From 888922aff35513d1032cdbe14046f7b43352b591 Mon Sep 17 00:00:00 2001
From: mhoffm <mhoffm@posteo.de>
Date: Sun, 27 Jun 2021 19:57:02 +0200
Subject: [PATCH] start fuzzing

---
 CHANGELOG.md                                    |   3 +++
 README.md                                       |   8 +++++++-
 ...0d2958a668c04944f12da010e4cd4239cb587114.hcl | Bin 0 -> 6666 bytes
 ...bbabb6816b26bfecdaa9aef4b049f7259aac9954.hcl | Bin 0 -> 29211 bytes
 src/scanner.cc                                  |  11 ++++++++---
 5 files changed, 18 insertions(+), 4 deletions(-)
 create mode 100644 fuzz/crashers/crash-0d2958a668c04944f12da010e4cd4239cb587114.hcl
 create mode 100644 fuzz/crashers/crash-bbabb6816b26bfecdaa9aef4b049f7259aac9954.hcl

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 27ff51c..b5eb3d5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,9 @@ fix:
 * allow empty template interpolations
 * allow empty templates
 
+quality:
+* add fuzzing
+
 ## 0.2.0 - 2021-06-26
 
 feature:
diff --git a/README.md b/README.md
index 7fa448e..18583c1 100644
--- a/README.md
+++ b/README.md
@@ -26,8 +26,9 @@ tree-sitter parse --quiet --stat example/real_world_stuff/*/*
 Total parses: 1892; successful parses: 1892; failed parses: 0; success percentage: 100.00%
 ```
 
-The aim is to build unit testcases from selected failure classes and slowly get to 100%. 
+## Fuzzing
 
+The directory `fuzz/crashers` contains a set of crashes that were found with fuzzing. To fuzz the parser i used the instrumentation of [tree-sitter](https://github.com/tree-sitter/tree-sitter/tree/master/test/fuzz) 
 
 ## Todo
 
@@ -37,3 +38,8 @@ The aim is to build unit testcases from selected failure classes and slowly get
     * [x] add quoted template interpolations
     * [ ] add quoted template directives
   * [x] add heredoc templates
+* [ ] fuzzing
+  * [x] start with fuzzing the parser
+  * [ ] upload fuzzing instrumentation
+  * [ ] document fuzzing process
+  * [ ] add parsing of crashers to CI process
diff --git a/fuzz/crashers/crash-0d2958a668c04944f12da010e4cd4239cb587114.hcl b/fuzz/crashers/crash-0d2958a668c04944f12da010e4cd4239cb587114.hcl
new file mode 100644
index 0000000000000000000000000000000000000000..a087945a3aeb489f5db8d56a747ec1718a040938
GIT binary patch
literal 6666
zcmdPba?UTPEXqvJC{Z}HQo+c;&_YMSzbG*|CsiRaFGWAUNFlSNSRpYjEi)%Gu_U!v
zPr)%KM**y%SfMDjIJKxOHARn$D<mUTAv7<uEVZaOF-IXFwJ0~UxHz*cRlz4SIW@01
zRY4;(z(-R@AuP41I5R&_!BEdYOP`C2D<?lWF{fCenoB{UB)K5IpeVm2KRG`~LBUo*
z$xMk$L7_ASP1MjFB%GL&16N!OQk<BR0~XJ#EYC<SN>u;@TLmQpJuuWa0Li8##TVok
zm4M~IRv4NZ8G<B=i!+d9Y!#G@j6lLgAj{zzY!#G@jV&xe66KkBMY(VtwhBt7mKI>=
zrWF^1g^R&<*eXOT85x*ZDCsCD85x)wfM`QQL#0@*S}rbS1*gQ~5>Q|SrzV#cWtLPb
z_+%EBa22H%=a&{Grz$ArCuhbd=NF~M7ef`q=VTU_C@CmGH3p|9gLEi?gD*Khw;-{o
zBsVp$BtA1m!B(Lxu}BYDFh4mng-bypC9}97C$Ta<FEJMsO12oLaVaR2CFg<60Q*4!
