fuzz(gnovm/pkg/gnolang): add fuzzers for ParseFile + ConvertUntypedBi…

…gDecToFloat

To harden the security of Gno, this change introduces fuzzers
that so far have already rediscovered a cockroadch/apd/v3 bug
per cockroachdb/apd#120 (comment)

Updates  #3087

gnovm/pkg/gnolang/fuzz_test.go

@@ -0,0 +1,88 @@
+package gnolang
+
+import (
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"testing"
+
+	"github.com/cockroachdb/apd/v3"
+)
+
+func FuzzConvertUntypedBigdecToFloat(f *testing.F) {
+	// 1. Firstly add seeds.
+	seeds := []string{
+		"-100000",
+		"100000",
+		"0",
+	}
+
+	check := new(apd.Decimal)
+	for _, seed := range seeds {
+		if check.UnmarshalText([]byte(seed)) == nil {
+			f.Add(seed)
+		}
+	}
+
+	f.Fuzz(func(t *testing.T, apdStr string) {
+		switch {
+		case strings.HasPrefix(apdStr, ".-"):
+			return
+		}
+
+		v := new(apd.Decimal)
+		if err := v.UnmarshalText([]byte(apdStr)); err != nil {
+			return
+		}
+		if _, err := v.Float64(); err != nil {
+			return
+		}
+
+		bd := BigdecValue{
+			V: v,
+		}
+		dst := new(TypedValue)
+		typ := Float64Type
+		ConvertUntypedBigdecTo(dst, bd, typ)
+	})
+}
+
+func FuzzParseFile(f *testing.F) {
+	// 1. Add the corpra.
+	parseFileDir := filepath.Join("testdata", "corpra", "parsefile")
+	paths, err := filepath.Glob(filepath.Join(parseFileDir, "*.go"))
+	if err != nil {
+		f.Fatal(err)
+	}
+
+	// Also load in files from gno/gnovm/tests/files
+	_, curFile, _, _ := runtime.Caller(0)
+	curFileDir := filepath.Dir(curFile)
+	gnovmTestFilesDir, err := filepath.Abs(filepath.Join(curFileDir, "..", "..", "tests", "files"))
+	if err != nil {
+		f.Fatal(err)
+	}
+	globGnoTestFiles := filepath.Join(gnovmTestFilesDir, "*.gno")
+	gnoTestFiles, err := filepath.Glob(globGnoTestFiles)
+	if err != nil {
+		f.Fatal(err)
+	}
+	if len(gnoTestFiles) == 0 {
+		f.Fatalf("no files found from globbing %q", globGnoTestFiles)
+	}
+	paths = append(paths, gnoTestFiles...)
+
+	for _, path := range paths {
+		blob, err := os.ReadFile(path)
+		if err != nil {
+			f.Fatal(err)
+		}
+		f.Add(string(blob))
+	}
+
+	// 2. Now run the fuzzer.
+	f.Fuzz(func(t *testing.T, goFileContents string) {
+		_, _ = ParseFile("a.go", goFileContents)
+	})
+}

gnovm/pkg/gnolang/testdata/corpra/parsefile/a.go

@@ -0,0 +1,9 @@
+package main
+
+import
+    _ "math/big"
+)
+
+func main() {
+    println("Foo")
+}

gnovm/pkg/gnolang/testdata/corpra/parsefile/b.go

@@ -0,0 +1,16 @@
+package main
+
+import "crypto/rand"
+
+func init() {
+}
+
+func init() {
+}
+
+func init() {
+}
+
+func it() {
+	_ = rand.Read
+}

gnovm/pkg/gnolang/testdata/corpra/parsefile/bug_3013.go

@@ -0,0 +1,22 @@
+package main
+
+import "testing"
+
+func TestDummy(t *testing.T) {
+    testTable := []struct {
+       name string
+    }{
+       {
+          "one",
+       },
+       {
+          "two",
+       },
+    }
+
+    for _, testCase := range testTable {
+       testCase := testCase
+
+       println(testCase.name)
+    }
+}

gnovm/pkg/gnolang/testdata/corpra/parsefile/bug_3014_redefine.go

@@ -0,0 +1,10 @@
+package main
+
+var ss = []int{1, 2, 3}
+
+func main() {
+	for _, s := range ss {
+		s := s
+		println(s)
+	}
+}

gnovm/pkg/gnolang/testdata/corpra/parsefile/bug_3014_redefine2.go

@@ -0,0 +1,21 @@
+package main
+
+var testTable = []struct {
+	name string
+}{
+	{
+		"one",
+	},
+	{
+		"two",
+	},
+}
+
+func main() {
+
+	for _, testCase := range testTable {
+		testCase := testCase
+
+		println(testCase.name)
+	}
+}

gnovm/pkg/gnolang/testdata/corpra/parsefile/bug_3014_redefine3.go

@@ -0,0 +1,8 @@
+package main
+
+func main() {
+	for i := 0; i < 3; i++ {
+		i := i
+		println(i)
+	}
+}

gnovm/pkg/gnolang/testdata/corpra/parsefile/bug_3014_redefine4.go

@@ -0,0 +1,11 @@
+package main
+
+func main() {
+	a := 1
+	b := 3
+	println(a, b) // prints 1 3
+
+	// Re-declaration of 'a' is allowed because 'c' is a new variable
+	a, c := 2, 5
+	println(a, c) // prints 2 5
+}

gnovm/pkg/gnolang/testdata/corpra/parsefile/bug_3014_redefine5.go

@@ -0,0 +1,13 @@
+package main
+
+func main() {
+	a := 1
+	println(a) // prints 1
+
+	if true {
+		a := 2     // valid: new scope inside the if statement
+		println(a) // prints 2
+	}
+
+	println(a) // prints 1: outer variable is unchanged
+}

gnovm/pkg/gnolang/testdata/corpra/parsefile/bug_3014_redefine6.go

@@ -0,0 +1,6 @@
+package main
+
+func main() {
+	a, b := 1, 2
+	a, b := 3, 4
+}

gnovm/pkg/gnolang/testdata/fuzz/FuzzConvertUntypedBigdecToFloat/4be24841138e3224

@@ -0,0 +1,2 @@
+go test fuzz v1
+string(".-700000000000000000000000000000000000000")

gnovm/pkg/gnolang/testdata/fuzz/FuzzConvertUntypedBigdecToFloat/94196a9456e79dac

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")