I have used afl.rs to fuzz all public API of this crate. And I found several cases may cause panic.
The version I fuzz on is 1.13.2
The code to replay these panics are as follows:
(1) These 2 cases are about out-of-bounds error:
panic at grapheme.rs:787, grapheme.rs:697
let mut _local0 = unicode_segmentation::GraphemeCursor::new(18229554450312027253 ,8877211129670018651 ,true);
let _ = unicode_segmentation::GraphemeCursor::prev_boundary(&mut (_local0) ," \\u{" ,8969870161476615468);
let mut _local0 = unicode_segmentation::GraphemeCursor::new(9165160804024148064 ,6944656592455360608 ,true);
let _ = unicode_segmentation::GraphemeCursor::next_boundary(&mut (_local0) ,"`111" ,6944656592455360608);
(2) These 3 cases are about unwrap error:
panic at grapheme.rs:790, grapheme.rs:415, grapheme.rs:628
let mut _local0 = unicode_segmentation::GraphemeCursor::new(3544668469065756977 ,3544668469065756977 ,false);
let _ = unicode_segmentation::GraphemeCursor::prev_boundary(&mut (_local0) ,"1111" ,14857710733020442929);
let mut _local0 = unicode_segmentation::GraphemeCursor::new(6712945236183381371 ,7017505629193139579 ,true);
let _ = unicode_segmentation::GraphemeCursor::provide_context(&mut (_local0) ,"}}}}}}" ,3493998360278433149);
let mut _local0 = unicode_segmentation::GraphemeCursor::new(3544668469065756985 ,3472609582225829921 ,true);
let _ = unicode_segmentation::GraphemeCursor::prev_boundary(&mut (_local0) ,"\u{740}ြ\u{740}\u{740}[\\E100" ,3544668469065756976);
let _ = unicode_segmentation::GraphemeCursor::next_boundary(&mut (_local0) ,"1\u{740}\u{740}[\\[|0\u{f}11-[D" ,9251902466196254769);
(3) These 3 cases are about utf-8 error(not a char boundary):
panic at grapheme.rs:787, grapheme.rs:639, grapheme.rs:611
let mut _local0 = unicode_segmentation::GraphemeCursor::new(16 ,17870283321406128129 ,false);
let _ = unicode_segmentation::GraphemeCursor::prev_boundary(&mut (_local0) ,"\0\0\u{1}\u{7f}\u{7f}\u{7f}\u{7f}\u{7f}\u{7f}\u{7f}\u{7f}\u{7f}\u{7f}\u{7f}\u{7f}ʙ\0W" ,0);
let mut _local0 = unicode_segmentation::GraphemeCursor::new(8935127994137148074 ,13811976078547984555 ,true);
let _ = unicode_segmentation::GraphemeCursor::next_boundary(&mut (_local0) ,"\u{600}\u{600}\u{b4d}ꦓ\u{f}" ,8935127994137148075);
let mut _local0 = unicode_segmentation::GraphemeCursor::new(9042521604759584127 ,6727108446334188925 ,false);
let _ = unicode_segmentation::GraphemeCursor::is_boundary(&mut (_local0) ,"}Ԟ" ,9042521604759584125);
(4) This case is about assertion failed:
panic at grapheme.rs:415
let mut _local0 = unicode_segmentation::GraphemeCursor::new(14323354221939181254 ,14339398540424824518 ,true);
let _ = unicode_segmentation::GraphemeCursor::is_boundary(&mut (_local0) ,"\u{7f}" ,14323354221939181254);
let _ = unicode_segmentation::GraphemeCursor::provide_context(&mut (_local0) ,"\0R" ,18410714726934759110);
I also placed the replay files at replay_files.
I hope you can check if these are real bugs need to be fixed. Thanks a lot.
I have used afl.rs to fuzz all public API of this crate. And I found several cases may cause panic.
The version I fuzz on is 1.13.2
The code to replay these panics are as follows:
(1) These 2 cases are about out-of-bounds error:
panic at grapheme.rs:787, grapheme.rs:697
(2) These 3 cases are about unwrap error:
panic at grapheme.rs:790, grapheme.rs:415, grapheme.rs:628
(3) These 3 cases are about utf-8 error(not a char boundary):
panic at grapheme.rs:787, grapheme.rs:639, grapheme.rs:611
(4) This case is about assertion failed:
panic at grapheme.rs:415
I also placed the replay files at replay_files.
I hope you can check if these are real bugs need to be fixed. Thanks a lot.