z6i~VODWy57ddWqpi6yD=WyyJZWyyJ&DO_9%3aRNusl~+zCl;0Fq=I53nhT^I6tN&0
z5wRfSlvJw05wC|F=e3}K1*uI*EiTE-O9TgvtpZ$aA~b5D>S}ek6cl1XF38Ly$_XI5
z@(Vzwf}96)n1X^*Zf2emC<(zF1xpN2i$G3N%1x}mucj8{5|C23Pm!DsvKl51Hx(Mo
zDB*$KkF{K&)Z&s@l9-fOoT?C9SzMBut3Yz9adDzjf<YKGnpU6%2Rv3m>50~91(dTv
zSu{B_r3h*<I5#MO3j$Cg1SL44(mJ$6gqi}<ijmaOl~9_}ak(B^C^{At<YXp8a(^(W
zdMP43r8^cBP${V+nKYW#hiqC0CAos)w37J5f`a(WyyB9?yyR4HWty4?uCC*Y67$ki
zqYYxQX9QyP8zS`6IG2Q{CMl4cJHk_wsFXX9Od2}5gMn^fIJHkeS%Bg?2V@91AC{*k
zVa<mGvL8WhG|qKC`H3kCPKi07;)9H8$%k4EFoZ!vC)-gyGk_9PPJUuad=fN5kPCF&
z35l>48Yd#x98k9}Ss^$zu_!r%>{8q{m`a5>!k`hHm>}KJ0qOaH(lPZ)*3@Eh3RXh8
zXq+ViQu7OPQj7D`N)$r!^K*(xZ}A6!^-(EDpc*#fa|LV^411Xh$vGHm;3;N8A9P5M
zwDAzC<O+z}5QBC2e1Jt2+z+s^8{|<UP!}5}4mTHdOb3@Apgmo;%$!t(;FA2J#Pn2f
zHISJMqDdSJbPJ|dMSx_|h)?tIaa^2zLP**|sG~#QkBsphg!_yTeN!xBR9Mx~D*Yq;
n0UF&WYMct;K3sit^!Pwhhu0q<Cy<$sDe?!k<AVZ!fXX8Pik{88

literal 0
HcmV?d00001

diff --git a/fuzz/crashers/crash-bbabb6816b26bfecdaa9aef4b049f7259aac9954.hcl b/fuzz/crashers/crash-bbabb6816b26bfecdaa9aef4b049f7259aac9954.hcl
new file mode 100644
index 0000000000000000000000000000000000000000..6813be5b8b0604ca2b039492d2d1e283a68ed4c2
GIT binary patch
literal 29211
zcmYc*Ov&S_<>JaOEh#81QBcarFD{8MD9S8LEJ=;eEKpLY=2B27OUx-vRj^e^tST)^
zEy|70$;>OQh%d`5Dk)9OiO)?;&dAJ5)ho-@LuiaoOi3w9EiOhjJ1@1QJijPAJ~IW?
z*xdY-(wtO1s5Fd@&rHFlxhORyvpBxEG$}8&gjkc%^k6d<=5o>u#?Xb$=(M8zypq(s
z6k;8%udm>oUr<?;nVwOippmSpU}Ruqprhbll$e~8s*sqMqMu)+kXcf!keHU1nUk4V
zl3J|CrLV8xlbM{FSDc!nP@0#LTBJ~tk*W}ymsyrtRGgTj5Rh7wn^|0(S(XY@r%<L~
zsAr&%SgcT-kzbytkXWLSQBqP+Y^ATCUtFx054KJ(IX_oF2O4jf9szk*Spgaf3fZZZ
z3OV@@R}|})7Ubx0aTOHhmt}&Slb@UkPD>@Jd5L++mGSw>nJEe&V5?A;Sfqz6%%z}E
zTAW&xoS37KmYI{PkXn(PQ<{>RqEMEZsF0pnl9`^DUzEyKlv<o$T9llspp=uJoR||2
zQmdq(R8W*(Q5m0&us}gU0b&QpP_QtUf<jtmUV3U#K~ZL23CIyJB}l?t3NVkwXQx)i
z7bKRXRzlJ($fCT&+*F80kX9v?>Vm|Q3_VCnuGNRSA+=JkAOmE1YOWI4&YaZv0%%0!
