##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

fuzz: always define LLVMFuzzerInitialize() even if we don't need it...
Augie Fackler -
r44261:51a99e09 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,42 +1,47 b''
1 /*
1 /*
2 * bdiff.cc - fuzzer harness for bdiff.c
2 * bdiff.cc - fuzzer harness for bdiff.c
3 *
3 *
4 * Copyright 2018, Google Inc.
4 * Copyright 2018, Google Inc.
5 *
5 *
6 * This software may be used and distributed according to the terms of
6 * This software may be used and distributed according to the terms of
7 * the GNU General Public License, incorporated herein by reference.
7 * the GNU General Public License, incorporated herein by reference.
8 */
8 */
9 #include <memory>
9 #include <memory>
10 #include <stdlib.h>
10 #include <stdlib.h>
11
11
12 #include <fuzzer/FuzzedDataProvider.h>
12 #include <fuzzer/FuzzedDataProvider.h>
13
13
14 extern "C" {
14 extern "C" {
15 #include "bdiff.h"
15 #include "bdiff.h"
16
16
17 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
18 {
19 return 0;
20 }
21
17 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
22 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
18 {
23 {
19 FuzzedDataProvider provider(Data, Size);
24 FuzzedDataProvider provider(Data, Size);
20 std::string left = provider.ConsumeRandomLengthString(Size);
25 std::string left = provider.ConsumeRandomLengthString(Size);
21 std::string right = provider.ConsumeRemainingBytesAsString();
26 std::string right = provider.ConsumeRemainingBytesAsString();
22
27
23 struct bdiff_line *a, *b;
28 struct bdiff_line *a, *b;
24 int an = bdiff_splitlines(left.c_str(), left.size(), &a);
29 int an = bdiff_splitlines(left.c_str(), left.size(), &a);
25 int bn = bdiff_splitlines(right.c_str(), right.size(), &b);
30 int bn = bdiff_splitlines(right.c_str(), right.size(), &b);
26 struct bdiff_hunk l;
31 struct bdiff_hunk l;
27 bdiff_diff(a, an, b, bn, &l);
32 bdiff_diff(a, an, b, bn, &l);
28 free(a);
33 free(a);
29 free(b);
34 free(b);
30 bdiff_freehunks(l.next);
35 bdiff_freehunks(l.next);
31 return 0; // Non-zero return values are reserved for future use.
36 return 0; // Non-zero return values are reserved for future use.
32 }
37 }
33
38
34 #ifdef HG_FUZZER_INCLUDE_MAIN
39 #ifdef HG_FUZZER_INCLUDE_MAIN
35 int main(int argc, char **argv)
40 int main(int argc, char **argv)
36 {
41 {
37 const char data[] = "asdf";
42 const char data[] = "asdf";
38 return LLVMFuzzerTestOneInput((const uint8_t *)data, 4);
43 return LLVMFuzzerTestOneInput((const uint8_t *)data, 4);
39 }
44 }
40 #endif
45 #endif
41
46
42 } // extern "C"
47 } // extern "C"
Show file before | Show file after | Hide comments
@@ -1,122 +1,127 b''
1 /*
1 /*
2 * mpatch.cc - fuzzer harness for mpatch.c
2 * mpatch.cc - fuzzer harness for mpatch.c
3 *
3 *
4 * Copyright 2018, Google Inc.
4 * Copyright 2018, Google Inc.
5 *
5 *
6 * This software may be used and distributed according to the terms of
6 * This software may be used and distributed according to the terms of
7 * the GNU General Public License, incorporated herein by reference.
7 * the GNU General Public License, incorporated herein by reference.
8 */
8 */
9 #include <iostream>
9 #include <iostream>
10 #include <memory>
10 #include <memory>
11 #include <stdint.h>
11 #include <stdint.h>
12 #include <stdlib.h>
12 #include <stdlib.h>
13 #include <vector>
13 #include <vector>
14
14
15 #include "fuzzutil.h"
15 #include "fuzzutil.h"
16
16
17 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
18 {
19 return 0;
20 }
21
17 // To avoid having too many OOMs from the fuzzer infrastructure, we'll
22 // To avoid having too many OOMs from the fuzzer infrastructure, we'll
18 // skip patch application if the resulting fulltext would be bigger
23 // skip patch application if the resulting fulltext would be bigger
19 // than 10MiB.
