Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fuzzer found a case that lexer panics #122

Closed
MiSawa opened this issue Mar 15, 2022 · 0 comments · Fixed by #126
Closed

Fuzzer found a case that lexer panics #122

MiSawa opened this issue Mar 15, 2022 · 0 comments · Fixed by #126
Labels
bug Something isn't working

Comments

@MiSawa
Copy link
Owner

MiSawa commented Mar 15, 2022 

$ cargo fuzz fmt xq artifacts/xq/minimized-from-37bd2336ef7f08284b31460a375dac942849b84a

Output of `std::fmt::Debug`:

(
    "\n\t{\"n3\\fbr\\uffbr\\uffb3333fffbr",
    "",
)

This can further be minimized to

#[test]
fn test_from_fuzz() {
    assert_lex(
        r#""\uffbr\uffb3"#,
        &[], // actually this isn't what we expect, but they panic before it comes to assert_eq so it's fine
    );
}

It appeared that \\uffbr part causes an InvalidToken, and then when it comes to \\uffb3, lexer.match_() actually has the invalid part left \\uffbr\\uffb3 which causes

u32::from_str_radix(&lexer.match_()[2..], 16).unwrap()

to panic. Filed osa1/lexgen#48
@MiSawa MiSawa added the bug Something isn't working label Mar 15, 2022
@MiSawa MiSawa changed the title Fuzzer found a case that panics Fuzzer found a case that lexer panics Mar 15, 2022
@MiSawa MiSawa mentioned this issue Mar 15, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Handle escaped surrogate pair MiSawa/xq
1 participant
@MiSawa