##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

fuzz: always define LLVMFuzzerInitialize() even if we don't need it...
Augie Fackler -
r44261:51a99e09 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,42 +1,47 b''
1 1 /*
2 2 * bdiff.cc - fuzzer harness for bdiff.c
3 3 *
4 4 * Copyright 2018, Google Inc.
5 5 *
6 6 * This software may be used and distributed according to the terms of
7 7 * the GNU General Public License, incorporated herein by reference.
8 8 */
9 9 #include <memory>
10 10 #include <stdlib.h>
11 11
12 12 #include <fuzzer/FuzzedDataProvider.h>
13 13
14 14 extern "C" {
15 15 #include "bdiff.h"
16 16
17 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
18 {
19 return 0;
20 }
21
17 22 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
18 23 {
19 24 FuzzedDataProvider provider(Data, Size);
20 25 std::string left = provider.ConsumeRandomLengthString(Size);
21 26 std::string right = provider.ConsumeRemainingBytesAsString();
22 27
23 28 struct bdiff_line *a, *b;
24 29 int an = bdiff_splitlines(left.c_str(), left.size(), &a);
25 30 int bn = bdiff_splitlines(right.c_str(), right.size(), &b);
26 31 struct bdiff_hunk l;
27 32 bdiff_diff(a, an, b, bn, &l);
28 33 free(a);
29 34 free(b);
30 35 bdiff_freehunks(l.next);
31 36 return 0; // Non-zero return values are reserved for future use.
32 37 }
33 38
34 39 #ifdef HG_FUZZER_INCLUDE_MAIN
35 40 int main(int argc, char **argv)
36 41 {
37 42 const char data[] = "asdf";
38 43 return LLVMFuzzerTestOneInput((const uint8_t *)data, 4);
39 44 }
40 45 #endif
41 46
42 47 } // extern "C"
Show file before | Show file after | Hide comments
@@ -1,122 +1,127 b''
1 1 /*
2 2 * mpatch.cc - fuzzer harness for mpatch.c
3 3 *
4 4 * Copyright 2018, Google Inc.
5 5 *
6 6 * This software may be used and distributed according to the terms of
7 7 * the GNU General Public License, incorporated herein by reference.
8 8 */
9 9 #include <iostream>
10 10 #include <memory>
11 11 #include <stdint.h>
12 12 #include <stdlib.h>
13 13 #include <vector>
14 14
15 15 #include "fuzzutil.h"
16 16
17 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
18 {
19 return 0;
20 }
21
17 22 // To avoid having too many OOMs from the fuzzer infrastructure, we'll
18 23 // skip patch application if the resulting fulltext would be bigger
19 24 // than 10MiB.
20 25 #define MAX_OUTPUT_SIZE 10485760
21 26
22 27 extern "C" {
23 28 #include "bitmanipulation.h"
24 29 #include "mpatch.h"
25 30
26 31 struct mpatchbin {
27 32 std::unique_ptr<char[]> data;
28 33 size_t len;
29 34 };
30 35
31 36 static mpatch_flist *getitem(void *vbins, ssize_t pos)
32 37 {
33 38 std::vector<mpatchbin> *bins = (std::vector<mpatchbin> *)vbins;
34 39 const mpatchbin &bin = bins->at(pos + 1);
35 40 struct mpatch_flist *res;
36 41 LOG(2) << "mpatch_decode " << bin.len << std::endl;
37 42 if (mpatch_decode(bin.data.get(), bin.len, &res) < 0)
38 43 return NULL;
39 44 return res;
40 45 }
41 46
42 47 // input format:
43 48 // u8 number of inputs
44 49 // one u16 for each input, its length
45 50 // the inputs
46 51 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
47 52 {
48 53 if (!Size) {
49 54 return 0;
50 55 }
51 56 // First byte of data is how many texts we expect, first text
52 57 // being the base the rest being the deltas.
53 58 ssize_t numtexts = Data[0];
54 59 if (numtexts < 2) {
55 60 // No point if we don't have at least a base text and a delta...
56 61 return 0;
57 62 }
58 63 // Each text will be described by a byte for how long it
59 64 // should be, so give up if we don't have enough.
