cue/parser: added fuzzing code and fix one issue

The generated corpus is not included.

Change-Id: I59afb5c4a28b41e3249ad2b4156a4bd2f1b67543
Reviewed-on: https://cue-review.googlesource.com/c/cue/+/2622
Reviewed-by: Marcel van Lohuizen <[email protected]>

Author: mpvl

cue/parser/corpus/+commas.cue

@@ -0,0 +1,18 @@
+package foo
+
+import "path/to/pkg"
+import name "path/to/pkg"
+import . "path/to/pkg"
+import      /* ERROR "expected 'STRING', found newline" */
+import err  /* ERROR "expected 'STRING', found newline" */
+
+foo: [
+	0 // legal JSON
+]
+
+bar: [
+	0,
+	1,
+	2,
+	3
+]

cue/parser/corpus/+comp.cue

@@ -0,0 +1,3 @@
+"\(x)": y for x, y in {a: 1, b: 2}
+
+z: [ x for x in [1, 2, 3] ]

cue/parser/corpus/+data.cue

@@ -0,0 +1,3 @@
+package hello
+
+who: "World"

cue/parser/corpus/+hello.cue

@@ -0,0 +1,14 @@
+package hello
+
+command echo: {
+    task echo: {
+        kind:   "exec"
+        cmd:    "echo \(message)"
+        stdout: string
+    }
+
+    task display: {
+        kind: "print"
+        text: task.echo.stdout
+    }
+}

cue/parser/corpus/+import.cue

@@ -0,0 +1,12 @@
+package foo
+
+import (
+	"time.com/now"
+)
+
+
+foo: {
+	bar: 3.4
+}
+
+a b c: [1, 2Gi, 3M]

cue/parser/corpus/+test.cue

@@ -0,0 +1,4 @@
+import "math"
+
+foo: 1
+bar: "baz"

cue/parser/error_test.go

@@ -182,3 +182,17 @@ func TestErrors(t *testing.T) {
 		}
 	}
 }
+
+func TestFuzz(t *testing.T) {
+	testCases := []string{
+		"(({\"\\(0)\"(",
+		"{{\"\\(0\xbf\"(",
+		"a:y for x n{b:\"\"(\"\\(" +
+			"\"\"\\\"(",
+	}
+	for _, tc := range testCases {
+		t.Run("", func(t *testing.T) {
+			_, _ = ParseFile("go-fuzz", []byte(tc))
+		})
+	}
+}

cue/parser/fuzz.go

@@ -0,0 +1,25 @@
+// Copyright 2019 CUE Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +build gofuzz
+
+package parser
+
+func Fuzz(b []byte) int {
+	_, err := ParseFile("go-fuzz", b)
+	if err != nil {
+		return 0
+	}
+	return 1
+}

cue/parser/parser.go

@@ -147,7 +147,10 @@ func (p *parser) closeList() {
 	switch c.isList--; {
 	case c.isList < 0:
 		if !p.panicking {
-			panic("unmatched close list")
+			err := errors.Newf(p.pos, "unmatched close list")
+			p.errors = errors.Append(p.errors, err)
+			p.panicking = true
+			panic(err)
 		}
 	case c.isList == 0:
 		parent := c.parent
@@ -160,7 +163,10 @@ func (p *parser) closeList() {
 func (c *commentState) closeNode(p *parser, n ast.Node) ast.Node {
 	if p.comments != c {
 		if !p.panicking {
-			panic("unmatched comments")
+			err := errors.Newf(p.pos, "unmatched comments")
+			p.errors = errors.Append(p.errors, err)
+			p.panicking = true
+			panic(err)
 		}
 		return n
 	}