Various panics found through go-fuzz

[akrennmair]

Hi,

Just wanted to let you that I tested go-plist using go-fuzz and the following code snippet:

func Fuzz(data []byte) int {
    buf := bytes.NewReader(data)

    var obj interface{}
    if err := NewDecoder(buf).Decode(&obj); err != nil {
        return 0
    }
    return 1
}

The tool found several panics. In order to reproduce this, you can find the files here in my Google Drive: https://drive.google.com/file/d/0B8eVqk16QdZ6Y21mTm8zZnVGZlE/view

The .output files contain the respective stack traces. The file without any suffix contains the actual data fed to the Fuzz function. The .quoted file contains the file content as string that is usable in unit tests.

[DHowett]

Thanks! I'll shore up the library as I find time in the coming few days!

[DHowett]

(I'm now using go-fuzz, starting with your crashers and a corpus of valid property lists. Thanks so much for the report/s.)

[DHowett]

A fair few of these are fixed, thanks to you reporting this. There are a couple crashers in text.go that I'm working on the right solution to, but binary and xml plist parsing are far more resilient.

[DHowett]

I'm leaving the issue open as a discussion and placeholder for future fuzzing issues.

[DHowett]

After all of the above fixes, I ran go-fuzz for ~25 minutes and didn't hit any more crashers other than #23, which will require a minor architectural change to fix.
Closing this in favor of tracking individual issues.

Thanks again, @akrennmair!