60 65 if ((Size - 1) < (numtexts * 2)) {
61 66 return 0;
62 67 }
63 68 size_t consumed = 1 + (numtexts * 2);
64 69 LOG(2) << "input contains " << Size << std::endl;
65 70 LOG(2) << numtexts << " texts, consuming " << consumed << std::endl;
66 71 std::vector<mpatchbin> bins;
67 72 bins.reserve(numtexts);
68 73 for (int i = 0; i < numtexts; ++i) {
69 74 mpatchbin bin;
70 75 size_t nthsize = getbeuint16((char *)Data + 1 + (2 * i));
71 76 LOG(2) << "text " << i << " is " << nthsize << std::endl;
72 77 char *start = (char *)Data + consumed;
73 78 consumed += nthsize;
74 79 if (consumed > Size) {
75 80 LOG(2) << "ran out of data, consumed " << consumed
76 81 << " of " << Size << std::endl;
77 82 return 0;
78 83 }
79 84 bin.len = nthsize;
80 85 bin.data.reset(new char[nthsize]);
81 86 memcpy(bin.data.get(), start, nthsize);
82 87 bins.push_back(std::move(bin));
83 88 }
84 89 LOG(2) << "mpatch_flist" << std::endl;
85 90 struct mpatch_flist *patch =
86 91 mpatch_fold(&bins, getitem, 0, numtexts - 1);
87 92 if (!patch) {
88 93 return 0;
89 94 }
90 95 LOG(2) << "mpatch_calcsize" << std::endl;
91 96 ssize_t outlen = mpatch_calcsize(bins[0].len, patch);
92 97 LOG(2) << "outlen " << outlen << std::endl;
93 98 if (outlen < 0 || outlen > MAX_OUTPUT_SIZE) {
94 99 goto cleanup;
95 100 }
96 101 {
97 102 char *dest = (char *)malloc(outlen);
98 103 LOG(2) << "expecting " << outlen << " total bytes at "
99 104 << (void *)dest << std::endl;
100 105 mpatch_apply(dest, bins[0].data.get(), bins[0].len, patch);
101 106 free(dest);
102 107 LOG(1) << "applied a complete patch" << std::endl;
103 108 }
104 109 cleanup:
105 110 mpatch_lfree(patch);
106 111 return 0;
107 112 }
108 113
109 114 #ifdef HG_FUZZER_INCLUDE_MAIN
110 115 int main(int argc, char **argv)
111 116 {
112 117 // One text, one patch.
113 118 const char data[] = "\x02\x00\0x1\x00\x0d"
114 119 // base text
115 120 "a"
116 121 // binary delta that will append a single b
117 122 "\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01b";
118 123 return LLVMFuzzerTestOneInput((const uint8_t *)data, 19);
119 124 }
120 125 #endif
121 126
122 127 } // extern "C"
Show file before | Show file after | Hide comments
@@ -1,61 +1,66 b''
1 1 /*
2 2 * xdiff.cc - fuzzer harness for thirdparty/xdiff
3 3 *
4 4 * Copyright 2018, Google Inc.
5 5 *
6 6 * This software may be used and distributed according to the terms of
7 7 * the GNU General Public License, incorporated herein by reference.
8 8 */
9 9 #include "thirdparty/xdiff/xdiff.h"
10 10 #include <inttypes.h>
11 11 #include <stdlib.h>
12 12
13 13 #include <fuzzer/FuzzedDataProvider.h>
14 14
15 15 extern "C" {
16 16
17 int LLVMFuzzerInitialize(int *argc, char ***argv)
18 {
19 return 0;
20 }
21
17 22 int hunk_consumer(long a1, long a2, long b1, long b2, void *priv)
18 23 {
19 24 // TODO: probably also test returning -1 from this when things break?
20 25 return 0;
21 26 }
22 27
23 28 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
24 29 {
25 30 // Don't allow fuzzer inputs larger than 100k, since we'll just bog
26 31 // down and not accomplish much.
27 32 if (Size > 100000) {
28 33 return 0;
29 34 }
30 35 FuzzedDataProvider provider(Data, Size);
31 36 std::string left = provider.ConsumeRandomLengthString(Size);
32 37 std::string right = provider.ConsumeRemainingBytesAsString();
33 38 mmfile_t a, b;
34 39
35 40 a.ptr = (char *)left.c_str();
36 41 a.size = left.size();
37 42 b.ptr = (char *)right.c_str();
38 43 b.size = right.size();
39 44 xpparam_t xpp = {
40 45 XDF_INDENT_HEURISTIC, /* flags */
41 46 };
42 47 xdemitconf_t xecfg = {
43 48 XDL_EMIT_BDIFFHUNK, /* flags */
44 49 hunk_consumer, /* hunk_consume_func */
45 50 };
46 51 xdemitcb_t ecb = {
47 52 NULL, /* priv */
48 53 };
49 54 xdl_diff(&a, &b, &xpp, &xecfg, &ecb);
50 55 return 0; // Non-zero return values are reserved for future use.
51 56 }
52 57
53 58 #ifdef HG_FUZZER_INCLUDE_MAIN
54 59 int main(int argc, char **argv)
55 60 {
56 61 const char data[] = "asdf";
57 62 return LLVMFuzzerTestOneInput((const uint8_t *)data, 4);
58 63 }
59 64 #endif
60 65
61 66 } // extern "C"
General Comments 0
You need to be logged in to leave comments. Login now