z=PB4KC>fX;7=Wab!AS(_6tII!a*E;kFdJkL*jvTL8SqR7c2#OFBo2}ii%T-|^Ay1O
z8J3x$g7F|hh||$?azSZQPG)j^W`SN=Zah@E9!NRFRMeQo86k;9sE$f3$>35@C`wHS
zxd;|Ypl|}kG(;F=zP`Q!Jb9$$7b#@q=cdARf%u+|z6$V2E+_)|Z<u%`zbvyjKQBEq
zFB3C^B<5r$7Q+Hfp8*tXN}!MdB@^Ua0?B6zWeNsJxfp-efJQJVJwuX18opc)v49F0
z8Jy=bb5fD>4Ag_RpiF?4c@VAymkgj>n+H`6qHGnw*<BA5Ch<k7m7qk%RjXG(g**nc
z8G9}(NX^yc0=d8nTr6pT5_4)va!P!1PG)LeNqll@Q3<G+$N;ITRRX2(l*E!m1*MYI
z+=3iXeF`c#loXVZHD$vJ6__GOfPl;{PR&V+FV0NQOHEO*wN+3mDJo3`B?1Kndxfn0
z%sdSxB^?FyVgku*JuTE+Nx=Ew;v}&I$@TEOr<9+QoR*mrpO}*hcYb1ga#0B+6(#4F
zLP}9v1tpbgoK9D$sX+>}L_~NgDB3D0>8GTY>F1T^<R~fFD;O$RDHzm(JPR)v!DfTP
zQx6tW-~wL{;$fI+skwSZsi5jFH3h646yo4yXRDy3r=Omhms*rqlA5All2fb?(y0rH
zJKf|&J&<=mafa|UIGurQf%_U7)1><xoRmQ}Vx$%-_#W;mvOG_U&*90H_&CS#IV_=3
z&Eufzk(^l91NnwflozKKm8BMup4f3GVwAiKPGdQh(0mTg6Obegu~$z^4^ph8=4uj^
zp!K2ph)K;5rHI;q*f=H9YtY66$b2*}A<4vpN>!qKW@`(M38EscAeHDS(?OK2cnTik
z;tXUh=`jY@MNE8w6oNt%Ug|28<bztu3ZTXksJWk+S6q^qmz)Y}R)I>sVuk!Ph1|sA
zlGGxFy!;eUKS4o3Utb|4BUJ%hDrOcdB<2+7gZm0OiNz%f1&Ku^AWex1Mfo|Y>ct9<
zL4JB%U`-IxwIVUMAScxd!c)*v2+Ge%1*rnHQxc2vtP;zMtuhmHt*i`<j7?0<%q=Vp
z42`Tnrs<cYCYR*rWhU!_-I<e<T7+tfAE-@jtAI-xOguiZyf_}>tN6^s+<1`L@nG-R
zDkv#&LCgesF)<fhG3BR$!lNv+I5Qtqm3sOI1j9qDC_leMAt@(6Ia?tmwJb9^736t{
z*(f3A3GQ;FC}gIA!>TMlr!+TJp`@}PRUxxjAuqo~Av50)6j0b439=*}q9r~vzn~aY
z#T!D}{m{rL&a49442ndELWRsch4jqy#H7lS)MC<{OUMae%WM^tjKMt*s0+Ye$xl;&
z+73xk1&PVosYT#!TTyCZX=YJsN_;_1X?kW}F<4MRAtfKI!WPO^Pylr|L9KpU1tmLM
zP}5Y;98`^inoZE&nyrFTdS*#RX%e_^nUPqWk(r!dRG<$r3Zl3c+|DXXOfO2zD^b8@
zx}lzd9@q~=m<}}yVSFv9;D<U%32L{3QYs{QLvmPVZen^WC|xU+CY9!ulv-7!=4B@4
