skx · skx · Dec 29, 2022 · Dec 28, 2022 · Dec 28, 2022 · Dec 28, 2022
diff --git a/builtins/builtins.go b/builtins/builtins.go
@@ -241,6 +241,9 @@ func baseFn(env *env.Environment, args []primitive.Primitive) primitive.Primitiv
 		return primitive.Error("argument not a number")
 	}
 
+	if int(base) < 2 || int(base) > 36 {
+		return primitive.Error("invalid base - must be >=2 and <=36")
+	}
 	return primitive.String(strconv.FormatInt(int64(n), int(base)))
 }
 
@@ -1498,6 +1501,10 @@ func randomFn(env *env.Environment, args []primitive.Primitive) primitive.Primit
 		return primitive.Error("argument not a number")
 	}
 
+	if int(num) <= 0 {
+		return primitive.Error("argument must be greater than zero")
+	}
+
 	return primitive.Number(rand.Intn(int(num)))
 
 }

diff --git a/builtins/builtins_test.go b/builtins/builtins_test.go
@@ -90,14 +90,33 @@ func TestBase(t *testing.T) {
 		primitive.Number(2),
 	})
 
-	// Will lead to an error
+	// Will lead to a string
 	r, ok2 := result.(primitive.String)
 	if !ok2 {
 		t.Fatalf("expected string, got %v", result)
 	}
 	if !strings.Contains(string(r), "11111111") {
 		t.Fatalf("got string, but wrong one %v", r)
 	}
+
+	// However bases must be 2-36 inclusive, so outside that range we
+	// expect errors
+	for _, bs := range []int{0, 1, 40, 100, 200} {
+
+		res := baseFn(ENV, []primitive.Primitive{
+			primitive.Number(255),
+			primitive.Number(bs),
+		})
+
+		// Will lead to an error
+		r, ok3 := res.(primitive.Error)
+		if !ok3 {
+			t.Fatalf("expected error, got %v", res)
+		}
+		if !strings.Contains(string(r), "invalid base") {
+			t.Fatalf("got error, but wrong one %v", r)
+		}
+	}
 }
 
 // Test (car
@@ -3065,6 +3084,19 @@ func TestRandom(t *testing.T) {
 	if !ok2 {
 		t.Fatalf("expected string, got %v", out)
 	}
+
+	// Calling with a number less than zero returns an error
+	out = randomFn(ENV, []primitive.Primitive{
+		primitive.Number(-3),
+	})
+
+	e, ok = out.(primitive.Error)
+	if !ok {
+		t.Fatalf("expected error, got %v", out)
+	}
+	if !strings.Contains(string(e), "greater than zero") {
+		t.Fatalf("got error, but wrong one %v", out)
+	}
 }
 
 // TestSet tests set

diff --git a/fuzz_test.go b/fuzz_test.go
@@ -6,6 +6,7 @@ package main
 import (
 	"context"
 	"os"
+	"path"
 	"strings"
 	"testing"
 	"time"
@@ -109,34 +110,63 @@ func FuzzYAL(f *testing.F) {
 	f.Add([]byte(`define blah (lambda (a:any) (print "I received the arg %s" a)))`))
 	f.Add([]byte(`define blah (lambda (a) (print "I received the arg %s" a)))`))
 
+	// Find each of our examples, as these are valid code samples
+	files, err := os.ReadDir("examples")
+	if err != nil {
+		f.Fatalf("failed to read examples/ directory %s", err)
+	}
+
+	// Load each example as a fuzz-source
+	for _, file := range files {
+		path := path.Join("examples", file.Name())
+
+		data, err := os.ReadFile(path)
+		if err != nil {
+			f.Fatalf("Failed to load %s %s", path, err)
+		}
+		f.Add(data)
+	}
+
 	// Known errors are listed here.
 	//
 	// The purpose of fuzzing is to find panics, or unexpected errors.
-	//
-	// Some programs are obviously invalid though, so we don't want to
+	// Some programs are obviously invalid though, and we don't want to
 	// report those known-bad things.
+	//
 	known := []string{
 		"arityerror",
-		"deadline exceeded", // context timeout
+		"catch list should begin with 'catch'", // try/catch
+		"deadline exceeded",                    // context timeout
 		"division by zero",
 		"error expanding argument",
 		"expected a function body",
 		"expected a list",
 		"expected a symbol",
+		"failed to compile regexp",
+		"failed to open", // file:lines
 		"invalid character literal",
 		"is not a symbol",
+		"list should have three elements", // try
+		"must be greater than zero",       // random
 		"must have even length",
 		"not a character",
 		"not a function",
 		"not a hash",
 		"not a list",
 		"not a number",
+		"not a procedure",
 		"not a string",
+		"out of bounds", // nth
 		"recursion limit",
+		"syntax error in pattern", // glob
+		"tried to set a non-symbol",
 		"typeerror - ",
 		"unexpected type",
 	}
 
