From f4dddea4c375dd0dc472d8879cc4fc506dd77d8c Mon Sep 17 00:00:00 2001
From: zseri <zseri.devel@ytrizja.de>
Date: Sat, 25 Dec 2021 03:17:06 +0100
Subject: fix(zseri/store-ref-scanner): no_std support and runtime panics

This also changes the fuzzing infrastructure from proptest to cargo-fuzz,
and this lead to the discovery of two mishandlings of edge-cases:

* when a "path_to_store" is at the end of the input, it tried to access
  the input slice out-of-bounds (the `just_store` test covers that now)
* non-ASCII characters lead to an out-of-bounds access in HalfBytesMask
  (the `non_ascii` test covers that now)

Change-Id: Icaa2518dcd93e1789a2c0da4cf0fec46016d3bad
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4604
Tested-by: BuildkiteCI
Reviewed-by: zseri <zseri.devel@ytrizja.de>
---
 users/zseri/store-ref-scanner/fuzz/.gitignore      |   2 +
 users/zseri/store-ref-scanner/fuzz/Cargo.lock      | 124 +++++++++++++++++++++
 users/zseri/store-ref-scanner/fuzz/Cargo.toml      |  31 ++++++
 .../fuzz/fuzz_targets/hbm-roundtrip.rs             |  13 +++
 .../store-ref-scanner/fuzz/fuzz_targets/nocrash.rs |   9 ++
 5 files changed, 179 insertions(+)
 create mode 100644 users/zseri/store-ref-scanner/fuzz/.gitignore
 create mode 100644 users/zseri/store-ref-scanner/fuzz/Cargo.lock
 create mode 100644 users/zseri/store-ref-scanner/fuzz/Cargo.toml
 create mode 100644 users/zseri/store-ref-scanner/fuzz/fuzz_targets/hbm-roundtrip.rs
 create mode 100644 users/zseri/store-ref-scanner/fuzz/fuzz_targets/nocrash.rs

(limited to 'users/zseri/store-ref-scanner/fuzz')