zfXqnF&&|yQxeU}O1DTXmnwgUV4h4vrph%7e`$7pKpa-!-4`zc7mx4kpxQ_|y41khm
zk%CfjMk=TQ1R8TuP)N-y%Ph*z%LTP9%MyzaCMqZ>x%vCsg4E_Kl;;=aq$q(*gP5nF
zkeQd0nFkuKf!MF0pp=@Nk+0yGl9HL14sN=F$_*Dt%sJ=hl_X~7r4~VrfT@lFSpiDh
zDsKM%F-i({3Q&jZl~j~~LI7f0EhxJc<QJFd78K<trxq9I7r~MSs;GhzECv*+L9tuQ
zRSOB1VukX|oE(LuRE6ZC)Wnk16i_bG*N2w^;M@-Frl#hl6y#^-m4Jc*9Po&|UXoap
zo?4>d7#@t=g9PQL<eXAa0SGb{C1*hTp`g5&TB=)~T3n)Q2=bS{z5=)$%1={B%u@&s
z_J9s+B!k?hP@Y+mk(mcB0}xi}DZolah2;FA)cj&yP@e_E!s6l#Q0Wb_5o(bWxZuf8
zQ}7H>fR2}?7K2Lk6osTpuq9yu&LDHZnKTnTQd63f0xoaz%TkMS5(~gCQb^3JRLC#M
z02T9)v6^BXh2qlW4AAIKB5W8#0n~a<PR#?=2Fdw(d8x@I&@mO4%%arf5(Q_7Ajm?L
zkSZ%kj!(`^DT;>_l(q^=h6bRlr)QvVXa*~AHS!BU9rVN;O@)w*%wmP){JgZx^wOf#
zVo(wV6(fmdiJ3WxNtrpBC6x+Q`FW|upusGVH#3Vs0auh-T#%m!PNa}gI0a`<m!M*W
z6tL@ZDnahj*H?hVIXuJ@sukezmk0`5u-nW`^bGWk43u;bl1Xq$3j>IxLTv)XFcjZ{
zhA2U;htlGb{9Ndm9Vo%Us}@gKEekG4Athxh%#)yMR-;%GDM=)h80qDvrev1pCV+f^
z&92mBqj+!u4C>{<RAUKPpUh%N?VOU52?=b4;?(5QqRf&?*pLsbX;qS35TBS_l3A7t
zr65HbZ2Si@PzCQFVyFgX>y*^u<f2S)tSZ=onhk?&R1$T3LSKtZK}*3IT!w(sl!9k)
zm_lx1USfJGs039AbM^x#x1v-~S3CtiuvDzarJ$wH#ia~Vff!TFPtJ@7W#;&@<UEDU
z;xaG|DwmV<b3u(HkeTtBDWJi<#3E2lh9t<PppcSTT#%Ef6p~R1X_<g(5m3jtEIAJ>
z08)}y9G{bzl$ryoy<qYwFhMQ_1xS`lRRBkAPJT(TLVmIWxapLaoLa0<k`GEwu#zDY
zTyCV5=78G@sTBqJ#h}vOFFz$UAit<Y0o2yd1Ze|}q2}Z#rsyUm=78FYMa9riN>M0I
zEl31)k8>&&(u(qP!J&v$dSc`~Naj({Qb>qa%FIg#4fpGU2DK`bV)0}wkmd0R%c<06
zgXCH&wAmmA#nZUW2C)U<Tx_KRvJ=2X4N+~jR0WVej5aN)7Q%|7^a3MjWd&+cCnXlA
zD!BLsE2QM-CT8Y=8q3I4tb%8WLT+hsiGrVh2&e)8wJa186-tT{Gjl+xu^_c5Ge1R7
zAvixb6_R*BX2HgQp)G;L(vtk##FEV9#GIT;P_?K~0;*3k(-iVjK`o5LB3v~=enBdz
