Fix a crash in UtxoId::from_str and TxPointer::from_str with multibyte characters

CHANGELOG.md

@@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 ### Changed
 
 - [#525](https://github.com/FuelLabs/fuel-vm/pull/525): The `$hp` register is no longer restored to it's previous value when returning from a call, making it possible to return heap-allocated types from `CALL`.
+- [#531](https://github.com/FuelLabs/fuel-vm/pull/531): UtxoId::from_str and TxPointer::from_str no longer crash on invalid input with multibyte characters. Also adds clippy lints to prevent future issues.
 
 
 #### Breaking

fuel-asm/src/lib.rs

@@ -3,6 +3,7 @@
 #![cfg_attr(docsrs, feature(doc_auto_cfg))]
 #![cfg_attr(not(feature = "std"), no_std)]
 #![cfg_attr(feature = "std", doc = include_str!("../README.md"))]
+#![deny(clippy::string_slice)]
 #![deny(missing_docs)]
 #![deny(unsafe_code)]
 #![deny(unused_crate_dependencies)]

fuel-crypto/src/lib.rs

@@ -2,10 +2,11 @@
 
 #![cfg_attr(docsrs, feature(doc_auto_cfg))]
 #![cfg_attr(not(feature = "std"), no_std)]
-#![warn(missing_docs)]
 // Wrong clippy convention; check
 // https://rust-lang.github.io/api-guidelines/naming.html
 #![allow(clippy::wrong_self_convention)]
+#![deny(clippy::string_slice)]
+#![warn(missing_docs)]
 #![deny(unsafe_code)]
 #![deny(unused_crate_dependencies)]
 

fuel-tx/src/lib.rs

@@ -4,6 +4,7 @@
 // Wrong clippy convention; check
 // https://rust-lang.github.io/api-guidelines/naming.html
 #![allow(clippy::wrong_self_convention)]
+#![deny(clippy::string_slice)]
 #![deny(unused_crate_dependencies)]
 #![deny(unsafe_code)]
 

fuel-tx/src/transaction/types/utxo_id.rs

@@ -101,20 +101,29 @@ impl fmt::UpperHex for UtxoId {
 impl str::FromStr for UtxoId {
     type Err = &'static str;
 
+    /// UtxoId is encoded as hex string with optional 0x prefix, where
+    /// the last two characters are the output index and the part
+    /// optionally preceeding it is the transaction id.
     fn from_str(s: &str) -> Result<Self, Self::Err> {
         const ERR: &str = "Invalid encoded byte";
         let s = s.trim_start_matches("0x");
-        let utxo_id = if s.is_empty() {
+
+        Ok(if s.is_empty() {
             UtxoId::new(Bytes32::default(), 0)
-        } else if s.len() > 2 {
+        } else if s.len() <= 2 {
+            UtxoId::new(TxId::default(), u8::from_str_radix(s, 16).map_err(|_| ERR)?)
+        } else {
+            let i = s.len() - 2;
+            if !s.is_char_boundary(i) {
+                return Err(ERR)
+            }
+            let (tx_id, output_index) = s.split_at(i);
+
             UtxoId::new(
-                Bytes32::from_str(&s[..s.len() - 2])?,
-                u8::from_str_radix(&s[s.len() - 2..], 16).map_err(|_| ERR)?,
+                Bytes32::from_str(tx_id)?,
+                u8::from_str_radix(output_index, 16).map_err(|_| ERR)?,
             )
-        } else {
-            UtxoId::new(TxId::default(), u8::from_str_radix(s, 16).map_err(|_| ERR)?)
-        };
-        Ok(utxo_id)
+        })
     }
 }
 
@@ -205,4 +214,11 @@ mod tests {
         assert_eq!(utxo_id.tx_id[0], 12);
         Ok(())
     }
+
+    /// See https://github.com/FuelLabs/fuel-vm/issues/521
+    #[test]
+    fn from_str_utxo_id_multibyte_bug() {
+        UtxoId::from_str("0x00😎").expect_err("Should fail on incorrect input");
+        UtxoId::from_str("0x000😎").expect_err("Should fail on incorrect input");
+    }
 }

fuel-tx/src/tx_pointer.rs

@@ -92,15 +92,20 @@ impl fmt::UpperHex for TxPointer {
 impl str::FromStr for TxPointer {
     type Err = &'static str;
 
+    /// TxPointer is encoded as 12 hex characters:
+    /// - 8 characters for block height
+    /// - 4 characters for tx index
     fn from_str(s: &str) -> Result<Self, Self::Err> {
         const ERR: &str = "Invalid encoded byte";
 
-        if s.len() != 12 {
+        if s.len() != 12 || !s.is_char_boundary(8) {
             return Err(ERR)
         }
 
-        let block_height = u32::from_str_radix(&s[..8], 16).map_err(|_| ERR)?;
-        let tx_index = u16::from_str_radix(&s[8..12], 16).map_err(|_| ERR)?;
+        let (block_height, tx_index) = s.split_at(8);
+
+        let block_height = u32::from_str_radix(block_height, 16).map_err(|_| ERR)?;
+        let tx_index = u16::from_str_radix(tx_index, 16).map_err(|_| ERR)?;
 
         Ok(Self::new(block_height.into(), tx_index))
     }
@@ -190,3 +195,10 @@ fn fmt_encode_decode() {
         }
     }
 }
+
+/// See https://github.com/FuelLabs/fuel-vm/issues/521
+#[test]
+fn decode_bug() {
+    use core::str::FromStr;
+    TxPointer::from_str("00000😎000").expect_err("Should fail on incorrect input");
+}

fuel-vm/src/lib.rs

@@ -3,6 +3,7 @@
 #![warn(missing_docs)]
 #![deny(unsafe_code)]
 #![deny(unused_crate_dependencies)]
+#![deny(clippy::string_slice)]
 
 pub mod arith;
 pub mod backtrace;