diff --git a/users/zseri/store-ref-scanner/fuzz/.gitignore b/users/zseri/store-ref-scanner/fuzz/.gitignore
new file mode 100644
index 000000000000..b400c2782601
--- /dev/null
+++ b/users/zseri/store-ref-scanner/fuzz/.gitignore
@@ -0,0 +1,2 @@
+corpus
+artifacts
diff --git a/users/zseri/store-ref-scanner/fuzz/Cargo.lock b/users/zseri/store-ref-scanner/fuzz/Cargo.lock
new file mode 100644
index 000000000000..8399066b3cdf
--- /dev/null
+++ b/users/zseri/store-ref-scanner/fuzz/Cargo.lock
@@ -0,0 +1,124 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 3
+
+[[package]]
+name = "arbitrary"
+version = "1.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "510c76ecefdceada737ea728f4f9a84bd2e1ef29f1ba555e560940fe279954de"
+
+[[package]]
+name = "cc"
+version = "1.0.72"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "22a9137b95ea06864e018375b72adfb7db6e6f68cfc8df5a04d00288050485ee"
+
+[[package]]
+name = "libfuzzer-sys"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "36a9a84a6e8b55dfefb04235e55edb2b9a2a18488fcae777a6bdaa6f06f1deb3"
+dependencies = [
+ "arbitrary",
+ "cc",
+ "once_cell",
+]
+
+[[package]]
+name = "once_cell"
+version = "1.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "da32515d9f6e6e489d7bc9d84c71b060db7247dc035bbe44eac88cf87486d8d5"
+
+[[package]]
+name = "proc-macro-error"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c"
+dependencies = [
+ "proc-macro-error-attr",
+ "proc-macro2",
+ "quote",
+ "syn",
+ "version_check",
+]
+
+[[package]]
+name = "proc-macro-error-attr"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "version_check",
+]
+
+[[package]]
+name = "proc-macro2"
+version = "1.0.34"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2f84e92c0f7c9d58328b85a78557813e4bd845130db68d7184635344399423b1"
+dependencies = [
+ "unicode-xid",
+]
+
+[[package]]
+name = "proc_unroll"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8ab97d993c96374333148bad5043d3c85a572c1ca81d13b9cf92f23f5ef72f54"
+dependencies = [
+ "proc-macro-error",
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "quote"
+version = "1.0.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "38bc8cc6a5f2e3655e0899c1b848643b2562f853f114bfec7be120678e3ace05"
+dependencies = [
+ "proc-macro2",
+]
+
+[[package]]
+name = "store-ref-scanner"
+version = "0.1.0"
+dependencies = [
+ "proc_unroll",
+]
+
+[[package]]
+name = "store-ref-scanner-fuzz"
+version = "0.0.0"
+dependencies = [
+ "libfuzzer-sys",
+ "store-ref-scanner",
+]
+
+[[package]]
+name = "syn"
+version = "1.0.83"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "23a1dfb999630e338648c83e91c59a4e9fb7620f520c3194b6b89e276f2f1959"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-xid",
+]
+
+[[package]]
+name = "unicode-xid"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8ccb82d61f80a663efe1f787a51b16b5a51e3314d6ac365b08639f52387b33f3"
+
+[[package]]
+name = "version_check"
+version = "0.9.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5fecdca9a5291cc2b8dcf7dc02453fee791a280f3743cb0905f8822ae463b3fe"
diff --git a/users/zseri/store-ref-scanner/fuzz/Cargo.toml b/users/zseri/store-ref-scanner/fuzz/Cargo.toml
new file mode 100644
index 000000000000..baa17132756d
--- /dev/null
+++ b/users/zseri/store-ref-scanner/fuzz/Cargo.toml
@@ -0,0 +1,31 @@
+[package]
+name = "store-ref-scanner-fuzz"
+version = "0.0.0"
+authors = ["Automatically generated"]
+publish = false
+edition = "2018"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = "0.4"
+
+[dependencies.store-ref-scanner]
+path = ".."
+
+# Prevent this from interfering with workspaces
+[workspace]
+members = ["."]
+
+[[bin]]
+name = "hbm-roundtrip"
+path = "fuzz_targets/hbm-roundtrip.rs"
+test = false
+doc = false
+
+[[bin]]
+name = "nocrash"
+path = "fuzz_targets/nocrash.rs"
+test = false
+doc = false
diff --git a/users/zseri/store-ref-scanner/fuzz/fuzz_targets/hbm-roundtrip.rs b/users/zseri/store-ref-scanner/fuzz/fuzz_targets/hbm-roundtrip.rs
new file mode 100644
index 000000000000..0738da68b77d
--- /dev/null
+++ b/users/zseri/store-ref-scanner/fuzz/fuzz_targets/hbm-roundtrip.rs
@@ -0,0 +1,13 @@
+#![no_main]
+use libfuzzer_sys::fuzz_target;
+
+fuzz_target!(|data: &[u8]| {
+    use core::convert::TryInto;
+    use store_ref_scanner::HalfBytesMask;
+    for i in data.chunks_exact(16) {
+        let a = HalfBytesMask(i.try_into().unwrap());
+        let b = a.into_expanded();
+        let c = HalfBytesMask::from_expanded(b);
+        assert_eq!(a, c);
+    }
+});
diff --git a/users/zseri/store-ref-scanner/fuzz/fuzz_targets/nocrash.rs b/users/zseri/store-ref-scanner/fuzz/fuzz_targets/nocrash.rs
new file mode 100644
index 000000000000..48100a628d7a
--- /dev/null
+++ b/users/zseri/store-ref-scanner/fuzz/fuzz_targets/nocrash.rs
@@ -0,0 +1,9 @@
+#![no_main]
+use libfuzzer_sys::fuzz_target;
+
+fuzz_target!(|data: &[u8]| {
+    use store_ref_scanner::{StoreRefScanner, StoreSpec};
+
+    StoreRefScanner::new(&data[..], &StoreSpec::DFL_NIX2).count();
+    StoreRefScanner::new(&data[..], &StoreSpec::DFL_YZIX1).count();
+});
-- 
cgit 1.4.1