zXim=7OGz!$1LfZQV!h(Z;*!+dVsP0DPr-iqC8<`BdMYh5H77;EH#9f|)CMU|EdgbR
zQn1|xMVa|UptcgYWdia5vS%S40M~Vi1qC^osl^KUc{!C}^*Q;aDGH!5zqI_KTu=!E
zDn20^q8&k#Xu8D(smYmXnaQA_as{;mK^Ym+n}aBThDr)3xOEf~;0Xj21@VyJPXNu_
zfZ78|sR|&6m*guXC@Dd+o@bguDYys#1#wYoa(+=tv5rD&UU6wrszOOdVhJuYGmBw{
zfm#mv1*t_jm7vIk)aEG)sTC!uMR|!iAcujgacD6Fsuqh%lR@<oq{9Mh0e}K7B{e5C
z9o&L~I31z_>{GBg$%%QO;7`jh%}Y_pNG(dWf=@=J<R=&F<z^-q<rn9tm4J#`{nR|&
z(qet^Y@~ilUNH#k!feomSfC4*)lJDO=2AekC6NLT)EdB2#ez~fY|Jqq(%B1e_0>(y
zOU?()Ksh@qfW~7$F_&19ssm}OmE<eHMiv!9pnY6WW2zX^g$5P9sYS^8U?G;KkdvAQ
z>VGEYW$P#;DxjJUZy2NI2$)qE4drCWASl#hkkp3KDoX`LV@YZrxD5eH%4j~zPOU`o
z5xDz;)|*gD&dAOG$IJi*pc*YDDIPo$51Rj~)h|xYNK8-7E72`UO)N^uFVE8}&VcqT
zphLsNt1rq`&`nc-3@GE!1!}{C8uz-z8Hq(HAiKbB2IVJk&qP@vCAGMuD8Di@FCD$F
zRg{{WUy`buT9KLzX&WghlxL)ZXBuo3l%V=RWgkY5N(s$npk@K25?9L2%u@nIfJ!xZ
zU{5ctxH!Hbzo?`*+9(!0$^}!GSV34F*b5*H1x5KK`N{b?$R>lDY%p=S$&fA;c>WL?
z+@J;rs38GWQVZ!Q!dzUMQV<Vmw}V=^Fi`~sJpM2s(jQ3b@cIMf1RDASTiV1-H9A}h
zbc;ArJglIgfS%Z}c?go(GE<5Wv0R>~r=Sp9oB>I|v7q+6LTxP<S1mZ>juN9GFd71*
zAut*OqaiRF0;3@?8UmvsFd71bGz1{yD8-PT8>CyAms$>+0f$VL#3xo2M}yaI=w;@m
zq*la2RD*hc5Cs|-8bNaLMTvRosX7YAItoadH9?v|%T2fx6p$xv;z5%($bC@4&Zq?s
zv6LjHgZh_BD%H8EMd_&;xrqfD;EuWyXsS&~2exbsI@k;zA+ObiOvCHKy3$CN4bq4j
z6wWG3EXqtw%1KpFg080rPu&$mhB#oOy19u3;D|{{O-n4z0nKAW`u<_ge!8GZH_)I1
z1fx&(fkXqqi-v>2OYj|C3?ah};AuAyp>JdY>2#thGeTBo2%3Pys>~Q!nGuq*yu=b@
z8<CY6V^;>U5m^~{N)T!(l4&3tk(HSunFd<0hiWS<JdD6|h)~mzl|gKUD?|1vvNDLR
zaAn9og`|6AYhlWaku6142C^2e4B1jtWgu(e%8)IE%nx9*)CAd5RAtDPnjl+>stnmu
