fix(rust): fix several panics detected by cargo-fuzz by BaldDemian · Pull Request #3483 · apache/fory

BaldDemian · 2026-03-15T12:49:23Z

Why?

Fix several new panics when feeding corner-case input found by cargo-fuzz

In rust/README.md, the right command to run all tests seems to be cargo test --workspace. Run cargo test --features tests will get:
In rust/fory-core/src/meta/type_meta.rs,
- fory/rust/fory-core/src/meta/type_meta.rs
  
  Line 645 in 5fc06f1
  
  let encoding = encodings[encoding_idx as usize];
  
  will panic if encoding_idx exceeds the size of encodings.
- fory/rust/fory-core/src/meta/type_meta.rs
  
  Line 836 in 5fc06f1
  
  let mut field_infos = Vec::with_capacity(num_fields);
  
  will cause OOM if num_fields is too large. I limit the max value of num_fields to i16::MAX since field_id is i16
In rust/fory-core/src/row/bit_util.rs, use saturating_add/mul to prevent potential overflow panic. But would it be better to return error instead of saturating_add/mul ?🤔
In rust/fory-core/src/row/reader.rs, direct access into slice using [] may cause out-of-bounds panic.
In rust/fory-core/src/serializer/collection.rs, rust/fory-core/src/serializer/map.rs and rust/fory-core/src/serializer/primitive_list.rs, we should check the remaining bytes in the buffer before allocating Vec. This can also prevent OOM.
In rust/fory-core/src/serializer/skip.rs, generics.first().unwrap() and generics.get(1).unwrap() will panic if the size of generics is not long enough.

N/A

N/A

N/A

This PR only adds additional check in case of corner-case input and thus won't has major influence on the performance.

BaldDemian requested review from chaokunyang and theweipeng as code owners March 15, 2026 12:49

fix(rust): fix several panics detected by cargo-fuzz

ffe3ad1

BaldDemian force-pushed the cargo-fuzz-fix branch from 797f4c3 to ffe3ad1 Compare March 15, 2026 12:55