search

BlockstreamResearch / simfony

Rust-like high-level language that compiles down to Simplicity bytecode. Work in progress.
19 stars 6 forks source link

Fuzz compiler #72

Closed uncomputable closed 4 weeks ago

uncomputable commented 1 month ago

We should check if the compiler can handle malicious inputs and present an error instead of crashing.

apoelstra commented 1 month ago 
diff --git a/src/compile.rs b/src/compile.rs
index c035918..6671fc9 100644
--- a/src/compile.rs
+++ b/src/compile.rs
@@ -434,3 +434,11 @@ impl Match {
         ProgNode::comp(&input, &output).with_span(self)
     }
 }
+
+#[cfg(test)]
+mod tests {
+    #[test]
+    fn fuzz_regression_1() {
+        crate::compile("typef=f").unwrap_err();
+    }
+}

This crashes with an assertion failure


---- compile::tests::fuzz_regression_1 stdout ----
thread 'compile::tests::fuzz_regression_1' panicked at src/parse.rs:764:9:
assertion failed: matches!(pair.as_rule(), Self::RULE)
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

I found this using the following fuzz target

#![no_main]

use libfuzzer_sys::fuzz_target;

fuzz_target!(|data: &[u8]| {
    let _ = core::str::from_utf8(data).map(simfony::compile);
});

Which I set up using the instructions for cargo fuzz.