+	// Read the standard library only once.
+	std := string(stdlib.Contents()) + "\n"
+
 	f.Fuzz(func(t *testing.T, input []byte) {
 
 		// Timeout after a second
@@ -149,13 +179,10 @@ func FuzzYAL(f *testing.F) {
 		// Populate the default primitives
 		builtins.PopulateEnvironment(environment)
 
-		// Read the standard library
-		pre := stdlib.Contents()
-
-		// Prepend that to the users' script
-		src := string(pre) + "\n" + string(input)
+		// Prepend the standard-library to the users' script
+		src := std + string(input)
 
-		// Create a new interpreter with that source
+		// Create a new interpreter with the combined source
 		interpreter := eval.New(src)
 
 		// Ensure we timeout after 1 second
@@ -164,23 +191,17 @@ func FuzzYAL(f *testing.F) {
 		// Now evaluate the input using the specified environment
 		out := interpreter.Evaluate(environment)
 
-		found := false
-
 		switch out.(type) {
 		case *primitive.Error, primitive.Error:
 			str := strings.ToLower(out.ToString())
 
 			// does it look familiar?
 			for _, v := range known {
 				if strings.Contains(str, v) {
-					found = true
+					return
 				}
 			}
-
-			// raise an error
-			if !found {
-				t.Fatalf("error parsing %s:%v", input, out)
-			}
+			t.Fatalf("error processing input %s:%v", input, out)
 		}
 	})
 }
diff --git a/testdata/fuzz/FuzzYAL/0c1ea457a663e40d7bd7021530aaa9513de3d566fd84eaad459d301e665bcfe3 b/testdata/fuzz/FuzzYAL/0c1ea457a663e40d7bd7021530aaa9513de3d566fd84eaad459d301e665bcfe3
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("(try()())")
diff --git a/testdata/fuzz/FuzzYAL/1f275fbf2e99d36b284935b2acd9a765d1137cde98bef34f7b51f56660f83336 b/testdata/fuzz/FuzzYAL/1f275fbf2e99d36b284935b2acd9a765d1137cde98bef34f7b51f56660f83336
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("(set!()00)")
diff --git a/testdata/fuzz/FuzzYAL/221ce1617db9fd6c81f68ffdc3c172e4dea165425f38bd30fc98d725c1fcdef0 b/testdata/fuzz/FuzzYAL/221ce1617db9fd6c81f68ffdc3c172e4dea165425f38bd30fc98d725c1fcdef0
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("(nth()00)")
diff --git a/testdata/fuzz/FuzzYAL/4c6659a7807818db64de15c9088ab3a5a320867dd7beabd41b8f5738bee445c1 b/testdata/fuzz/FuzzYAL/4c6659a7807818db64de15c9088ab3a5a320867dd7beabd41b8f5738bee445c1
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("(help 00)")
diff --git a/testdata/fuzz/FuzzYAL/51575636bc9018026cce0a386e5775320e8e8f2f057187737fa18b2982a8e3de b/testdata/fuzz/FuzzYAL/51575636bc9018026cce0a386e5775320e8e8f2f057187737fa18b2982a8e3de
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("(random 0)")
diff --git a/testdata/fuzz/FuzzYAL/8de40f105cd00b80cc29f2554c638a1785a6f0bf7e8a4fb4622a10db921b5f3b b/testdata/fuzz/FuzzYAL/8de40f105cd00b80cc29f2554c638a1785a6f0bf7e8a4fb4622a10db921b5f3b
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("(file:lines\"\")")
diff --git a/testdata/fuzz/FuzzYAL/9b07682a4c420c49db528e61935171684e0ce290d2887ce24c84f7ef23595a92 b/testdata/fuzz/FuzzYAL/9b07682a4c420c49db528e61935171684e0ce290d2887ce24c84f7ef23595a92
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("(try()(0 0()))")
diff --git a/testdata/fuzz/FuzzYAL/cd76aa0d78c148be2fe20ab759b50f2f80e56a13e097a00d8999704c38f1a616 b/testdata/fuzz/FuzzYAL/cd76aa0d78c148be2fe20ab759b50f2f80e56a13e097a00d8999704c38f1a616
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("(match\"(\"0)")
diff --git a/testdata/fuzz/FuzzYAL/dc4447badede601c48f2ef075c2953c7b426177a81b1e15304aa3277e8bcc915 b/testdata/fuzz/FuzzYAL/dc4447badede601c48f2ef075c2953c7b426177a81b1e15304aa3277e8bcc915
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("(glob\"\\\"\")")