24 // than 10MiB.
20 #define MAX_OUTPUT_SIZE 10485760
25 #define MAX_OUTPUT_SIZE 10485760
21
26
22 extern "C" {
27 extern "C" {
23 #include "bitmanipulation.h"
28 #include "bitmanipulation.h"
24 #include "mpatch.h"
29 #include "mpatch.h"
25
30
26 struct mpatchbin {
31 struct mpatchbin {
27 std::unique_ptr<char[]> data;
32 std::unique_ptr<char[]> data;
28 size_t len;
33 size_t len;
29 };
34 };
30
35
31 static mpatch_flist *getitem(void *vbins, ssize_t pos)
36 static mpatch_flist *getitem(void *vbins, ssize_t pos)
32 {
37 {
33 std::vector<mpatchbin> *bins = (std::vector<mpatchbin> *)vbins;
38 std::vector<mpatchbin> *bins = (std::vector<mpatchbin> *)vbins;
34 const mpatchbin &bin = bins->at(pos + 1);
39 const mpatchbin &bin = bins->at(pos + 1);
35 struct mpatch_flist *res;
40 struct mpatch_flist *res;
36 LOG(2) << "mpatch_decode " << bin.len << std::endl;
41 LOG(2) << "mpatch_decode " << bin.len << std::endl;
37 if (mpatch_decode(bin.data.get(), bin.len, &res) < 0)
42 if (mpatch_decode(bin.data.get(), bin.len, &res) < 0)
38 return NULL;
43 return NULL;
39 return res;
44 return res;
40 }
45 }
41
46
42 // input format:
47 // input format:
43 // u8 number of inputs
48 // u8 number of inputs
44 // one u16 for each input, its length
49 // one u16 for each input, its length
45 // the inputs
50 // the inputs
46 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
51 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
47 {
52 {
48 if (!Size) {
53 if (!Size) {
49 return 0;
54 return 0;
50 }
55 }
51 // First byte of data is how many texts we expect, first text
56 // First byte of data is how many texts we expect, first text
52 // being the base the rest being the deltas.
57 // being the base the rest being the deltas.
53 ssize_t numtexts = Data[0];
58 ssize_t numtexts = Data[0];
54 if (numtexts < 2) {
59 if (numtexts < 2) {
55 // No point if we don't have at least a base text and a delta...
60 // No point if we don't have at least a base text and a delta...
56 return 0;
61 return 0;
57 }
62 }
58 // Each text will be described by a byte for how long it
63 // Each text will be described by a byte for how long it
59 // should be, so give up if we don't have enough.
64 // should be, so give up if we don't have enough.
