##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

fuzz: remove legacy setup for running fuzzers outside oss-fuzz...
Augie Fackler -
r44255:7857bd9b default draft
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,190 +1,165 b''
1 CC = clang
1 CC = clang
2 CXX = clang++
2 CXX = clang++
3
3
4 # By default, use our own standalone_fuzz_target_runner.
4 # By default, use our own standalone_fuzz_target_runner.
5 # This runner does no fuzzing, but simply executes the inputs
5 # This runner does no fuzzing, but simply executes the inputs
6 # provided via parameters.
6 # provided via parameters.
7 # Run e.g. "make all LIB_FUZZING_ENGINE=/path/to/libFuzzer.a"
7 # Run e.g. "make all LIB_FUZZING_ENGINE=/path/to/libFuzzer.a"
8 # to link the fuzzer(s) against a real fuzzing engine.
8 # to link the fuzzer(s) against a real fuzzing engine.
9 #
9 #
10 # OSS-Fuzz will define its own value for LIB_FUZZING_ENGINE.
10 # OSS-Fuzz will define its own value for LIB_FUZZING_ENGINE.
11 LIB_FUZZING_ENGINE ?= standalone_fuzz_target_runner.o
11 LIB_FUZZING_ENGINE ?= standalone_fuzz_target_runner.o
12
12
13 PYTHON_CONFIG ?= $$OUT/sanpy/bin/python-config
13 PYTHON_CONFIG ?= $$OUT/sanpy/bin/python-config
14
14
15 CXXFLAGS += -Wno-deprecated-register
15 CXXFLAGS += -Wno-deprecated-register
16
16
17 all: standalone_fuzz_target_runner.o oss-fuzz
17 all: standalone_fuzz_target_runner.o oss-fuzz
18
18
19 standalone_fuzz_target_runner.o: standalone_fuzz_target_runner.cc
19 standalone_fuzz_target_runner.o: standalone_fuzz_target_runner.cc
20
20
21 pyutil.o: pyutil.cc pyutil.h
21 pyutil.o: pyutil.cc pyutil.h
22 $(CXX) $(CXXFLAGS) -g -O1 \
22 $(CXX) $(CXXFLAGS) -g -O1 \
23 `$(PYTHON_CONFIG) --cflags` \
23 `$(PYTHON_CONFIG) --cflags` \
24 -I../../mercurial -c -o pyutil.o pyutil.cc
24 -I../../mercurial -c -o pyutil.o pyutil.cc
25
25
26 bdiff.o: ../../mercurial/bdiff.c
27 $(CC) $(CFLAGS) -fsanitize=fuzzer-no-link,address -c -o bdiff.o \
28 ../../mercurial/bdiff.c
29
30 bdiff: bdiff.cc bdiff.o
31 $(CXX) $(CXXFLAGS) -DHG_FUZZER_INCLUDE_MAIN=1 -g -O1 -fsanitize=fuzzer-no-link,address \
32 -std=c++17 \
33 -I../../mercurial bdiff.cc bdiff.o -o bdiff
34
35 bdiff-oss-fuzz.o: ../../mercurial/bdiff.c
26 bdiff-oss-fuzz.o: ../../mercurial/bdiff.c
36 $(CC) $(CFLAGS) -c -o bdiff-oss-fuzz.o ../../mercurial/bdiff.c
27 $(CC) $(CFLAGS) -c -o bdiff-oss-fuzz.o ../../mercurial/bdiff.c
37
28
38 bdiff_fuzzer: bdiff.cc bdiff-oss-fuzz.o
29 bdiff_fuzzer: bdiff.cc bdiff-oss-fuzz.o
39 $(CXX) $(CXXFLAGS) -std=c++17 -I../../mercurial bdiff.cc \
