Show More
| @@ -1,79 +1,81 | |||||
| 1 | #include <Python.h> |
|
1 | #include <Python.h> | |
| 2 | #include <assert.h> |
|
2 | #include <assert.h> | |
| 3 | #include <stdlib.h> |
|
3 | #include <stdlib.h> | |
| 4 | #include <unistd.h> |
|
4 | #include <unistd.h> | |
| 5 |
|
5 | |||
| 6 | #include <string> |
|
6 | #include <string> | |
| 7 |
|
7 | |||
| 8 | extern "C" { |
|
8 | extern "C" { | |
| 9 |
|
9 | |||
| 10 | /* TODO: use Python 3 for this fuzzing? */ |
|
10 | /* TODO: use Python 3 for this fuzzing? */ | |
| 11 | PyMODINIT_FUNC initparsers(void); |
|
11 | PyMODINIT_FUNC initparsers(void); | |
| 12 |
|
12 | |||
| 13 | static char cpypath[8192] = "\0"; |
|
13 | static char cpypath[8192] = "\0"; | |
| 14 |
|
14 | |||
| 15 | extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) |
|
15 | extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) | |
| 16 | { |
|
16 | { | |
| 17 | const std::string subdir = "/sanpy/lib/python2.7"; |
|
17 | const std::string subdir = "/sanpy/lib/python2.7"; | |
| 18 | /* HACK ALERT: we need a full Python installation built without |
|
18 | /* HACK ALERT: we need a full Python installation built without | |
| 19 | pymalloc and with ASAN, so we dump one in |
|
19 | pymalloc and with ASAN, so we dump one in | |
| 20 | $OUT/sanpy/lib/python2.7. This helps us wire that up. */ |
|
20 | $OUT/sanpy/lib/python2.7. This helps us wire that up. */ | |
| 21 | std::string selfpath(*argv[0]); |
|
21 | std::string selfpath(*argv[0]); | |
| 22 | std::string pypath; |
|
22 | std::string pypath; | |
| 23 | auto pos = selfpath.rfind("/"); |
|
23 | auto pos = selfpath.rfind("/"); | |
| 24 | if (pos == std::string::npos) { |
|
24 | if (pos == std::string::npos) { | |
| 25 | char wd[8192]; |
|
25 | char wd[8192]; | |
| 26 | getcwd(wd, 8192); |
|
26 | getcwd(wd, 8192); | |
| 27 | pypath = std::string(wd) + subdir; |
|
27 | pypath = std::string(wd) + subdir; | |
| 28 | } else { |
|
28 | } else { | |
| 29 | pypath = selfpath.substr(0, pos) + subdir; |
|
29 | pypath = selfpath.substr(0, pos) + subdir; | |
| 30 | } |
|
30 | } | |
| 31 | strncpy(cpypath, pypath.c_str(), pypath.size()); |
|
31 | strncpy(cpypath, pypath.c_str(), pypath.size()); | |
| 32 | setenv("PYTHONPATH", cpypath, 1); |
|
32 | setenv("PYTHONPATH", cpypath, 1); | |
| 33 | setenv("PYTHONNOUSERSITE", "1", 1); |
|
33 | setenv("PYTHONNOUSERSITE", "1", 1); | |
|
|
34 | /* prevent Python from looking up users in the fuzz environment */ | |||
|
|
35 | setenv("PYTHONUSERBASE", cpypath, 1); | |||
| 34 | Py_SetPythonHome(cpypath); |
|
36 | Py_SetPythonHome(cpypath); | |
| 35 | Py_InitializeEx(0); |
|
37 | Py_InitializeEx(0); | |
| 36 | return 0; |
|
38 | return 0; | |
| 37 | } |
|
39 | } | |
| 38 |
|
40 | |||
| 39 | int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) |
|
41 | int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) | |
| 40 | { |
|
42 | { | |
| 41 | initparsers(); |
|
43 | initparsers(); | |
| 42 | PyObject *mtext = |
|
44 | PyObject *mtext = | |
| 43 | PyBytes_FromStringAndSize((const char *)Data, (Py_ssize_t)Size); |
|
