fix: panic when head-skipping to a single-byte key

- This was detected by fuzzing! Searching for `{` or `[` with descendant would cause a panic if the input started with the sequence `{"` or `["`, respectively. Ref: #281
rsonquery · Sep 21, 2023 · abe4e61 · abe4e61
1 parent 5c1bf7d
commit abe4e61
Show file tree

Hide file tree

Showing 12 changed files with 1,932 additions and 779 deletions.
diff --git a/.github/workflows/test-codegen.yml b/.github/workflows/test-codegen.yml
@@ -8,7 +8,7 @@ on:
         value: rsonpath-test-documents
       artifact-path:
         description: Path to which the artifact should be extracted.
-        value: crates/rsonpath-lib/tests/documents
+        value: crates/rsonpath-test/tests/documents
 
 env:
   CARGO_TERM_COLOR: always
@@ -57,5 +57,5 @@ jobs:
         uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: rsonpath-test-documents
-          path: crates/rsonpath-lib/tests/documents
+          path: crates/rsonpath-test/tests/documents
           retention-days: 1
diff --git a/Justfile b/Justfile
@@ -233,19 +233,15 @@ commit msg:
 
 # === HOOKS ===
 
-tmpdiff := if os() == "windows" {
-    `New-TemporaryFile`
-} else {
-    `mktemp -t pre-commit-hook-diff-XXXXXXXX.$$`
-}
-
 [private]
-hook-pre-commit: 
+hook-pre-commit:
+    #!/bin/sh
+    tmpdiff=$(mktemp -t pre-commit-hook-diff-XXXXXXXX.$$)
     just assert-benchmarks-committed
-    git diff --full-index --binary > {{tmpdiff}}
+    git diff --full-index --binary > $tmpdiff
     git stash -q --keep-index
     (just verify-fmt && just verify-check); \
-    git apply --whitespace=nowarn < {{tmpdiff}} && git stash drop -q; rm {{tmpdiff}}
+    git apply --whitespace=nowarn < $tmpdiff}} && git stash drop -q; rm $tmpdiff
 
 [private]
 @hook-post-checkout: checkout-benchmarks

diff --git a/crates/rsonpath-benchmarks b/crates/rsonpath-benchmarks
diff --git a/crates/rsonpath-lib/src/classification/memmem/shared/mask_32.rs b/crates/rsonpath-lib/src/classification/memmem/shared/mask_32.rs
@@ -12,7 +12,7 @@ pub(crate) fn find_in_mask<I: Input>(
     let mut result = (previous_block | (first << 1)) & second;
     while result != 0 {
         let idx = result.trailing_zeros() as usize;
-        if input.is_member_match(offset + idx - 2, offset + idx + label_size - 3, label) {
+        if offset + idx > 1 && input.is_member_match(offset + idx - 2, offset + idx + label_size - 3, label) {
             return Some(offset + idx - 2);
         }
         result &= !(1 << idx);

diff --git a/crates/rsonpath-lib/src/classification/memmem/shared/mask_64.rs b/crates/rsonpath-lib/src/classification/memmem/shared/mask_64.rs
@@ -13,7 +13,7 @@ pub(crate) fn find_in_mask<I: Input>(
     while result != 0 {
         let idx = result.trailing_zeros() as usize;
         debug!("{offset} + {idx} - 2 to {offset} + {idx} + {label_size} - 3");
-        if input.is_member_match(offset + idx - 2, offset + idx + label_size - 3, label) {
+        if offset + idx > 1 && input.is_member_match(offset + idx - 2, offset + idx + label_size - 3, label) {
             return Some(offset + idx - 2);
         }
         result &= !(1 << idx);

