fix(vm): Fuzzer executed, solving some stackoverflows and other errors.

Author: dylan-sutton-chavez

compiler/src/modules/parser/types.rs

@@ -402,9 +402,9 @@ pub(super) fn parse_string(s: &str) -> String {
     let is_raw = has_raw_prefix(s);
     let s = s.trim_start_matches(|c: char| "bBrRuU".contains(c));
     let inner = if s.starts_with("\"\"\"") || s.starts_with("'''") {
-        &s[3..s.len() - 3]
+        s.get(3..s.len().saturating_sub(3)).unwrap_or("")
     } else {
-        &s[1..s.len() - 1]
+        s.get(1..s.len().saturating_sub(1)).unwrap_or("")
     };
     if is_raw { inner.to_string() } else { unescape(inner) }
 }
@@ -419,12 +419,12 @@ pub(super) fn parse_bytes_literal(s: &str) -> alloc::vec::Vec<u8> {
         i += 1;
     }
     // Strip triple or single quotes.
-    let body = if bytes.len() >= i + 6
+    let body: &[u8] = if bytes.len() >= i + 6
         && (bytes[i..i + 3] == *b"\"\"\"" || bytes[i..i + 3] == *b"'''")
     {
         &bytes[i + 3..bytes.len() - 3]
     } else {
-        &bytes[i + 1..bytes.len() - 1]
+        bytes.get(i + 1..bytes.len().saturating_sub(1)).unwrap_or(&[])
     };
     if is_raw { return body.to_vec(); }
 

compiler/src/modules/vm/builtins/sequence.rs

@@ -68,7 +68,11 @@ impl<'a> VM<'a> {
             HeapObj::Tuple(v) => v.len() as i64,
             HeapObj::Dict(v) => v.borrow().len() as i64,
             HeapObj::Set(v) => v.borrow().len() as i64,
-            HeapObj::Range(s,e,st) => { let st=*st; ((e-s+st-st.signum())/st).max(0) }
+            HeapObj::Range(s,e,st) => {
+                let (s, e, st) = (*s as i128, *e as i128, *st as i128);
+                if st == 0 { return Err(cold_value("range() step cannot be zero")); }
+                (((e - s + st - st.signum()) / st).max(0)) as i64
+            }
             _ => return Err(cold_type("object has no len()")),
         }} else { return Err(cold_type("object has no len()")); };
         self.push(Val::int(n)); Ok(())
@@ -237,8 +241,17 @@ impl<'a> VM<'a> {
             HeapObj::Range(s, e, st) if include_range => {
                 let (mut cur, end, step) = (*s, *e, *st);
                 let mut out = Vec::new();
-                if step > 0 { while cur < end { out.push(Val::int(cur)); cur += step; } }
-                else { while cur > end { out.push(Val::int(cur)); cur += step; } }
+                if step > 0 {
+                    while cur < end {
+                        out.push(Val::int(cur));
+                        match cur.checked_add(step) { Some(n) => cur = n, None => break }
+                    }
+                } else {
+                    while cur > end {
+                        out.push(Val::int(cur));
+                        match cur.checked_add(step) { Some(n) => cur = n, None => break }
+                    }
+                }
                 Some(out)
             }
             HeapObj::Dict(d) => Some(d.borrow().keys().collect()),

compiler/src/modules/vm/handlers/builtin_methods/list.rs

@@ -60,7 +60,7 @@ pub fn insert(vm: &mut VM, recv: Val, pos: &[Val]) -> Result<(), VmErr> {
     list_mut(vm, recv, "insert: receiver is not a list", |list| {
         let i = pos[0].as_int();
         let ui = if i < 0 {
-            (list.len() as i64 + i).max(0) as usize
+            (list.len() as i64).saturating_add(i).max(0) as usize
         } else {
             (i as usize).min(list.len())
         };
@@ -87,7 +87,11 @@ pub fn pop(vm: &mut VM, recv: Val, pos: &[Val]) -> Result<(), VmErr> {
         if pos.is_empty() { return Ok(list.pop().unwrap()); }
         if !pos[0].is_int() { return Err(cold_type("list indices must be integers")); }
         let i = pos[0].as_int();
-        let ui = if i < 0 { (list.len() as i64 + i) as usize } else { i as usize };
+        let ui = if i < 0 {
+            let adj = (list.len() as i64).saturating_add(i);
+            if adj < 0 { return Err(cold_value("pop index out of range")); }
+            adj as usize
+        } else { i as usize };
         if ui >= list.len() { return Err(cold_value("pop index out of range")); }
         Ok(list.remove(ui))
     })?;

