Skip to content

Commit

Permalink
fix: do not perform lossy casts on row/col info
Browse files Browse the repository at this point in the history
  • Loading branch information
amaanq committed May 8, 2024
1 parent 08ab1fb commit f10a0fc
Show file tree
Hide file tree
Showing 2 changed files with 61 additions and 28 deletions.
57 changes: 36 additions & 21 deletions src/scanner.c
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
#include "tree_sitter/parser.h"

#define _str(x) #x
#define _file(x) _str(./schema.x.c)
#define _file(x) _str(schema.x.c)

#ifndef YAML_SCHEMA
#define YAML_SCHEMA core
Expand Down Expand Up @@ -152,20 +152,27 @@ typedef struct {
} Scanner;

static unsigned serialize(Scanner *scanner, char *buffer) {
size_t i = 0;
buffer[i++] = (char)scanner->row;
buffer[i++] = (char)scanner->col;
buffer[i++] = (char)scanner->blk_imp_row;
buffer[i++] = (char)scanner->blk_imp_col;
buffer[i++] = (char)scanner->blk_imp_tab;
size_t size = 0;
*(int16_t *)&buffer[size] = scanner->row;

Check notice on line 156 in src/scanner.c

View workflow job for this annotation

GitHub Actions / Fuzz scanner

Sanitizer

store to misaligned address 0x61b000000825 for type 'int16_t' (aka 'short'), which requires 2 byte alignment::notice file=src/scanner.c,line=158,col=5,title=Sanitizer::store to misaligned address 0x61b000000827 for type 'int16_t' (aka 'short'), which requires 2 byte alignment::notice file=src/scanner.c,line=160,col=5,title=Sanitizer::store to misaligned address 0x61b000000829 for type 'int16_t' (aka 'short'), which requires 2 byte alignment::notice file=src/scanner.c,line=162,col=5,title=Sanitizer::store to misaligned address 0x61b00000082b for type 'int16_t' (aka 'short'), which requires 2 byte alignment::notice file=src/scanner.c,line=164,col=5,title=Sanitizer::store to misaligned address 0x61b00000082d for type 'int16_t' (aka 'short'), which requires 2 byte alignment::notice file=src/scanner.c,line=170,col=9,title=Sanitizer::store to misaligned address 0x61b00000e82f for type 'int16_t' (aka 'short'), which requires 2 byte alignment::notice file=src/scanner.c,line=172,col=9,title=Sanitizer::store to misaligned address 0x61b00000e831 for type 'int16_t' (aka 'short'), which requires 2 byte alignment::endgroup::
size += sizeof(int16_t);
*(int16_t *)&buffer[size] = scanner->col;
size += sizeof(int16_t);
*(int16_t *)&buffer[size] = scanner->blk_imp_row;
size += sizeof(int16_t);
*(int16_t *)&buffer[size] = scanner->blk_imp_col;
size += sizeof(int16_t);
*(int16_t *)&buffer[size] = scanner->blk_imp_tab;
size += sizeof(int16_t);
int16_t *typ_itr = scanner->ind_typ_stk.contents + 1;
int16_t *typ_end = scanner->ind_typ_stk.contents + scanner->ind_typ_stk.size;
int16_t *len_itr = scanner->ind_len_stk.contents + 1;
for (; typ_itr != typ_end && i < TREE_SITTER_SERIALIZATION_BUFFER_SIZE; ++typ_itr, ++len_itr) {
buffer[i++] = (char)*typ_itr;
buffer[i++] = (char)*len_itr;
for (; typ_itr != typ_end && size < TREE_SITTER_SERIALIZATION_BUFFER_SIZE; ++typ_itr, ++len_itr) {
*(int16_t *)&buffer[size] = *typ_itr;
size += sizeof(int16_t);
*(int16_t *)&buffer[size] = *len_itr;
size += sizeof(int16_t);
}
return i;
return size;
}

static void deserialize(Scanner *scanner, const char *buffer, unsigned length) {
Expand All @@ -179,16 +186,24 @@ static void deserialize(Scanner *scanner, const char *buffer, unsigned length) {
array_delete(&scanner->ind_len_stk);
array_push(&scanner->ind_len_stk, -1);
if (length > 0) {
size_t i = 0;
scanner->row = (int16_t)buffer[i++];
scanner->col = (int16_t)buffer[i++];
scanner->blk_imp_row = (int16_t)buffer[i++];
scanner->blk_imp_col = (int16_t)buffer[i++];
scanner->blk_imp_tab = (int16_t)buffer[i++];
while (i < length) {
array_push(&scanner->ind_typ_stk, (int16_t)buffer[i++]);
array_push(&scanner->ind_len_stk, (int16_t)buffer[i++]);
}
size_t size = 0;
scanner->row = *(int16_t *)&buffer[size];
size += sizeof(int16_t);
scanner->col = *(int16_t *)&buffer[size];
size += sizeof(int16_t);
scanner->blk_imp_row = *(int16_t *)&buffer[size];
size += sizeof(int16_t);
scanner->blk_imp_col = *(int16_t *)&buffer[size];
size += sizeof(int16_t);
scanner->blk_imp_tab = *(int16_t *)&buffer[size];
size += sizeof(int16_t);
while (size < length) {
array_push(&scanner->ind_typ_stk, *(int16_t *)&buffer[size]);
size += sizeof(int16_t);
array_push(&scanner->ind_len_stk, *(int16_t *)&buffer[size]);
size += sizeof(int16_t);
}
assert(size == length);
}
}

Expand Down
32 changes: 25 additions & 7 deletions test/corpus/08_blocks.txt
Original file line number Diff line number Diff line change
Expand Up @@ -760,11 +760,29 @@ mapping: !!map
(string_scalar)))
(block_node
(tag)
================================================================================
Long string scalar (> SCHAR_MAX in length)
================================================================================

long:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdef1234567890!@#$%^&*()_+{}|:"<>?`-=[]\;',./almostat128chars!:
{}

---

(stream
(document
(block_node
(block_mapping
(block_mapping_pair
(flow_node
(plain_scalar
(string_scalar)))
(flow_node
(plain_scalar
(string_scalar)))))))))))
(block_mapping_pair
(flow_node
(plain_scalar
(string_scalar)))
(block_node
(block_mapping
(block_mapping_pair
(flow_node
(plain_scalar
(string_scalar)))
(flow_node
(flow_mapping))))))))))

0 comments on commit f10a0fc

Please sign in to comment.