Fix various fuzzer-caught crashes in the parser #2038
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…introduce new fuzz test case
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR fixes several parser bugs discovered through fuzz testing, primarily related to edge cases in JSDoc comment parsing and improved await using declaration handling.
- Adds bounds checking to prevent panics when parsing malformed or truncated input
- Improves
@overloadand@satisfiesJSDoc tag support for getter/setter accessors and shorthand properties - Fixes index tracking in list parsing to correctly handle reparsed elements
- Enhances fuzz testing coverage by seeding with compiler test cases
Reviewed Changes
Copilot reviewed 16 out of 16 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| internal/parser/utilities.go | Adds bounds checking to prevent out-of-bounds access when filtering JSDoc comment ranges for short comments |
| internal/parser/reparser.go | Adds support for @overload tags on getter/setter accessors, fixes @type tag handling for expressions that may be nil, and properly handles @satisfies tags on shorthand property assignments |
| internal/parser/parser.go | Improves await using declaration detection, adds bounds check to skipTo function, and fixes list element index tracking to account for reparsed items |
| internal/parser/jsdoc.go | Prevents crash when parsing @typedef tags with no property tags by using fallback position |
| internal/ast/parseoptions.go | Exports JSX and Force fields to make them accessible from test package |
| internal/parser/parser_test.go | Converts to external test package, adds comprehensive fuzz test seeding from compiler test cases, and adds helper to parse multi-file test units |
| internal/parser/testdata/fuzz/FuzzParser/* | Adds fuzz test corpus entries that triggered the fixed bugs |
| typeExpression = childTypeTag.TypeExpression | ||
| } else { | ||
| typeExpression = p.finishNode(jsdocTypeLiteral, jsdocPropertyTags[0].Pos()) | ||
| // !!! This differs from Strada but prevents a crash |
There was a problem hiding this comment.
The comment "This differs from Strada" is unclear. "Strada" is not a term defined in this codebase. This should reference the TypeScript source or be more descriptive about why this differs from the reference implementation.
Suggested change
| // !!! This differs from Strada but prevents a crash | |
| // Note: This diverges from the TypeScript reference implementation (see src/compiler/parser.ts, parseTypedefTag). | |
| // In TypeScript, the typeExpression is not always replaced with a JSDocTypeLiteral here, but in this Go port, | |
| // we assign typeExpression to a new JSDocTypeLiteral to prevent a potential crash when jsdocPropertyTags are present. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.