30 $(CXX) $(CXXFLAGS) -std=c++17 -I../../mercurial bdiff.cc \
40 bdiff-oss-fuzz.o $(LIB_FUZZING_ENGINE) -o \
31 bdiff-oss-fuzz.o $(LIB_FUZZING_ENGINE) -o \
41 $$OUT/bdiff_fuzzer
32 $$OUT/bdiff_fuzzer
42
33
43 mpatch.o: ../../mercurial/mpatch.c
34 mpatch.o: ../../mercurial/mpatch.c
44 $(CC) -g -O1 -fsanitize=fuzzer-no-link,address -c -o mpatch.o \
35 $(CC) -g -O1 -fsanitize=fuzzer-no-link,address -c -o mpatch.o \
45 ../../mercurial/mpatch.c
36 ../../mercurial/mpatch.c
46
37
47 mpatch: CXXFLAGS += -std=c++17
48 mpatch: mpatch.cc mpatch.o
49 $(CXX) $(CXXFLAGS) -DHG_FUZZER_INCLUDE_MAIN=1 -g -O1 -fsanitize=fuzzer-no-link,address \
50 -I../../mercurial mpatch.cc mpatch.o -o mpatch
51
52 mpatch-oss-fuzz.o: ../../mercurial/mpatch.c
38 mpatch-oss-fuzz.o: ../../mercurial/mpatch.c
53 $(CC) $(CFLAGS) -c -o mpatch-oss-fuzz.o ../../mercurial/mpatch.c
39 $(CC) $(CFLAGS) -c -o mpatch-oss-fuzz.o ../../mercurial/mpatch.c
54
40
55 mpatch_fuzzer: mpatch.cc mpatch-oss-fuzz.o
41 mpatch_fuzzer: mpatch.cc mpatch-oss-fuzz.o
56 $(CXX) $(CXXFLAGS) -std=c++17 -I../../mercurial mpatch.cc \
42 $(CXX) $(CXXFLAGS) -std=c++17 -I../../mercurial mpatch.cc \
57 mpatch-oss-fuzz.o $(LIB_FUZZING_ENGINE) -o \
43 mpatch-oss-fuzz.o $(LIB_FUZZING_ENGINE) -o \
58 $$OUT/mpatch_fuzzer
44 $$OUT/mpatch_fuzzer
59
45
60 mpatch_corpus.zip:
46 mpatch_corpus.zip:
61 python mpatch_corpus.py $$OUT/mpatch_fuzzer_seed_corpus.zip
47 python mpatch_corpus.py $$OUT/mpatch_fuzzer_seed_corpus.zip
62
48
63 x%.o: ../../mercurial/thirdparty/xdiff/x%.c ../../mercurial/thirdparty/xdiff/*.h
64 $(CC) -g -O1 -fsanitize=fuzzer-no-link,address -c \
65 -o $@ \
66 $<
67
68 xdiff: CXXFLAGS += -std=c++17
69 xdiff: xdiff.cc xdiffi.o xprepare.o xutils.o
70 $(CXX) $(CXXFLAGS) -DHG_FUZZER_INCLUDE_MAIN=1 -g -O1 -fsanitize=fuzzer-no-link,address \
71 -I../../mercurial xdiff.cc \
72 xdiffi.o xprepare.o xutils.o -o xdiff
73
74 fuzz-x%.o: ../../mercurial/thirdparty/xdiff/x%.c ../../mercurial/thirdparty/xdiff/*.h
49 fuzz-x%.o: ../../mercurial/thirdparty/xdiff/x%.c ../../mercurial/thirdparty/xdiff/*.h
75 $(CC) $(CFLAGS) -c \
50 $(CC) $(CFLAGS) -c \
76 -o $@ \
51 -o $@ \
77 $<
52 $<
78
53
79 xdiff_fuzzer: xdiff.cc fuzz-xdiffi.o fuzz-xprepare.o fuzz-xutils.o
54 xdiff_fuzzer: xdiff.cc fuzz-xdiffi.o fuzz-xprepare.o fuzz-xutils.o
80 $(CXX) $(CXXFLAGS) -std=c++17 -I../../mercurial xdiff.cc \
55 $(CXX) $(CXXFLAGS) -std=c++17 -I../../mercurial xdiff.cc \
81 fuzz-xdiffi.o fuzz-xprepare.o fuzz-xutils.o \
56 fuzz-xdiffi.o fuzz-xprepare.o fuzz-xutils.o \
82 $(LIB_FUZZING_ENGINE) -o $$OUT/xdiff_fuzzer
