Show More
| @@ -0,0 +1,20 b'' | |||||
|
|
1 | bdiff.o: ../../mercurial/bdiff.c | |||
|
|
2 | clang -g -O1 -fsanitize=fuzzer-no-link,address -c -o bdiff.o \ | |||
|
|
3 | ../../mercurial/bdiff.c | |||
|
|
4 | ||||
|
|
5 | bdiff: bdiff.cc bdiff.o | |||
|
|
6 | clang -DHG_FUZZER_INCLUDE_MAIN=1 -g -O1 -fsanitize=fuzzer-no-link,address \ | |||
|
|
7 | -I../../mercurial bdiff.cc bdiff.o -o bdiff | |||
|
|
8 | ||||
|
|
9 | bdiff-oss-fuzz.o: ../../mercurial/bdiff.c | |||
|
|
10 | $$CC $$CFLAGS -c -o bdiff-oss-fuzz.o ../../mercurial/bdiff.c | |||
|
|
11 | ||||
|
|
12 | bdiff_fuzzer: bdiff.cc bdiff-oss-fuzz.o | |||
|
|
13 | $$CXX $$CXXFLAGS -std=c++11 -I../../mercurial bdiff.cc \ | |||
|
|
14 | bdiff-oss-fuzz.o -lFuzzingEngine -o $$OUT/bdiff_fuzzer | |||
|
|
15 | ||||
|
|
16 | all: bdiff | |||
|
|
17 | ||||
|
|
18 | oss-fuzz: bdiff_fuzzer | |||
|
|
19 | ||||
|
|
20 | .PHONY: all oss-fuzz | |||
| @@ -0,0 +1,49 b'' | |||||
|
|
1 | /* | |||
|
|
2 | * bdiff.cc - fuzzer harness for bdiff.c | |||
|
|
3 | * | |||
|
|
4 | * Copyright 2018, Google Inc. | |||
|
|
5 | * | |||
|
|
6 | * This software may be used and distributed according to the terms of | |||
|
|
7 | * the GNU General Public License, incorporated herein by reference. | |||
|
|
8 | */ | |||
|
|
9 | #include <stdlib.h> | |||
|
|
10 | ||||
|
|
11 | extern "C" { | |||
|
|
12 | #include "bdiff.h" | |||
|
|
13 | ||||
|
|
14 | int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) | |||
|
|
15 | { | |||
|
|
16 | if (!Size) { | |||
|
|
17 | return 0; | |||
|
|
18 | } | |||
|
|
19 | // figure out a random point in [0, Size] to split our input. | |||
|
|
20 | size_t split = Data[0] / 255.0 * Size; | |||
|
|
21 | ||||
|
|
22 | // left input to diff is data[1:split] | |||
|
|
23 | const uint8_t *left = Data + 1; | |||
|
|
24 | // which has len split-1 | |||
|
|
25 | size_t left_size = split - 1; | |||
|
|
26 | // right starts at the next byte after left ends | |||
|
|
27 | const uint8_t *right = left + left_size; | |||
|
|
28 | size_t right_size = Size - split; | |||
|
|
29 | ||||
|
|
30 | struct bdiff_line *a, *b; | |||
|
|
31 | int an = bdiff_splitlines((const char *)left, split - 1, &a); | |||
|
|
32 | int bn = bdiff_splitlines((const char *)right, right_size, &b); | |||
|
|
33 | struct bdiff_hunk l; | |||
|
|
34 | bdiff_diff(a, an, b, bn, &l); | |||
|
|
35 | free(a); | |||
|
|
36 | free(b); | |||
|
|
37 | bdiff_freehunks(l.next); | |||
|
|
38 | return 0; // Non-zero return values are reserved for future use. | |||
|
|
39 | } | |||
|
|
40 | ||||
|
|
41 | #ifdef HG_FUZZER_INCLUDE_MAIN | |||
|
|
42 | int main(int argc, char **argv) | |||
|
|
43 | { | |||
|
|
44 | const char data[] = "asdf"; | |||
|
|
45 | return LLVMFuzzerTestOneInput((const uint8_t *)data, 4); | |||
|
|
46 | } | |||
|
|
47 | #endif | |||
|
|
48 | ||||
|
|
49 | } // extern "C" | |||
General Comments 0
You need to be logged in to leave comments.
Login now