z6J$%XEsC9;eSMq|*23Ioifk#mG9yqK1WIaprpT6}D>FtYLs$x4_JNs4AcbUnN*<9J
z1vx4~82~hYrvws&7zAEPpr8N}fcXs+R%oigGb^a7KtYA3${3QHP~#C~r>%lgwnZ^S
zJTV1oC4`G?DXKE4ov6w{wxTM7T8bKv2umU2a7!UvOiLl+i78M^AzYX;gryMi#1yEd
z=<#R>ipOk=;^gGqoFurN=&Hbp0-*|OCAunbnn0)m+Xzk)T!=J*yvSY&v|0s84m34T
zl%Eq{kdv5~3SAr!pO_4qmx7eAh!Rx^vS<ao4jf^4B7EvT9+W!bVe|L#Ihn;J#qpUb
z$O#ZqEP-S|X#in#bS!Ae5mrOtDS{RzLn4amCPM;>>c-|JmQZ3QWI+H@+=D0U;|q#X
z(=sa{kqxd+A(2#EQk0pOjv7r$XmOv6v~&Qp{Ry175U~gvst3*ggO)OarMQ$8f}zVh
z6hMifm<!1@Nx8}K&`EbvYIq+fN5^2@01tmxKhFqVLr858Ds_!4^$bl+K+Agc4WXF_
zqSi6k!znb#4^6F+p)o|Q8OYBHpv4mqvp@|57zUY(yi!O(0i4$mUWR0W;u1y%remo^
zMTwy4Qt%==#BxLE{xR69vcz&wOA^vrQBZ)*ci1W@Ar=xQmKQ_ZguWWlSPxWdL*$@y
z5=Du5DfzibD-5xk2vG&mh+-%>3?SlA1HsK~Lgs-LLA0S5X9NmTh&a?Z(1r*?rh(Kz
zG@%%V={DHL2|@<K)L}8yNY4ni<Pz$_?9!yvqP$elDpkZfO{}4aP>IE0J6i>i@1eCA
zWQ8Dj4;ggXDbl*qIy(geJwp?4<^r{IVZ{fyJsJ<%!wAb5kX(u=H<e(C(EzL&kq$A9
zC??qq*t~drW^!%;$+|N^%kuIPbMWg1H+n!#Bhb3LTIAvYRM^4R2E~I`8bZAU+H3({
z7g3x6DN_)hM$rP<?g`!53tspN?uB85AY>P+t`BGju&%kDsjiWMp@p8Ifu5n6E_$e<
zSWujiSdfZgT$rz3a7kibN@7upp`H<Hte|L5Ofig4%>#98AggSVA~h{Br#Ka_RwG<m
zL5oQ7>NLis6N{xOsVSM@Rig1AmqQwYkYWp)V?jk2xc;zJP{P$6gA~AMg*7w~(N^;1
zCuOB3m&6yB<QFBTr|Ko;=a&?h6eSkGL_m!c&}#U2PzwgU;1?Xfpmv0^f=gmaB4}v@
zm$HH`6u>uxgBFc~<l-UA7;tU5hAGp7F%arOc7WHgl_)5o%R=iqq&?=)m5DHg80LX=
z;4=}lc@>h(&_W2Oi69+VO$4ptCDJI6QmkeaBo-H!=NDn$@s8;vm~yOU;n+8iX$tDj
zd6+yn!in?`ER>Z&E1)6C0-hq^#SCn%DQFuNxYmY+IA~o+S#CU{2m<f10d4F<->z7a
zmI^AZq77o<Yf(WZRzYg6f|Y`jW1d24MP_jcXa$ivih=41<%z|RZ5=78Dc~%utl$LM
z0}XL5C>_I{4BOZVKHUI47(uQDukcER?SKY37gRJT*em2h&L)5wpr@q=WyM2{Qm|5h
