Fuzz error in at_rule

[killercup]

Hey, saw your 0.9 release! Congrats!

I've just run the fuzzer from rust-fuzz/targets#119 again on the current master and it gave me some semi-useful output (see below). It seems to point to this line:

rsass/src/parser/mod.rs

Line 190 in 5181e8f

from_utf8(&s).unwrap().trim_right().into(),

I sadly don't have time to dig into this further, but maybe this is already useful to you :)

HONGGFUZZ.REPORT.TXT

=====================================================================
TIME: 2018-08-31.14:19:56
=====================================================================
FUZZER ARGS:
 mutationsPerRun : 6
 externalCmd     : NULL
 fuzzStdin       : FALSE
 timeout         : 10 (sec)
 ASLimit         : 0 (MiB)
 RSSLimit        : 0 (MiB)
 DATALimit       : 0 (MiB)
 wordlistFile    : NULL
 fuzzTarget   : hfuzz_target/x86_64-apple-darwin/release/rsass_sass 
ORIG_FNAME: [DYNAMIC]
FUZZ_FNAME: hfuzz_workspace/rsass_sass/SIGABRT.EXC_CRASH.PC.00007fff6b1a5b66.STACK.0000000eb2d598fd.ADDR.0000000000000000.fuzz
PID: 75631
SIGNAL: SIGABRT (6)
EXCEPTION: EXC_CRASH
FAULT ADDRESS: 0
CRASH FRAME PC: 7fff6b1a5b66
STACK HASH: 0000000eb2d598fd
STACK: 
0   libsystem_kernel.dylib        	0x00007fff6b1a5b66 __pthread_kill + 10
1   libsystem_pthread.dylib       	0x00007fff6b370080 pthread_kill + 333
2   libsystem_c.dylib             	0x00007fff6b1011ae abort + 127
3   libstd-a9d7e8a6a3d6b4df.dylib 	0x0000000109639829 std::sys::unix::abort_internal::h03ceb5d34bff4438 + 9
4   libstd-a9d7e8a6a3d6b4df.dylib 	0x00000001096245e9 std::process::abort::h3987b34240a6c79e + 9
5   rsass_sass                    	0x0000000105b68059 _$LT$honggfuzz..PANIC_HOOK$u20$as$u20$core..ops..deref..Deref$GT$::deref::__static_ref_initialize::_$u7b$$u7b$closure$u7d$$u7d$::h75379dbd95571b08 + 9
6   libstd-a9d7e8a6a3d6b4df.dylib 	0x0000000109650829 std::panicking::rust_panic_with_hook::h28727dbac63926df + 409
7   libstd-a9d7e8a6a3d6b4df.dylib 	0x000000010965037d std::panicking::continue_panic_fmt::he306b66c8af40b8e + 157
8   libstd-a9d7e8a6a3d6b4df.dylib 	0x0000000109650269 rust_begin_unwind + 9
9   libstd-a9d7e8a6a3d6b4df.dylib 	0x00000001096b8232 core::panicking::panic_fmt::hed7d26565be04870 + 66
10  rsass_sass                    	0x0000000105b4bbb3 core::result::unwrap_failed::ha476d2171d33b0bb + 147
11  rsass_sass                    	0x0000000105a467ee rsass::parser::at_rule::hde5e042a7062bf31 + 9374
12  rsass_sass                    	0x0000000105a3789e rsass::parser::parse_scss_data::h7bc64da414664f16 + 1134
13  rsass_sass                    	0x0000000105af4d2c rsass::compile_scss::hcd339bbe316f70e2 + 76
14  rsass_sass                    	0x0000000105a2073f _$LT$std..panic..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::h46a9ce06c3834a06 + 47
15  libstd-a9d7e8a6a3d6b4df.dylib 	0x00000001096612bf __rust_maybe_catch_panic + 31
16  rsass_sass                    	0x0000000105a20546 std::panicking::try::hf31ddd4740b13976 + 70
17  rsass_sass                    	0x0000000105a2039b honggfuzz::fuzz::haa831714d12cffff + 75
18  rsass_sass                    	0x0000000105a204ad rsass_sass::main::hcbe3e8a5ca3c44f7 + 45
19  rsass_sass                    	0x0000000105a20e12 std::rt::lang_start::_$u7b$$u7b$closure$u7d$$u7d$::hd5fc902da49a0d1f + 34
20  libstd-a9d7e8a6a3d6b4df.dylib 	0x00000001096501e8 std::panicking::try::do_call::h8bf9ef9943764e2f (.llvm.5701845514050806617) + 24
21  libstd-a9d7e8a6a3d6b4df.dylib 	0x00000001096612bf __rust_maybe_catch_panic + 31
22  libstd-a9d7e8a6a3d6b4df.dylib 	0x0000000109636ced std::rt::lang_start_internal::hb54e3115f9191c74 + 237
23  rsass_sass                    	0x0000000105a20dd9 std::rt::lang_start::h9efece2e66b8f168 + 57
24  libdyld.dylib                 	0x00007fff6b055015 start + 1
=====================================================================

[kaj]

Thank you for your report! Yes, it seems there should be a nom map_res!(...) instead of an unwrap() there. I will look into it shortly.