60 if ((Size - 1) < (numtexts * 2)) {
65 if ((Size - 1) < (numtexts * 2)) {
61 return 0;
66 return 0;
62 }
67 }
63 size_t consumed = 1 + (numtexts * 2);
68 size_t consumed = 1 + (numtexts * 2);
64 LOG(2) << "input contains " << Size << std::endl;
69 LOG(2) << "input contains " << Size << std::endl;
65 LOG(2) << numtexts << " texts, consuming " << consumed << std::endl;
70 LOG(2) << numtexts << " texts, consuming " << consumed << std::endl;
66 std::vector<mpatchbin> bins;
71 std::vector<mpatchbin> bins;
67 bins.reserve(numtexts);
72 bins.reserve(numtexts);
68 for (int i = 0; i < numtexts; ++i) {
73 for (int i = 0; i < numtexts; ++i) {
69 mpatchbin bin;
74 mpatchbin bin;
70 size_t nthsize = getbeuint16((char *)Data + 1 + (2 * i));
75 size_t nthsize = getbeuint16((char *)Data + 1 + (2 * i));
71 LOG(2) << "text " << i << " is " << nthsize << std::endl;
76 LOG(2) << "text " << i << " is " << nthsize << std::endl;
72 char *start = (char *)Data + consumed;
77 char *start = (char *)Data + consumed;
73 consumed += nthsize;
78 consumed += nthsize;
74 if (consumed > Size) {
79 if (consumed > Size) {
75 LOG(2) << "ran out of data, consumed " << consumed
80 LOG(2) << "ran out of data, consumed " << consumed
76 << " of " << Size << std::endl;
81 << " of " << Size << std::endl;
77 return 0;
82 return 0;
78 }
83 }
79 bin.len = nthsize;
84 bin.len = nthsize;
80 bin.data.reset(new char[nthsize]);
85 bin.data.reset(new char[nthsize]);
81 memcpy(bin.data.get(), start, nthsize);
86 memcpy(bin.data.get(), start, nthsize);
82 bins.push_back(std::move(bin));
87 bins.push_back(std::move(bin));
83 }
88 }
84 LOG(2) << "mpatch_flist" << std::endl;
89 LOG(2) << "mpatch_flist" << std::endl;
85 struct mpatch_flist *patch =
90 struct mpatch_flist *patch =
86 mpatch_fold(&bins, getitem, 0, numtexts - 1);
91 mpatch_fold(&bins, getitem, 0, numtexts - 1);
87 if (!patch) {
92 if (!patch) {
88 return 0;
93 return 0;
89 }
94 }
90 LOG(2) << "mpatch_calcsize" << std::endl;
95 LOG(2) << "mpatch_calcsize" << std::endl;
91 ssize_t outlen = mpatch_calcsize(bins[0].len, patch);
96 ssize_t outlen = mpatch_calcsize(bins[0].len, patch);
92 LOG(2) << "outlen " << outlen << std::endl;
97 LOG(2) << "outlen " << outlen << std::endl;
93 if (outlen < 0 || outlen > MAX_OUTPUT_SIZE) {
98 if (outlen < 0 || outlen > MAX_OUTPUT_SIZE) {
94 goto cleanup;
99 goto cleanup;
95 }
100 }
96 {
101 {
97 char *dest = (char *)malloc(outlen);
102 char *dest = (char *)malloc(outlen);
98 LOG(2) << "expecting " << outlen << " total bytes at "
103 LOG(2) << "expecting " << outlen << " total bytes at "
99 << (void *)dest << std::endl;
104 << (void *)dest << std::endl;
100 mpatch_apply(dest, bins[0].data.get(), bins[0].len, patch);
105 mpatch_apply(dest, bins[0].data.get(), bins[0].len, patch);
101 free(dest);
106 free(dest);
102 LOG(1) << "applied a complete patch" << std::endl;
107 LOG(1) << "applied a complete patch" << std::endl;
103 }
108 }
104 cleanup:
109 cleanup:
105 mpatch_lfree(patch);
110 mpatch_lfree(patch);
106 return 0;
111 return 0;
107 }
112 }
108
113
109 #ifdef HG_FUZZER_INCLUDE_MAIN
114 #ifdef HG_FUZZER_INCLUDE_MAIN
110 int main(int argc, char **argv)
115 int main(int argc, char **argv)
111 {
116 {
112 // One text, one patch.
117 // One text, one patch.
113 const char data[] = "\x02\x00\0x1\x00\x0d"
118 const char data[] = "\x02\x00\0x1\x00\x0d"
114 // base text
119 // base text
115 "a"
120 "a"
116 // binary delta that will append a single b
121 // binary delta that will append a single b
117 "\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01b";
122 "\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01b";
118 return LLVMFuzzerTestOneInput((const uint8_t *)data, 19);
123 return LLVMFuzzerTestOneInput((const uint8_t *)data, 19);
119 }
124 }
120 #endif
125 #endif
121
126
122 } // extern "C"
127 } // extern "C"
Show file before | Show file after | Hide comments
@@ -1,61 +1,66 b''
1 /*
1 /*
2 * xdiff.cc - fuzzer harness for thirdparty/xdiff
2 * xdiff.cc - fuzzer harness for thirdparty/xdiff
3 *
3 *
4 * Copyright 2018, Google Inc.
