Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Internal panic with nested links #50

Closed
squili opened this issue Feb 13, 2023 · 4 comments · Fixed by #73
Closed

Internal panic with nested links #50

squili opened this issue Feb 13, 2023 · 4 comments · Fixed by #73

Comments

@squili
Copy link
Contributor

squili commented Feb 13, 2023

The strings
[![]()]()
![![]()]()
cause panics when passed to to_mdast!

I'm surprised this didn't get detected by fuzzing - you might want to double check the fuzzer
@ChristianMurphy
Copy link
Collaborator

ChristianMurphy commented Feb 13, 2023
edited
Loading

Thanks @squili!
Appreciate you taking some time to dig into this. 🙇
The the exception thrown appears to be:

thread 'test' panicked at 'internal error: entered unreachable code: expected footnote reference, image, or link on stack', src/to_mdast.rs:1275:14

markdown-rs/src/to_mdast.rs

Line 1275 in c139008

_ => unreachable!("expected footnote refereence, image, or link on stack"),

Is this something you'd be interested in digging into more and exploring a fix for @squili?

I'm surprised this didn't get detected by fuzzing - you might want to double check the fuzzer

Ideas on how to improve the fuzzer are welcome!
Currently it finds one of #22, #23, #26, or #31 then gets stuck finding more variations on the same issue.

@squili
Copy link
Contributor Author

squili commented Feb 14, 2023

I think the proper behavior here would be to return an error instead of panicking. Maybe some Results could be threaded further throughout to_mdast.rs so that these internal parsing errors just cause normal errors. It could also be good to go through each panic and add a comment explaining why it's actually unreachable!(), sort of like what is normally done with unsafe blocks.

On fuzzing, I think it might be good to have an automatic generator for random strings instead of coverage-based. While coverage-based is great for efficiency, the detected cases you linked are pretty short and the markdown parser itself is super fast, so a bunch of random ordering of tokens would probably pick some more issues up.

@ChristianMurphy
Copy link
Collaborator

I think the proper behavior here would be to return an error instead of panicking.

I'm not sure an error would make sense here.
Looking at commonmark behavior https://spec.commonmark.org/dingus/?text=%5B!%5B%5D()%5D() this should produce a valid AST, the solution would be to trace the code path leading to the unreachable!() and adjust/implement the nesting case.

On fuzzing, I think it might be good to have an automatic generator for random strings instead of coverage-based. While coverage-based is great for efficiency, the detected cases you linked are pretty short and the markdown parser itself is super fast, so a bunch of random ordering of tokens would probably pick some more issues up.

Efficiency would be key here.
Fuzzing currently gets run by maintainers on a laptop before releases to spot check for errors.
Meaning it runs on commodity hardware and with a bounded/fixed amount time, not a super compute cluster with unbounded time.

Yes, unguided fuzzing can theoretically more panics given time and compute, but it uses A LOT of time and compute to do so.

Do you have a suggestion of where to find that level of time and compute?
I'm aware of https://google.github.io/oss-fuzz/, but even they use guided fuzzing.

Or do you have another idea which works with commodity compute and bounded time?

sheremetyev added a commit to sheremetyev/markdown-rs that referenced this issue Jul 9, 2023
@sheremetyev
Fix parsing of nested links
7d22515 
Enter event for LabelText should be inserted before existing events at the index in order
to have correct nesting. Otherwise nested elements could have Enter event first and that
would result in incorrect nesting in the tree when converting to AST.

Fixes wooorm#50
@sheremetyev sheremetyev mentioned this issue Jul 9, 2023
Merged
wooorm pushed a commit that referenced this issue Jul 10, 2023
@sheremetyev
Fix parsing of nested links
ddbeb9c 
Enter event for `LabelText` should be inserted before existing events at the index in order
to have correct nesting. Otherwise nested elements could have Enter event first and that
would result in incorrect nesting in the tree when converting to AST.

Closes GH-73.
Closes GH-50.
@wooorm
Copy link
Owner

wooorm commented Jul 10, 2023
edited
Loading

Fixed, thanks to @sheremetyev!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix parsing of nested links sheremetyev/markdown-rs
3 participants
@wooorm @ChristianMurphy @squili