[BUG] unreachable code in percentage.rs [ input background:(lineal-gradient(rgba(max(1,2)))); ] #1129
Description
Hi!
We're fuzzing a project that uses your parser and found this bug.
tests/test_fuzz.rs
use std::fs;
use lightningcss::declaration::DeclarationBlock;
use lightningcss::stylesheet::ParserOptions;
#[test]
fn test_unreachable() -> Result<(), Box<dyn std::error::Error>> {
let bytes_f = fs::read("crash_unreachable_code.css")?;
let html_f = String::from_utf8_lossy(&bytes_f);
DeclarationBlock::parse_string(&html_f, ParserOptions::default()).ok();
Ok(())
}
crash_unreachable_code.css
Contents:
background:(lineal-gradient(rgba(max(1,2))));
Log:
Running tests/test_fuzz.rs (target/debug/deps/test_fuzz-3624f0736ad200cd)
running 1 test
thread 'test_unreachable' (2787) panicked at src/values/percentage.rs:30:16:
internal error: entered unreachable code
stack backtrace:
0: 0x612354c91862 - std::backtrace_rs::backtrace::libunwind::trace::h34cbe3b5faf3f713
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/std/src/../../backtrace/src/backtrace/libunwind.rs:117:9
1: 0x612354c91862 - std::backtrace_rs::backtrace::trace_unsynchronized::h4e5437866dba08a6
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/std/src/../../backtrace/src/backtrace/mod.rs:66:14
2: 0x612354c91862 - std::sys::backtrace::_print_fmt::h07153ac751d53861
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/std/src/sys/backtrace.rs:66:9
3: 0x612354c91862 - <std::sys::backtrace::BacktraceLock::print::DisplayBacktrace as core::fmt::Display>::fmt::h1e13c5a1f7f65191
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/std/src/sys/backtrace.rs:39:26
4: 0x612354ca22e7 - core::fmt::rt::Argument::fmt::h4eafae5b9906ff9b
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/core/src/fmt/rt.rs:152:76
5: 0x612354ca22e7 - core::fmt::write::hb28af7d74e29f096
6: 0x612354c5fcc6 - std::io::default_write_fmt::hbc9278ce9595ccf5
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/std/src/io/mod.rs:639:11
7: 0x612354c5fcc6 - std::io::Write::write_fmt::h227029d276fa0b5a
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/std/src/io/mod.rs:1994:13
8: 0x612354c6ff44 - std::sys::backtrace::BacktraceLock::print::he967bfb6ede8a419
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/std/src/sys/backtrace.rs:42:9
9: 0x612354c6ff44 - std::panicking::default_hook::{{closure}}::h02bf2e8618640540
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/std/src/panicking.rs:293:27
10: 0x612354c6fd69 - std::panicking::default_hook::hf4cc4647862d4a66
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/std/src/panicking.rs:320:9
11: 0x612354c7045b - std::panicking::panic_with_hook::hf381f68bf2de0cc2
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/std/src/panicking.rs:826:13
12: 0x612354c7030a - std::panicking::panic_handler::{{closure}}::h223f596f3596ef5c
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/std/src/panicking.rs:692:13
13: 0x612354c6b869 - std::sys::backtrace::__rust_end_short_backtrace::hef5ee6361f111bc3
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/std/src/sys/backtrace.rs:174:18
14: 0x612354c5404d - __rustc[71ee99a97457d585]::rust_begin_unwind
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/std/src/panicking.rs:690:5
15: 0x612354ca9c4c - core::panicking::panic_fmt::h56c12680906a1ecc
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/core/src/panicking.rs:80:14
16: 0x612354ca9c12 - core::panicking::panic::h23a070b9ac6d93cb
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/core/src/panicking.rs:150:5
17: 0x612354b549ca - <lightningcss::values::percentage::Percentage as lightningcss::traits::Parse>::parse::h48fc0bcf9c90e455
at /light/src/values/percentage.rs:30:16
18: 0x612354b610ab - core::ops::function::FnOnce::call_once::h3cd4db395034804e
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/core/src/ops/function.rs:250:5
