bitcoinfuzz icon indicating copy to clipboard operation
bitcoinfuzz copied to clipboard
verified publisher icon brunoerg

miniscript_parse: crash due to `0,and_v`

Open brunoerg opened this issue 9 months ago • 5 comments

The following miniscript is successfully parsed by Bitcoin Core and it's part of its fuzz corpora. Embit returns false, and the error returned is: Unknown operator '0,and_v'.

and_v(v:and_v(v:0,and_v(v:and_v(v:older(403445760),and_v(v:and_v(v:older(403445760),and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:0,0),and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:older(403445760),and_v(v:and_v(v:older(403445760),and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:0,0),0),sha256(6aa0b7befb0f2aca0c4e25ef4dcf0fafba1891017e5b105608979ccd07e53c4b))),0),and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,0),and_v(v:and_v(v:older(403445760),and_v(v:and_v(v:older(403445760),and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,0),and_v(v:and_v(v:older(403445760),and_v(v:and_v(v:older(403445760),and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:0,0),0),sha256(6aa0b7befb0f2aca0c4e25ef4dcf0fafba1891017e5b105608979ccd07e53c4b))),0),and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,0),and_v(v:and_v(v:older(403445760),and_v(v:and_v(v:older(403445760),and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,0),and_v(v:and_v(v:older(403445760),and_v(v:and_v(v:older(403445760),and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:0,0),0),sha256(6aa0b7befb0f2aca0c4e25ef4dcf0fafba1891017e5b105608979ccd07e53c4b))),0),and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,0),and_v(v:and_v(v:older(403445760),and_v(v:and_v(v:older(403445760),and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,0),and_v(v:and_v(v:older(403445760),and_v(v:and_v(v:older(403445760),and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:0,0),0),sha256(6aa0b7befb0f2aca0c4e25ef4dcf0fafba1891017e5b105608979ccd07e53c4b))),0),and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,0),0),0),0)),0),0),0)),0),0),0)),0),0),0),0),0)),0),0),0))),0),and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:0,and_v(v:0,and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:and_v(v:0,0),0),0),0),0),0))),0),0),0)),0),0),0)),0),0),0),0)),0),0),0)),0),0),0))),0),0),0)),0),0),0)),0),0),0),0),0)),0),0),0)),0),0),0))),0),0),0)),0),0),0))),0),0),0)),0),0),0))),0),0),0)),0),0),0),0)),0),0),0)),0),0),0))),0),0),0)),0),0),0)),0),0),0),0),0)),0),0),0)),0),0),0))),0),0),0)),0),0),0))),0),0),0)),0),0),0)),0),0),0),0)),0),0),0)),0),0),0))),0),0),0)),0),0),0)),0),0),0),0),0)),0),0),0)),0),0),0))),0),0),0)),0),0),0)),0),0),0),0),0)),0),0),0))),0),0),0)),0)),0),0),0))),0),0),0)),0),0),0)),0),0),0),0),0)),0),0),0))),0),0),0)),0),0),0))),0),0),0)),0),0),0)),0),0),0),0),0)),0),0),0)),0),0),0))),0)),0)),0),0)),0),0),0),0)),0),0),0)),0),0),0))),0),0),0)),0),0),0)),0),0),0),0),0)),0),0)),0)),0)),0),0)),0),0),0),0)),0),0),0)),0),0),0))),0),0),0)),0)),0),0),0),0)),0),0),0)),0),0),0))),0),0),0)),0),0),0)),0),0),0),0),0)),0),0),0)),0),0),0),0),0)),0),0),0))),0),0),0)),0),0),0)),0),0),0),0)),0),0),0)),0),0),0))),0),0),0)),0),0),0))),0),0),0))),0),0),0)),0),0),0)),0),0),0),0),0)),0),0),0)),0),0),0))),0),0),0)),0),0),0),0),0),0),0),0)),0),0),0))),0),0),0)),0),0),0))),0),0),0)),0),0),0)),0),0),0),0),0)),0),0),0)),0),0),0))),0)),0)),0),0)),0),0),0),0)),0),0),0)),0),0),0))),0),0),0)),0),0),0)),0),0),0),0),0)),0),0)),0)),0)),0),0)),0),0),0),0)),0),0),0)),0),0),0))),0),0),0)),0)),0),0),0),0)),0),0),0),0),0),0),0))),0)),0)),0),0)),0),0),0),0)),0),0),0)),0),0),0))),0),0),0)),0),0),0)),0),0),0),0),0)),0),0)),0)),0)),0),0)),0),0),0)),0),0)),0),0),0)),0),0),0))),0)),0)),0),0)),0),0),0))),0),0),0)),0),0),0)),0),0),0),0),0)),0),0),0)),0)),0),0)),0)),0)),0)

brunoerg avatar Mar 26 '25 17:03 brunoerg

We cannot reproduce on rust-miniscript to compare since recursive depth over 402 is not permitted.

brunoerg avatar Mar 26 '25 17:03 brunoerg

We are slowly chipping away at removing that limit. Give us several more months :).

apoelstra avatar Mar 26 '25 17:03 apoelstra

It seems Embit won't accept numbers, or False/True as arguments for and_v operator

class AndV(Miniscript):
    # [X] [Y]
    NAME = "and_v"
    NARGS = 2
    ARGCLS = Miniscript

ARGCLS = Miniscript means when parsing, it will read until find first parenthesis, so in something like this "wsh(and_v(v:0,and_v(v:0,0)))", it will consider 0,and_v as operator, thus fail to find it.

odudex avatar Mar 27 '25 18:03 odudex

I'm starting to investigate this, I think it's possible to add code to properly handle boolean literals as arguments in and and or operators. But, just satisfy the curiosity of someone starting to learn about miniscript inner workings: Would this be used in anything practical, as A&0 = 0, A&1 = A, A|0 = A and A|1=1?

odudex avatar Mar 27 '25 23:03 odudex

Did a sketch to allow parsing boolean literals. Just to end up in recursive depth issue like rust 😄 Smaller examples like "wsh(and_v(v:0,and_v(v:0,0)))" now ~work~ load. Allowing it, however, feels weird, like allowing lack of optimization or worse.

odudex avatar Mar 28 '25 01:03 odudex