fix crash in Descriptor::parse_desc found by fuzzer #809
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
Author
|
cc @i-am-yuvi @brunoerg |
When parsing a descriptor with `Descriptor::parse_descriptor`, we first parse as a string and then parse the keys. We fail to consider parsing errors in the keys, resulting in a panic. Also, clean up the panic message so it's clearer what's going on.
apoelstra
force-pushed
the
2025-04--fuzz-crash
branch
from
40514f5 to
6bff186
Compare
Member
Author
|
Bug originates in #493 |
Contributor
|
code review ACK 6bff186; haven't tested |
yuvicc
approved these changes
Apr 25, 2025
There was a problem hiding this comment.
Tested and Code Review ACK 6bff186
cargo test regression_806
Compiling miniscript v13.0.0 (...rust-miniscript)
Finished `test` profile [unoptimized + debuginfo] target(s) in 3.99s
Running unittests src/lib.rs (target/debug/deps/miniscript-0203e4fe382223fb)
running 1 test
test descriptor::tests::regression_806 ... ok
test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 119 filtered out; finished in 0.00s
sanket1729
approved these changes
Apr 28, 2025
Member
There was a problem hiding this comment.
ACK 6bff186
Thanks for the reports, Bruno and i-am-yuvi
apoelstra
added a commit
that referenced
this pull request
Apr 29, 2025
212d78a bump patch version of 12.3 (Andrew Poelstra) 4c6366a add regression test for #806 (Andrew Poelstra) 4823d86 descriptor: fix key parsing error handling in parse_desc (Andrew Poelstra) Pull request description: Backports #809 and does another patch release. ACKs for top commit: sanket1729: reACK 212d78a Tree-SHA512: c95651f29e1bcb4e8c8036b2a74443c3fd818d39c259852d5c35f0f5ef88fbbe18b312eb7e4d29c39a4af8e9660871fbe998d86c9d21a3d502f1d9854f6f7a43
Merged
apoelstra
added a commit
that referenced
this pull request
May 3, 2025
06400b1 bump patch version of 10.2 (Andrew Poelstra) 1fed0ec add regression test for #806 (Andrew Poelstra) 2f21e23 descriptor: fix key parsing error handling in parse_desc (Andrew Poelstra) 0e40319 ci: update CI job to run all the fuzz tests (Andrew Poelstra) 6ff58af lib: remove some deny lints (Andrew Poelstra) Pull request description: Backports #809 to 10.x. This is a direct rebase of #810 except that I added a commit with some lint fixes. (I had been avoiding this, but we've been having a lot of backports lately so I think I ought to just address it.) After this I will do 11.x. ACKs for top commit: sanket1729: utACK 06400b1 Tree-SHA512: 6a30480becf20aa64e1f4528cf0d1df75bd2ddbaad95ae6bd4a3f5885624a791c7d7a77020b27675c348b2ff95467e0cb8bb42ca2c58112d7322f75480608dca
Merged
apoelstra
added a commit
that referenced
this pull request
May 24, 2025
953e679 bump patch version of 11.2 (Andrew Poelstra) 3bf002c add regression test for #806 (Andrew Poelstra) 4f8b065 descriptor: fix key parsing error handling in parse_desc (Andrew Poelstra) 7c651f4 ci: update fuzz CI job to reorder tests (Andrew Poelstra) aaf276c lib: remove some deny lints (Andrew Poelstra) Pull request description: Backport of #809 to 11.x. Last backport for this PR. ACKs for top commit: sanket1729: utACK 953e679 Tree-SHA512: 8f9ee0b49f2d2e1e4560a950bd84dad2bef285e72466b3ccf19170157958e5749bc73194581b40c7dc977c6938627ccb444d58a2161934e148281891c6b319de
heap-coder
added a commit
to heap-coder/rust-miniscript
that referenced
this pull request
Sep 27, 2025
…e_desc found by fuzzer
6bff186d01bc22e061aba7ea584d55d9faf7a5b3 add regression test for #806 (Andrew Poelstra)
05d3cc2c1d8a47cd94f911d45d01f9ab35cb1019 descriptor: fix key parsing error handling in parse_desc (Andrew Poelstra)
Pull request description:
Thanks to Bruno Garcia and i-am-yuvi who independently found this crash and reported it to me.
Fixes #806
Needs backport.
ACKs for top commit:
brunoerg:
code review ACK 6bff186d01bc22e061aba7ea584d55d9faf7a5b3; haven't tested
i-am-yuvi:
Tested and Code Review ACK 6bff186d01bc22e061aba7ea584d55d9faf7a5b3
sanket1729:
ACK 6bff186d01bc22e061aba7ea584d55d9faf7a5b3
Tree-SHA512: abd386758fc6e2a408c2de7bb6be61274a4252cafd97130bd449ce2fb23180cffa416ffe7393a809c69cf541186f3866aaa9fef635ce57fbc4bcf455a5b287c0
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Thanks to Bruno Garcia and i-am-yuvi who independently found this crash and reported it to me.
Fixes #806
Needs backport.