String descriptors can panic on to_string

[apoelstra]

If you have a descriptor with String keys, and you parse one with a key outside of the checksum alphabet, desc_checksum will fail, leading to returning an error from Display::fmt, which apparently causes a panic in .to_string().

I'm not sure why we haven't seen this before but when fuzzing locally it now shows up quickly on the roundtrip_descriptor fuzztest. For example you can give it the test vector

do_test("pkh(\u{16})".as_bytes());

I'm unsure what the best plan of action here ... String descriptors aren't standardized, so I guess we can just make something up. The two ideas that come to mind are:

• Enforce, when parsing descriptors, that every character lands in the checksum alphabet (or at least, is ASCII-printable, which I think might be the same thing)
• When computing checksums, skip invalid characters or replace them with x or something
• Keep the existing behavior (though then we'd need to tweak our fuzztests somehow)

Also affects elements-miniscript.

[Harshil-Jani]

Hey @apoelstra Do we need escape characters (or in general non printable ASCII characters) in a descriptor string strictly for fuzztests or in any other parts? If not then I would love to go ahead for 1st way. If it is required then the 2nd and finally to avoid changing fuzztests.

[apoelstra]

No, escape characters are not required in any contexts that I'm aware of. I don't think we have tests for such characters and if we did, it would be fine to drop them if we were to forbid the behavior.

[Harshil-Jani]

Ah, I see this being already solved with 6b76997