##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

fuzz: restrict manifest input size...
Augie Fackler -
r41341:44cd432a default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,55 +1,60 b''
1 #include <Python.h>
1 #include <Python.h>
2 #include <assert.h>
2 #include <assert.h>
3 #include <stdlib.h>
3 #include <stdlib.h>
4 #include <unistd.h>
4 #include <unistd.h>
5
5
6 #include "pyutil.h"
6 #include "pyutil.h"
7
7
8 #include <string>
8 #include <string>
9
9
10 extern "C" {
10 extern "C" {
11
11
12 static PyCodeObject *code;
12 static PyCodeObject *code;
13
13
14 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
14 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
15 {
15 {
16 contrib::initpy(*argv[0]);
16 contrib::initpy(*argv[0]);
17 code = (PyCodeObject *)Py_CompileString(R"py(
17 code = (PyCodeObject *)Py_CompileString(R"py(
18 from parsers import lazymanifest
18 from parsers import lazymanifest
19 try:
19 try:
20 lm = lazymanifest(mdata)
20 lm = lazymanifest(mdata)
21 # iterate the whole thing, which causes the code to fully parse
21 # iterate the whole thing, which causes the code to fully parse
22 # every line in the manifest
22 # every line in the manifest
23 list(lm.iterentries())
23 list(lm.iterentries())
24 lm[b'xyzzy'] = (b'\0' * 20, 'x')
24 lm[b'xyzzy'] = (b'\0' * 20, 'x')
25 # do an insert, text should change
25 # do an insert, text should change
26 assert lm.text() != mdata, "insert should change text and didn't: %r %r" % (lm.text(), mdata)
26 assert lm.text() != mdata, "insert should change text and didn't: %r %r" % (lm.text(), mdata)
27 del lm[b'xyzzy']
27 del lm[b'xyzzy']
28 # should be back to the same
28 # should be back to the same
29 assert lm.text() == mdata, "delete should have restored text but didn't: %r %r" % (lm.text(), mdata)
29 assert lm.text() == mdata, "delete should have restored text but didn't: %r %r" % (lm.text(), mdata)
30 except Exception as e:
30 except Exception as e:
31 pass
31 pass
32 # uncomment this print if you're editing this Python code
32 # uncomment this print if you're editing this Python code
33 # to debug failures.
33 # to debug failures.
34 # print e
34 # print e
35 )py",
35 )py",
36 "fuzzer", Py_file_input);
36 "fuzzer", Py_file_input);
37 return 0;
37 return 0;
38 }
38 }
39
39
40 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
40 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
41 {
41 {
42 // Don't allow fuzzer inputs larger than 100k, since we'll just bog
43 // down and not accomplish much.
44 if (Size > 100000) {
45 return 0;
46 }
42 PyObject *mtext =
47 PyObject *mtext =
43 PyBytes_FromStringAndSize((const char *)Data, (Py_ssize_t)Size);
48 PyBytes_FromStringAndSize((const char *)Data, (Py_ssize_t)Size);
44 PyObject *locals = PyDict_New();
49 PyObject *locals = PyDict_New();
45 PyDict_SetItemString(locals, "mdata", mtext);
50 PyDict_SetItemString(locals, "mdata", mtext);
46 PyObject *res = PyEval_EvalCode(code, contrib::pyglobals(), locals);
51 PyObject *res = PyEval_EvalCode(code, contrib::pyglobals(), locals);
47 if (!res) {
52 if (!res) {
48 PyErr_Print();
53 PyErr_Print();
49 }
54 }
50 Py_XDECREF(res);
55 Py_XDECREF(res);
51 Py_DECREF(locals);
56 Py_DECREF(locals);
52 Py_DECREF(mtext);
57 Py_DECREF(mtext);
53 return 0; // Non-zero return values are reserved for future use.
58 return 0; // Non-zero return values are reserved for future use.
54 }
59 }
55 }
60 }
General Comments 0
You need to be logged in to leave comments. Login now