19: 0x6123548b27af - cssparser::parser::Parser::try_parse::hce431816acb3f897
at /root/.cargo/registry/src/rust-mirror.ptsecurity.ru-2eccfb167a967d66/cssparser-0.33.0/src/parser.rs:579:22
20: 0x612354bab57e - <lightningcss::values::color::ComponentParser as cssparser_color::ColorParser>::parse_number_or_percentage::h95f28c6b12d8fbed
at /light/src/values/color.rs:1010:37
21: 0x612354ba4a71 - lightningcss::values::color::parse_rgb_components::hb374e057f88f66d0
at /light/src/values/color.rs:1316:20
22: 0x612354941d0d - lightningcss::values::color::parse_rgb::{{closure}}::{{closure}}::h34bbab5de8ee49e0
at /light/src/values/color.rs:1286:34
23: 0x61235493107b - lightningcss::values::color::ComponentParser::parse_relative::hdd1f2c31ed047787
at /light/src/values/color.rs:904:5
24: 0x612354941caa - lightningcss::values::color::parse_rgb::{{closure}}::h1264f095d72903e7
at /light/src/values/color.rs:1285:12
25: 0x61235485040b - cssparser::parser::Parser::parse_entirely::h618013c64f9b8285
at /root/.cargo/registry/src/rust-mirror.ptsecurity.ru-2eccfb167a967d66/cssparser-0.33.0/src/parser.rs:689:22
26: 0x61235481d9b5 - cssparser::parser::parse_nested_block::hded63ad5b2f0892c
at /root/.cargo/registry/src/rust-mirror.ptsecurity.ru-2eccfb167a967d66/cssparser-0.33.0/src/parser.rs:1139:32
27: 0x61235487c6bb - cssparser::parser::Parser::parse_nested_block::h409df64faab2710f
at /root/.cargo/registry/src/rust-mirror.ptsecurity.ru-2eccfb167a967d66/cssparser-0.33.0/src/parser.rs:777:9
28: 0x612354ba7b8b - lightningcss::values::color::parse_rgb::h545c8090bf719d0e
at /light/src/values/color.rs:1284:9
29: 0x612354ba4704 - lightningcss::values::color::parse_color_function::hf165b671d35c67f2
at /light/src/values/color.rs:1075:8
30: 0x612354ba85bf - <lightningcss::values::color::CssColor as lightningcss::traits::Parse>::parse::hd9df309b947f38a9
at /light/src/values/color.rs:551:36
31: 0x6123548e1eff - lightningcss::properties::custom::try_parse_color_token::h611f0b22c4b13eb5
at /light/src/properties/custom.rs:519:26
32: 0x6123548e3077 - lightningcss::properties::custom::TokenList::parse_into::h093f16270bbcbd2d
at /light/src/properties/custom.rs:389:32
33: 0x6123548e428d - lightningcss::properties::custom::TokenList::parse::h23bc1450e84bf887
at /light/src/properties/custom.rs:297:5
34: 0x612354946285 - lightningcss::properties::custom::TokenList::parse_into::{{closure}}::h5b9385b88c805c04
at /light/src/properties/custom.rs:419:62
35: 0x612354864bc5 - cssparser::parser::Parser::parse_entirely::had04f0546de60c28
at /root/.cargo/registry/src/rust-mirror.ptsecurity.ru-2eccfb167a967d66/cssparser-0.33.0/src/parser.rs:689:22
36: 0x6123547fdc5a - cssparser::parser::parse_nested_block::h522ad534c10f0ef6
at /root/.cargo/registry/src/rust-mirror.ptsecurity.ru-2eccfb167a967d66/cssparser-0.33.0/src/parser.rs:1139:32
37: 0x61235487fa41 - cssparser::parser::Parser::parse_nested_block::hf0715ab5df2771d6
at /root/.cargo/registry/src/rust-mirror.ptsecurity.ru-2eccfb167a967d66/cssparser-0.33.0/src/parser.rs:777:9
38: 0x6123548e337c - lightningcss::properties::custom::TokenList::parse_into::h093f16270bbcbd2d
at /light/src/properties/custom.rs:419:35
39: 0x6123549465cd - lightningcss::properties::custom::TokenList::parse_into::{{closure}}::hfa71cb122d89c7f1
at /light/src/properties/custom.rs:459:44
40: 0x612354839393 - cssparser::parser::Parser::parse_entirely::h04a76bac8f662e17
at /root/.cargo/registry/src/rust-mirror.ptsecurity.ru-2eccfb167a967d66/cssparser-0.33.0/src/parser.rs:689:22
41: 0x61235481d791 - cssparser::parser::parse_nested_block::hdea64249a2ffaab7
at /root/.cargo/registry/src/rust-mirror.ptsecurity.ru-2eccfb167a967d66/cssparser-0.33.0/src/parser.rs:1139:32
42: 0x61235487eba7 - cssparser::parser::Parser::parse_nested_block::hbc16429e4df60fe9
at /root/.cargo/registry/src/rust-mirror.ptsecurity.ru-2eccfb167a967d66/cssparser-0.33.0/src/parser.rs:777:9
