`: Out of range access\n* `segfault`: Program segfaulted\n* `so`: Stack overflow\n* `uaf`: Use after free\n* `uninit`: Program discloses contents of uninitialized memory\n* `unwrap`: Call to `unwrap` on `None` or `Err(_)`\n* `utf-8`: Problem with UTF-8 strings handling, eg. get a char not at a char boundary\n* `panic`: A panic not covered by any of the above\n* `other`: Anything that does not fit in another category, or unclear what the problem is\n","funding_links":[],"categories":["Others","miscellaneous"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frust-fuzz%2Ftrophy-case","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frust-fuzz%2Ftrophy-case","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frust-fuzz%2Ftrophy-case/lists"}