compiler/src/modules/vm/handlers/builtin_methods/string.rs

@@ -235,7 +235,7 @@ pub fn rpartition(vm: &mut VM, recv: Val, pos: &[Val]) -> Result<(), VmErr> {
 pub fn center(vm: &mut VM, recv: Val, pos: &[Val]) -> Result<(), VmErr> {
     let s = recv_str(vm, recv)?;
     if !pos[0].is_int() { return Err(cold_type("center() width must be an integer")); }
-    let width = pos[0].as_int() as usize;
+    let width = pos[0].as_int().max(0) as usize;
     let fill = if pos.len() > 1 {
         val_to_str(vm, pos[1])?.chars().next().unwrap_or(' ')
     } else { ' ' };
@@ -251,7 +251,7 @@ pub fn center(vm: &mut VM, recv: Val, pos: &[Val]) -> Result<(), VmErr> {
 pub fn zfill(vm: &mut VM, recv: Val, pos: &[Val]) -> Result<(), VmErr> {
     if !pos[0].is_int() { return Err(cold_type("zfill() requires an integer argument")); }
     let s = recv_str(vm, recv)?;
-    let width = pos[0].as_int() as usize;
+    let width = pos[0].as_int().max(0) as usize;
     let nchars = s.chars().count();
     let out = if nchars >= width {
         s

compiler/src/modules/vm/ops.rs

@@ -389,18 +389,21 @@ impl<'a> VM<'a> {
         let n = count.max(0) as usize;
         match self.heap.get(seq_val) {
             HeapObj::Str(s) => {
+                s.len().checked_mul(n).ok_or(cold_overflow())?;
                 let r = s.repeat(n);
                 return self.heap.alloc(HeapObj::Str(r));
             }
             HeapObj::List(rc) => {
                 let src = rc.borrow().clone();
-                let mut out = Vec::with_capacity(src.len() * n);
+                let cap = src.len().checked_mul(n).ok_or(cold_overflow())?;
+                let mut out = Vec::with_capacity(cap);
                 for _ in 0..n { out.extend_from_slice(&src); }
                 return self.heap.alloc(HeapObj::List(Rc::new(RefCell::new(out))));
             }
             HeapObj::Tuple(v) => {
                 let src = v.clone();
-                let mut out = Vec::with_capacity(src.len() * n);
+                let cap = src.len().checked_mul(n).ok_or(cold_overflow())?;
+                let mut out = Vec::with_capacity(cap);
                 for _ in 0..n { out.extend_from_slice(&src); }
                 return self.heap.alloc(HeapObj::Tuple(out));
             }

compiler/tests/cases/vm.json

@@ -1780,5 +1780,7 @@
   {"src": "print(sorted([3, 1, 2], reverse=True))", "output": ["[3, 2, 1]"]},
   {"src": "print(sorted([3, 1, 2], key=lambda x: -x, reverse=False))", "output": ["[3, 2, 1]"]},
   {"src": "lst = [3, 1, 2]; lst.sort(reverse=True); print(lst)", "output": ["[3, 2, 1]"]},
-  {"src": "lst = [3, 1, 2]; lst.sort(key=lambda x: -x); print(lst)", "output": ["[3, 2, 1]"]}
+  {"src": "lst = [3, 1, 2]; lst.sort(key=lambda x: -x); print(lst)", "output": ["[3, 2, 1]"]},
+  {"src": "print('x'.center(-1000000000))", "output": ["x"]},
+  {"src": "print('5'.zfill(-1000000000))", "output": ["5"]}
 ]