43: 0x6123548e3d5c - lightningcss::properties::custom::TokenList::parse_into::h093f16270bbcbd2d
at /light/src/properties/custom.rs:459:17
44: 0x6123548e428d - lightningcss::properties::custom::TokenList::parse::h23bc1450e84bf887
at /light/src/properties/custom.rs:297:5
45: 0x6123549461dd - lightningcss::properties::custom::UnparsedProperty::parse::{{closure}}::h19602b995f902927
at /light/src/properties/custom.rs:156:7
46: 0x61235485b9bb - cssparser::parser::Parser::parse_entirely::h8b3b8e74736dc321
at /root/.cargo/registry/src/rust-mirror.ptsecurity.ru-2eccfb167a967d66/cssparser-0.33.0/src/parser.rs:689:22
47: 0x61235482937b - cssparser::parser::parse_until_before::h3162f17d6a99ea5b
at /root/.cargo/registry/src/rust-mirror.ptsecurity.ru-2eccfb167a967d66/cssparser-0.33.0/src/parser.rs:1059:35
48: 0x61235488061a - cssparser::parser::Parser::parse_until_before::h5713158318ca0c52
at /root/.cargo/registry/src/rust-mirror.ptsecurity.ru-2eccfb167a967d66/cssparser-0.33.0/src/parser.rs:797:9
49: 0x6123548e16fb - lightningcss::properties::custom::UnparsedProperty::parse::h955afedcaefbacc8
at /light/src/properties/custom.rs:155:23
50: 0x612354924ecd - lightningcss::properties::Property::parse::h4439d980ada6f5cc
at /light/src/properties/mod.rs:724:38
51: 0x6123548d96a9 - lightningcss::declaration::parse_declaration::{{closure}}::h1b88e7501a7d1518
at /light/src/declaration.rs:523:63
52: 0x61235486d398 - cssparser::parser::Parser::parse_entirely::hd06f2d2bb014b222
at /root/.cargo/registry/src/rust-mirror.ptsecurity.ru-2eccfb167a967d66/cssparser-0.33.0/src/parser.rs:689:22
53: 0x61235483550e - cssparser::parser::parse_until_before::hdb830c5ae60a7793
at /root/.cargo/registry/src/rust-mirror.ptsecurity.ru-2eccfb167a967d66/cssparser-0.33.0/src/parser.rs:1059:35
54: 0x612354880754 - cssparser::parser::Parser::parse_until_before::h6271b70282f5fa7e
at /root/.cargo/registry/src/rust-mirror.ptsecurity.ru-2eccfb167a967d66/cssparser-0.33.0/src/parser.rs:797:9
55: 0x6123547e922c - lightningcss::declaration::parse_declaration::hd70554c9fccc8760
at /light/src/declaration.rs:523:24
56: 0x6123547e8a9c - <lightningcss::declaration::PropertyDeclarationParser as cssparser::rules_and_declarations::DeclarationParser>::parse_value::h9972ed21f012a840
at /light/src/declaration.rs:475:5
57: 0x612354bb87ab - <cssparser::rules_and_declarations::RuleBodyParser<P,I,E> as core::iter::traits::iterator::Iterator>::next::{{closure}}::h7235893e2625213d
at /root/.cargo/registry/src/rust-mirror.ptsecurity.ru-2eccfb167a967d66/cssparser-0.33.0/src/rules_and_declarations.rs:283:40
58: 0x61235484c5c4 - cssparser::parser::Parser::parse_entirely::h4fbc78220bbf70fc
at /root/.cargo/registry/src/rust-mirror.ptsecurity.ru-2eccfb167a967d66/cssparser-0.33.0/src/parser.rs:689:22
59: 0x6123548376d2 - cssparser::parser::parse_until_before::hff6dbd4d342ec77d
at /root/.cargo/registry/src/rust-mirror.ptsecurity.ru-2eccfb167a967d66/cssparser-0.33.0/src/parser.rs:1059:35
60: 0x6123547eb4c5 - cssparser::parser::parse_until_after::h35e7113439755a36
at /root/.cargo/registry/src/rust-mirror.ptsecurity.ru-2eccfb167a967d66/cssparser-0.33.0/src/parser.rs:1092:18
61: 0x612354bb810e - <cssparser::rules_and_declarations::RuleBodyParser<P,I,E> as core::iter::traits::iterator::Iterator>::next::h2f43b6daebb18b50
at /root/.cargo/registry/src/rust-mirror.ptsecurity.ru-2eccfb167a967d66/cssparser-0.33.0/src/rules_and_declarations.rs:277:25
62: 0x6123547e8eee - lightningcss::declaration::DeclarationBlock::parse::hffd7d957eee539fe
at /light/src/declaration.rs:84:34
63: 0x6123547e8b64 - lightningcss::declaration::DeclarationBlock::parse_string::h63094faaf45a22e9
at /light/src/declaration.rs:107:18
64: 0x6123547a99e4 - test_fuzz::test_unreachable::ha0878348ecfdae09
at /light/tests/test_fuzz.rs:11:5
65: 0x6123547a9467 - test_fuzz::test_unreachable::{{closure}}::hdbcda3177131bf07