4 * Copyright 2018, Google Inc.
5 *
5 *
6 * This software may be used and distributed according to the terms of
6 * This software may be used and distributed according to the terms of
7 * the GNU General Public License, incorporated herein by reference.
7 * the GNU General Public License, incorporated herein by reference.
8 */
8 */
9 #include "thirdparty/xdiff/xdiff.h"
9 #include "thirdparty/xdiff/xdiff.h"
10 #include <inttypes.h>
10 #include <inttypes.h>
11 #include <stdlib.h>
11 #include <stdlib.h>
12
12
13 #include <fuzzer/FuzzedDataProvider.h>
13 #include <fuzzer/FuzzedDataProvider.h>
14
14
15 extern "C" {
15 extern "C" {
16
16
17 int LLVMFuzzerInitialize(int *argc, char ***argv)
18 {
19 return 0;
20 }
21
17 int hunk_consumer(long a1, long a2, long b1, long b2, void *priv)
22 int hunk_consumer(long a1, long a2, long b1, long b2, void *priv)
18 {
23 {
19 // TODO: probably also test returning -1 from this when things break?
24 // TODO: probably also test returning -1 from this when things break?
20 return 0;
25 return 0;
21 }
26 }
22
27
23 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
28 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
24 {
29 {
25 // Don't allow fuzzer inputs larger than 100k, since we'll just bog
30 // Don't allow fuzzer inputs larger than 100k, since we'll just bog
26 // down and not accomplish much.
31 // down and not accomplish much.
27 if (Size > 100000) {
32 if (Size > 100000) {
28 return 0;
33 return 0;
29 }
34 }
30 FuzzedDataProvider provider(Data, Size);
35 FuzzedDataProvider provider(Data, Size);
31 std::string left = provider.ConsumeRandomLengthString(Size);
36 std::string left = provider.ConsumeRandomLengthString(Size);
32 std::string right = provider.ConsumeRemainingBytesAsString();
37 std::string right = provider.ConsumeRemainingBytesAsString();
33 mmfile_t a, b;
38 mmfile_t a, b;
34
39
35 a.ptr = (char *)left.c_str();
40 a.ptr = (char *)left.c_str();
36 a.size = left.size();
41 a.size = left.size();
37 b.ptr = (char *)right.c_str();
42 b.ptr = (char *)right.c_str();
38 b.size = right.size();
43 b.size = right.size();
39 xpparam_t xpp = {
44 xpparam_t xpp = {
40 XDF_INDENT_HEURISTIC, /* flags */
45 XDF_INDENT_HEURISTIC, /* flags */
41 };
46 };
42 xdemitconf_t xecfg = {
47 xdemitconf_t xecfg = {
43 XDL_EMIT_BDIFFHUNK, /* flags */
48 XDL_EMIT_BDIFFHUNK, /* flags */
44 hunk_consumer, /* hunk_consume_func */
49 hunk_consumer, /* hunk_consume_func */
45 };
50 };
46 xdemitcb_t ecb = {
51 xdemitcb_t ecb = {
47 NULL, /* priv */
52 NULL, /* priv */
48 };
53 };
49 xdl_diff(&a, &b, &xpp, &xecfg, &ecb);
54 xdl_diff(&a, &b, &xpp, &xecfg, &ecb);
50 return 0; // Non-zero return values are reserved for future use.
55 return 0; // Non-zero return values are reserved for future use.
51 }
56 }
52
57
53 #ifdef HG_FUZZER_INCLUDE_MAIN
58 #ifdef HG_FUZZER_INCLUDE_MAIN
54 int main(int argc, char **argv)
59 int main(int argc, char **argv)
55 {
60 {
56 const char data[] = "asdf";
61 const char data[] = "asdf";
57 return LLVMFuzzerTestOneInput((const uint8_t *)data, 4);
62 return LLVMFuzzerTestOneInput((const uint8_t *)data, 4);
58 }
63 }
59 #endif
64 #endif
60
65
61 } // extern "C"
66 } // extern "C"
General Comments 0
You need to be logged in to leave comments. Login now