zw8mj697P_fIfs<QDX<V`AlzDIh0x;EqIggoBmAwa3->uFfI*29qyXf-R5O!!=wc?U
zNdcr5Y?>Y(oye&Zq%1i<546@P9+rBEFd1D7$Vg>{Akg6sFn_@P06D$^6yTs_iE22w
zDW!+9(it=Mzy^TQ7?=T$I*>^URtliD6Ub^<>_HS17w3Ri?NDwN%p{yvfr5;3Ye1$T
zS)r`plb@KP09#}W3s6v&0AYB*qAbOYPXg`s$xFdi!lNkGL*XH5MGj0<HJNCKiGXqe
zC^<v39%P9kDDJ>jtAf3Pk}L8`L#TW%Xn84Uvj}W^K?-QWvz3BMH8iK9Sc>M%%z|1a
z1uIyd#;+3O5oLuiUvS{TLkwQ_f%6F{5urvN$Wvvx@gP~QTCPDcAUx^_vO)mSP6j1X
zNaF_**RWO_tjmwm4hJa))nJIEL6q{uob>#n%#w^;609grO)g4>Zo$W539Lv1_puY>
zK^s$`V@t4V8gyz&etBvU$jy-K1>UEtr=<sSJ>&!fWrgrmg^a|qRM5KS6wpr5%wovt
z1DXnI3dIFEnI#&U3hE_AnaSDe3Q4KSiKWG$^~I?Q;8ns!l?wR<pgs5bMGDD@dFmyQ
z-3%p=@eDmKW%x2*ta}1WV1oksnZ?DWsm1z+hNfm_%3uy?3m#~tsgZ@HiJ`fLfhjzb
zf_)6%D+UQsn4hDSRH`AaR?<<@QOHTnOE1ZQ97_N#ZQ|iNH9@730sOQDkop4L;iaiy
z1qm3i!JvWw-Xlbqs9CE79=n4@4r~Mmt`yW5g}4}08|LPhr79@tDS?jZ04>-}%}W8T
zxlc_@&H!)VMQT(isZ<xG7UU!*r)t1x$fjj$B^?EHXTz+8w9udtuBoG-q#vypYpoBO
zkyB8D@m0WlCD4Q*(m_!$Bj6oZgv()JO`ek=XHSvkro@8Gcq}1FmV1!RBHJ<43LKDQ
zU}llx7_v&fQB9*EFd71*Aut*OqaiRF0(1@meSL+}V#xMGP=gP&2{N?^v>~q;vJJ8%
z-wJfrBdB=^-x3HuC=4__l9~dZR0bccq@++&13r2Qt_<8P1`WVL$I+1{6Tv1xjv9kB
zK2i66+t|4JyK#A@f!qP=2Y|-LbQD0EbRn9MH@6ilBo?K@H^imrA?XA6>~)~qBr{SK
zK*JWPDWGj{iFqjskfXT3MnTL-N(Bx4l@^1}gaA1JrK44rn3I{3SyBl)P%$$fI=+g{
z*<nzH3Xt8Wp!PE;WO2G)BQsASBfqq$SW}P71-d>evsl4cp)xhGs928+<Py-HLeSYS
zwhBtHULa(@9g+t422Sv<Q1GD<pkomdi=kUzlM*3)C9UH8+*B=)vp^A~0BhzUg+p-(
z=!6WggW;S1z<b&AQd3hP_JX&_!n>@+sU@Hd=1|AmDj1m=Sr~u@G~g<fKz7ALcMO6L
zt%JlnxE~3fzD4q!0%#u{(qRBfuvRuG?vOS_f(K&JErFg+20I-O$s!~hP~sNiIEX$_
zXBxD(kO*y{PI_i?DtJ1a2;~r4K+XbnfI(eeX#W@-2(}7JpgDJtkLX+kj9NDu0;3@?