at /light/tests/test_fuzz.rs:8:26
66: 0x6123547a9506 - core::ops::function::FnOnce::call_once::h68e6e109750701a3
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/core/src/ops/function.rs:250:5
67: 0x6123547c86db - core::ops::function::FnOnce::call_once::hd415e2c0241ec512
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/core/src/ops/function.rs:250:5
68: 0x6123547c86db - test::__rust_begin_short_backtrace::h3fbd7aa74b863848
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/test/src/lib.rs:663:18
69: 0x6123547dbefa - test::run_test_in_process::{{closure}}::hed2e5153824c2f4f
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/test/src/lib.rs:686:74
70: 0x6123547dbefa - <core::panic::unwind_safe::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once::h9cd57916df927c5e
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/core/src/panic/unwind_safe.rs:274:9
71: 0x6123547dbefa - std::panicking::catch_unwind::do_call::h8651791832d317d2
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/std/src/panicking.rs:582:40
72: 0x6123547dbefa - std::panicking::catch_unwind::h116ff393961078d1
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/std/src/panicking.rs:545:19
73: 0x6123547dbefa - std::panic::catch_unwind::h6604d1e762f1a1a6
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/std/src/panic.rs:359:14
74: 0x6123547dbefa - test::run_test_in_process::h61baa62f85f5cdc3
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/test/src/lib.rs:686:27
75: 0x6123547dbefa - test::run_test::{{closure}}::h6c50c4eb3ad9de61
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/test/src/lib.rs:607:43
76: 0x6123547b63a4 - test::run_test::{{closure}}::h3701d0cf53b5dd9a
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/test/src/lib.rs:637:41
77: 0x6123547b63a4 - std::sys::backtrace::__rust_begin_short_backtrace::hdf0d362bcdaf5249
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/std/src/sys/backtrace.rs:158:18
78: 0x6123547b9bf4 - std::thread::Builder::spawn_unchecked_::{{closure}}::{{closure}}::h5093dd6c96e03396
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/std/src/thread/mod.rs:562:17
79: 0x6123547b9bf4 - <core::panic::unwind_safe::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once::hf916f7ad28930c4a
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/core/src/panic/unwind_safe.rs:274:9
80: 0x6123547b9bf4 - std::panicking::catch_unwind::do_call::hc446f34ce86d0397
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/std/src/panicking.rs:582:40
81: 0x6123547b9bf4 - std::panicking::catch_unwind::h2f468737c8a274ec
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/std/src/panicking.rs:545:19
82: 0x6123547b9bf4 - std::panic::catch_unwind::haf705fc84cc72f7a
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/std/src/panic.rs:359:14
83: 0x6123547b9bf4 - std::thread::Builder::spawn_unchecked_::{{closure}}::h22d6b91aec5f8c63
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/std/src/thread/mod.rs:560:30
84: 0x6123547b9bf4 - core::ops::function::FnOnce::call_once{{vtable.shim}}::h464785ff076429ab
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/core/src/ops/function.rs:250:5
85: 0x612354c66eaf - <alloc::boxed::Box<F,A> as core::ops::function::FnOnce<Args>>::call_once::hf6260a51d9be3faa
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/alloc/src/boxed.rs:2085:9
86: 0x612354c66eaf - std::sys::thread::unix::Thread::new::thread_start::h1aa8bb77897dc07a
at /rustc/e65b983161d52688ff8e05245ed5dc70ef01a904/library/std/src/sys/thread/unix.rs:124:17
87: 0x7859be138ac3 - <unknown>
88: 0x7859be1c9a04 - clone
89: 0x0 - <unknown>
test test_unreachable ... FAILED
failures:
failures:
test_unreachable
test result: FAILED. 0 passed; 1 failed; 0 ignored; 0 measured; 0 filtered out; finished in 1.06s
error: test failed, to rerun pass `--test test_fuzz`
See playground