45 | PyBytes_FromStringAndSize((const char *)Data, (Py_ssize_t)Size); | |
| 44 | PyObject *mainmod = PyImport_AddModule("__main__"); |
|
46 | PyObject *mainmod = PyImport_AddModule("__main__"); | |
| 45 | PyObject *globals = PyModule_GetDict(mainmod); |
|
47 | PyObject *globals = PyModule_GetDict(mainmod); | |
| 46 | PyObject *locals = PyDict_New(); |
|
48 | PyObject *locals = PyDict_New(); | |
| 47 | PyDict_SetItemString(locals, "mdata", mtext); |
|
49 | PyDict_SetItemString(locals, "mdata", mtext); | |
| 48 | PyCodeObject *code = |
|
50 | PyCodeObject *code = | |
| 49 | (PyCodeObject *)Py_CompileString(R"py( |
|
51 | (PyCodeObject *)Py_CompileString(R"py( | |
| 50 | from parsers import lazymanifest |
|
52 | from parsers import lazymanifest | |
| 51 | try: |
|
53 | try: | |
| 52 | lm = lazymanifest(mdata) |
|
54 | lm = lazymanifest(mdata) | |
| 53 | # iterate the whole thing, which causes the code to fully parse |
|
55 | # iterate the whole thing, which causes the code to fully parse | |
| 54 | # every line in the manifest |
|
56 | # every line in the manifest | |
| 55 | list(lm.iterentries()) |
|
57 | list(lm.iterentries()) | |
| 56 | lm[b'xyzzy'] = (b'\0' * 20, 'x') |
|
58 | lm[b'xyzzy'] = (b'\0' * 20, 'x') | |
| 57 | # do an insert, text should change |
|
59 | # do an insert, text should change | |
| 58 | assert lm.text() != mdata, "insert should change text and didn't: %r %r" % (lm.text(), mdata) |
|
60 | assert lm.text() != mdata, "insert should change text and didn't: %r %r" % (lm.text(), mdata) | |
| 59 | del lm[b'xyzzy'] |
|
61 | del lm[b'xyzzy'] | |
| 60 | # should be back to the same |
|
62 | # should be back to the same | |
| 61 | assert lm.text() == mdata, "delete should have restored text but didn't: %r %r" % (lm.text(), mdata) |
|
63 | assert lm.text() == mdata, "delete should have restored text but didn't: %r %r" % (lm.text(), mdata) | |
| 62 | except Exception as e: |
|
64 | except Exception as e: | |
| 63 | pass |
|
65 | pass | |
| 64 | # uncomment this print if you're editing this Python code |
|
66 | # uncomment this print if you're editing this Python code | |
| 65 | # to debug failures. |
|
67 | # to debug failures. | |
| 66 | # print e |
|
68 | # print e | |
| 67 | )py", |
|
69 | )py", | |
| 68 | "fuzzer", Py_file_input); |
|
70 | "fuzzer", Py_file_input); | |
| 69 | PyObject *res = PyEval_EvalCode(code, globals, locals); |
|
71 | PyObject *res = PyEval_EvalCode(code, globals, locals); | |
| 70 | if (!res) { |
|
72 | if (!res) { | |
| 71 | PyErr_Print(); |
|
73 | PyErr_Print(); | |
| 72 | } |
|
74 | } | |
| 73 | Py_XDECREF(res); |
|
75 | Py_XDECREF(res); | |
| 74 | Py_DECREF(code); |
|
76 | Py_DECREF(code); | |
| 75 | Py_DECREF(locals); |
|
77 | Py_DECREF(locals); | |
| 76 | Py_DECREF(mtext); |
|
78 | Py_DECREF(mtext); | |
| 77 | return 0; // Non-zero return values are reserved for future use. |
|
79 | return 0; // Non-zero return values are reserved for future use. | |
| 78 | } |
|
80 | } | |
| 79 | } |
|
81 | } | |
General Comments 0
You need to be logged in to leave comments.
Login now