diff --git a/crates/rsonpath-lib/tests/documents/toml/head_skip_for_curly.toml b/crates/rsonpath-lib/tests/documents/toml/head_skip_for_curly.toml
@@ -0,0 +1,26 @@
+# Define the JSON input for all query test cases.
+[input]
+# Short description of the input structure.
+description = "Object with an empty key."
+ # Set to true only if your specific test input is fully compressed (no extraneous whitespace).
+is_compressed = false
+
+# Inline JSON document.
+[input.source]
+json_string = '{"":null}'
+
+# Define queries to test on the input.
+[[queries]]
+ # Valid JSONPath query string.
+query = '$..["{"]'
+# Short descritpion of the query semantics.
+description = "descendant search for a key equal to the curly brace"
+
+[queries.results]
+# Number of expected matches.
+count = 0
+# Byte locations of spans of all matches, in order.
+spans = []
+# Stringified values of all matches, verbatim as in the input,
+# in the same order as above.
+nodes = []
diff --git a/crates/rsonpath-lib/tests/documents/toml/head_skip_for_square.toml b/crates/rsonpath-lib/tests/documents/toml/head_skip_for_square.toml
@@ -0,0 +1,26 @@
+# Define the JSON input for all query test cases.
+[input]
+# Short description of the input structure.
+description = "List with an empty string."
+ # Set to true only if your specific test input is fully compressed (no extraneous whitespace).
+is_compressed = false
+
+# Inline JSON document.
+[input.source]
+json_string = '[""]'
+
+# Define queries to test on the input.
+[[queries]]
+ # Valid JSONPath query string.
+query = '$..["["]'
+# Short descritpion of the query semantics.
+description = "descendant search for a key equal to the square brace"
+
+[queries.results]
+# Number of expected matches.
+count = 0
+# Byte locations of spans of all matches, in order.
+spans = []
+# Stringified values of all matches, verbatim as in the input,
+# in the same order as above.
+nodes = []
diff --git a/crates/rsonpath-lib/tests/end_to_end.rs b/crates/rsonpath-lib/tests/end_to_end.rs
diff --git a/crates/rsonpath-test-codegen/src/gen.rs b/crates/rsonpath-test-codegen/src/gen.rs
@@ -33,7 +33,11 @@ pub(crate) fn generate_test_fns(files: &mut Files) -> Result<impl IntoIterator<I
                     );
                     let full_description = format!(
                         r#"on document {} running the query {} ({}) with Input impl {} and result mode {}"#,
-                        discovered_doc.name, query.query, query.description, input_type, result_type
+                        escape_format(&discovered_doc.name),
+                        escape_format(&query.query),
+                        escape_format(&query.description),
+                        escape_format(&input_type),
+                        escape_format(&result_type)
                     );
                     let body = generate_body(
                         &full_description,
@@ -336,3 +340,11 @@ impl Display for EngineTypeToTest {
         )
     }
 }
+
+fn escape_format<D>(val: &D) -> impl Display
+where
+    D: Display,
+{
+    let s = val.to_string();
+    s.replace('{', "{{").replace('}', "}}")
+}
diff --git a/crates/rsonpath-test/Cargo.toml b/crates/rsonpath-test/Cargo.toml
@@ -17,4 +17,4 @@ publish = false
 [build-dependencies]
 eyre = "0.6.8"
 md5 = "0.7.0"
-rsonpath-test-codegen = { version = "0.8.0", path = "../rsonpath-test-codegen" }
+rsonpath-test-codegen = { version = "0.8.1", path = "../rsonpath-test-codegen" }
diff --git a/crates/rsonpath-test/README.md b/crates/rsonpath-test/README.md
@@ -1,8 +1,9 @@
 # Just codegen
 
-This crate is almost useless.
+This crate should be used only for the declarative TOML tests.
 
-It has no code in it except for the build script. The build script generates test cases for `rsonpath-lib`
+It has no code in it except for the build script and the generated script.
+The build script generates test cases for `rsonpath-lib` based on TOML files in `tests/documents`
 using `rsonpath-test-codegen`. This is needed for the following reasons:
 
 1. `rsonpath-test-codegen` cannot also have a `build.rs` script to generate the tests, since it would need to build-depend on itself;

diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock