fix(zseri/store-ref-scanner): no_std support and runtime panics

This also changes the fuzzing infrastructure from proptest to cargo-fuzz, and this lead to the discovery of two mishandlings of edge-cases: * when a "path_to_store" is at the end of the input, it tried to access the input slice out-of-bounds (the `just_store` test covers that now) * non-ASCII characters lead to an out-of-bounds access in HalfBytesMask (the `non_ascii` test covers that now) Change-Id: Icaa2518dcd93e1789a2c0da4cf0fec46016d3bad Reviewed-on: https://cl.tvl.fyi/c/depot/+/4604 Tested-by: BuildkiteCI Reviewed-by: zseri <zseri.devel@ytrizja.de>
2021-12-25 03:17:06 +01:00 · 2021-12-25 03:17:06 +01:00 · f4dddea4c3
commit f4dddea4c3
parent 5f2b37bdb0
11 changed files with 239 additions and 609 deletions
--- a/users/zseri/store-ref-scanner/src/hbm.rs
+++ b/users/zseri/store-ref-scanner/src/hbm.rs
@ -1,8 +1,7 @@
 #[derive(Clone, Copy, Debug, Default, PartialEq, Eq)]
 pub struct HalfBytesMask(pub [u8; 16]);

-// fires erronously
-#[allow(clippy::zero_prefixed_literal)]
+#[allow(clippy::as_conversions, clippy::zero_prefixed_literal)]
 impl HalfBytesMask {
    pub const B32_REVSHA256: HalfBytesMask =
        HalfBytesMask([0, 0, 0, 0, 0, 0, 255, 3, 0, 0, 0, 0, 222, 127, 207, 7]);
@ -11,6 +10,10 @@ impl HalfBytesMask {
        0, 0, 0, 0, 0, 8, 255, 3, 254, 255, 255, 135, 254, 255, 255, 7,
    ]);

+    pub const DFL_REST: HalfBytesMask = HalfBytesMask([
+        0, 0, 0, 0, 0, 104, 255, 163, 254, 255, 255, 135, 254, 255, 255, 7,
+    ]);
+
    #[inline]
    #[proc_unroll::unroll]
    pub const fn from_expanded(x: [bool; 128]) -> Self {
@ -51,7 +54,11 @@ impl HalfBytesMask {
    }

    pub fn contains(&self, byte: u8) -> bool {
-        (self.0[usize::from(byte / 8)] >> u32::from(byte % 8)) & 0b1 != 0
+        if byte >= 0x80 {
+            false
+        } else {
+            (self.0[usize::from(byte / 8)] >> u32::from(byte % 8)) & 0b1 != 0
+        }
    }

    pub fn set(&mut self, byte: u8, allow: bool) {
@ -95,6 +102,13 @@ mod tests {
        assert_eq!(HalfBytesMask::B64_BLAKE2B256.count_ones(), 64);
    }

+    #[test]
+    fn non_ascii() {
+        for i in 0x80..=0xff {
+            assert!(!HalfBytesMask::DFL_REST.contains(i));
+        }
+    }
+
    #[test]
    fn dflmask() {
        assert_eq!(
@ -138,15 +152,12 @@ mod tests {
            ),
            HalfBytesMask::B64_BLAKE2B256,
        );
-    }

-    proptest::proptest! {
-        #[test]
-        fn hbm_roundtrip(s: [u8; 16]) {
-            let a = HalfBytesMask(s);
-            let b = a.into_expanded();
-            let c = HalfBytesMask::from_expanded(b);
-            assert_eq!(a, c);
-        }
+        assert_eq!(
+            HalfBytesMask::from_bytes(
+                b"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-._?="
+            ),
+            HalfBytesMask::DFL_REST,
+        );
    }
 }