Fix decode_instructions panics on malformed inputs#205
Closed
Copilot wants to merge 19 commits into
Closed
Conversation
Property tests verify that decode_idl_data and parse_instruction_with_idl never panic regardless of IDL shape or instruction byte content, and that valid borsh-encoded bytes always round-trip through the parser cleanly. - fuzz_idl_parsing.rs: crash-safety tests covering random IDLs, valid discriminator prefixes with random arg bytes, defined struct types, nested Vec/Option containers, and SizeGuard boundary conditions - pipeline_integration.rs: end-to-end tests through parse_transaction covering discriminator dispatch, field count invariants, named accounts, and multi-program transactions Depends on solana_parser::arb (solana-parser-add-arbitrary branch) which provides prop_recursive-based strategies for IdlType and correlated borsh byte generators for roundtrip assertions. Adds src/.cargo/config.toml (gitignored) as local dev override to redirect solana_parser git dep to local checkout without committing a [patch] block. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Two libFuzzer targets covering the full visualsign-solana stack: - fuzz_transaction_string: arbitrary bytes into transaction_string_to_visual_sign - fuzz_versioned_transaction: arbitrary bytes deserialized as VersionedTransaction then passed to versioned_transaction_to_visual_sign Run with: cargo +nightly fuzz run <target> (from src/chain_parsers/visualsign-solana/fuzz/) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- proptest label: runs cargo test -p visualsign-solana - fuzz label: installs nightly + cargo-fuzz, runs each fuzz target for 30s - ubuntu job: restricted to main push/PR to avoid triggering on label events Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Runs cargo fmt to fix formatting in test files. Removes clippy steps from proptest and fuzz jobs — already enforced by the ubuntu job. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
On crash, extracts the libFuzzer summary (everything after the ─── line) and posts it as a PR comment via gh. No artifacts or separate jobs needed. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Move proptest and fuzz jobs out of main.yml into dedicated workflow files (proptest.yml, fuzz.yml) so they appear as distinct named checks. Add pull-requests: write permission to fuzz job to allow posting crash comments via gh pr comment. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Shared composite action posts crash/failure output as a PR comment and tags @copilot to fix the issue. Fuzz and proptest workflows use it via extract steps that write output to GITHUB_OUTPUT. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
6 tasks
Co-authored-by: shahan-khatchadourian-anchorage <263420032+shahan-khatchadourian-anchorage@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Add cargo fuzz targets for visualsign-solana
Fix decode_instructions panics on malformed inputs
Mar 15, 2026
shahan-khatchadourian-anchorage
force-pushed
the
shahankhatch/add-fuzz-targets
branch
3 times, most recently
from
47efa1b to
0b545b9
Compare
Contributor
|
Closing since this was just a small experiment. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fuzz targets were crashing (exit code 77) because
decode_instructionshad four panic sites reachable with malformed transaction data.Root causes
account_keys[ci.program_id_index as usize]— unbounded index into account keys arrayaccount_keys[i as usize]— same for per-instruction account indicesaccount_keys[0]— panics on empty account keyspanic!("No visualizer available...")— explicit panic when no visualizer matchesChanges
src/core/instructions.rs: Replacemap()+ bare indexing withfilter_map()that skips instructions whoseprogram_id_indexor account indices are out of bounds — mirrors the already-safedecode_v0_instructionspath. Use.first()with a default-pubkey fallback for the sender key. Replace the explicitpanic!withok_or_else(|| VisualSignError::ParseError(...)).📱 Kick off Copilot coding agent tasks wherever you are with GitHub Mobile, available on iOS and Android.