z8UmvsFd71*Aut*OqaiRF0;3@?8Uh4E0Oh<kCD2JWu+`-X=|%aa1)x4AsOt+}WucIg
zT9A`p2|C9NG=r`X;^wLcT9*mx2SGc4pmq0<<5$v(GE?(Xav+D9L6<<+>XxLX>Vg+c
zfb@Y5354G006i29w*LsS8VPZ%Ht6_Pn8V`14kPHZQ3azRFd71*Aut*O0~G@LT8Ps>
z53N)Ht@<W#C6R(-PL2Zj5~E_!VVj`C+f($oxIons-fM|8LIZp>brix<i$Di<gYGB-
z9nXn4nNtaVG$(8^mXd-Jbk!wf)GrxnpADi)f*y#4ED73#13oedy!jbc>p^Mog%e2Y
zLr``?Lk^h(Er~$eA`Ov%)SRg~;G;*ut4pxxM%{B=s{}gP7IJPVq@IPk17a3vz#r;K
z`1(ayMXXYdY?Gsl4%j=8jo_NKD%D6_Z9}ks!He->=0j<)f03<$1#di9HCUel$c@ki
zdu4f<$?++vC5f3ikX7yq3XnDLpkq;?W<uPK>^hhqAWG4LfD5D#GYl}C2Ab>uHB`tC
z0R@G`V$j?LY>{$i0chJLXkr8G2Dk;_O<y2a(ZCI$T`pX(O-$%P3BKA2aw;&$dKk7<
zPy+AH05!SbT49MCrU(-3C~*lo${ZSnN%{FDu;b`K=ZeN>=EbKc6@xUHfsa!M@9fD<
zElC6|8U`=yR!{(KDM>6X$;dCttV&G*onsBs0NS`;Qk0onTmV{k1iErS1Deg?@m!n%
z3*zk5%338&NS*=h0~@HKY)IM*I*dFOwiZ4tz!@|Rmy=kU2U-XQy4e9VZ<G(7Yb(tI
zoduexke6Dn08$8=bON7>3@UvQ$7YumB<n)1Xh?ufX(4S>0Zn@#%@4xo5YzL^l0k=?
zB9>XfHUWUnhJX~mD8_*2p^A~FjzDvX*{MaK8+C@rS^MC_PCX&#8!HqI$<#xZqXC^V
BBWwTw

literal 0
HcmV?d00001

diff --git a/src/scanner.cc b/src/scanner.cc
index 365b982..f2f4505 100644
--- a/src/scanner.cc
+++ b/src/scanner.cc
@@ -1,10 +1,10 @@
 #include <tree_sitter/parser.h>
 
+#include <climits>
 #include <vector>
 #include <string>
 #include <wctype.h>
 #include <assert.h>
-#include <stdio.h>
 
 namespace {
 
@@ -40,6 +40,10 @@ public:
   unsigned serialize(char* buf) {
     unsigned size = 0;
 
+    if (context_stack.size() > CHAR_MAX) {
+      return 0;
+    }
+
     buf[size++] = context_stack.size();
     for (vector<Context>::iterator it = context_stack.begin(); it != context_stack.end(); ++it) {
       if (size + 2 + it->heredoc_identifier.size() >= TREE_SITTER_SERIALIZATION_BUFFER_SIZE) {
@@ -54,12 +58,13 @@ public:
   }
 
   void deserialize(const char* buf, unsigned n) {
-    unsigned size = 0;
+    context_stack.clear();
+
     if (n == 0) {
       return;
     }
-    context_stack.clear();
 
+    unsigned size = 0;
     uint8_t context_stack_size = buf[size++];
     for (unsigned j = 0; j < context_stack_size; j++) {
       Context ctx;