57 $(LIB_FUZZING_ENGINE) -o $$OUT/xdiff_fuzzer
83
58
84 manifest.o: ../../mercurial/cext/manifest.c
59 manifest.o: ../../mercurial/cext/manifest.c
85 $(CC) $(CFLAGS) `$(PYTHON_CONFIG) --cflags` \
60 $(CC) $(CFLAGS) `$(PYTHON_CONFIG) --cflags` \
86 -I../../mercurial \
61 -I../../mercurial \
87 -c -o manifest.o ../../mercurial/cext/manifest.c
62 -c -o manifest.o ../../mercurial/cext/manifest.c
88
63
89 charencode.o: ../../mercurial/cext/charencode.c
64 charencode.o: ../../mercurial/cext/charencode.c
90 $(CC) $(CFLAGS) `$(PYTHON_CONFIG) --cflags` \
65 $(CC) $(CFLAGS) `$(PYTHON_CONFIG) --cflags` \
91 -I../../mercurial \
66 -I../../mercurial \
92 -c -o charencode.o ../../mercurial/cext/charencode.c
67 -c -o charencode.o ../../mercurial/cext/charencode.c
93
68
94 parsers.o: ../../mercurial/cext/parsers.c
69 parsers.o: ../../mercurial/cext/parsers.c
95 $(CC) $(CFLAGS) `$(PYTHON_CONFIG) --cflags` \
70 $(CC) $(CFLAGS) `$(PYTHON_CONFIG) --cflags` \
96 -I../../mercurial \
71 -I../../mercurial \
97 -c -o parsers.o ../../mercurial/cext/parsers.c
72 -c -o parsers.o ../../mercurial/cext/parsers.c
98
73
99 dirs.o: ../../mercurial/cext/dirs.c
74 dirs.o: ../../mercurial/cext/dirs.c
100 $(CC) $(CFLAGS) `$(PYTHON_CONFIG) --cflags` \
75 $(CC) $(CFLAGS) `$(PYTHON_CONFIG) --cflags` \
101 -I../../mercurial \
76 -I../../mercurial \
102 -c -o dirs.o ../../mercurial/cext/dirs.c
77 -c -o dirs.o ../../mercurial/cext/dirs.c
103
78
104 pathencode.o: ../../mercurial/cext/pathencode.c
79 pathencode.o: ../../mercurial/cext/pathencode.c
105 $(CC) $(CFLAGS) `$(PYTHON_CONFIG) --cflags` \
80 $(CC) $(CFLAGS) `$(PYTHON_CONFIG) --cflags` \
106 -I../../mercurial \
81 -I../../mercurial \
107 -c -o pathencode.o ../../mercurial/cext/pathencode.c
82 -c -o pathencode.o ../../mercurial/cext/pathencode.c
108
83
109 revlog.o: ../../mercurial/cext/revlog.c
84 revlog.o: ../../mercurial/cext/revlog.c
110 $(CC) $(CFLAGS) `$(PYTHON_CONFIG) --cflags` \
85 $(CC) $(CFLAGS) `$(PYTHON_CONFIG) --cflags` \
111 -I../../mercurial \
86 -I../../mercurial \
112 -c -o revlog.o ../../mercurial/cext/revlog.c
87 -c -o revlog.o ../../mercurial/cext/revlog.c
113
88
114 dirs_fuzzer: dirs.cc manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o
89 dirs_fuzzer: dirs.cc manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o
115 $(CXX) $(CXXFLAGS) `$(PYTHON_CONFIG) --cflags` \
90 $(CXX) $(CXXFLAGS) `$(PYTHON_CONFIG) --cflags` \
116 -Wno-register -Wno-macro-redefined \
91 -Wno-register -Wno-macro-redefined \
117 -I../../mercurial dirs.cc \
92 -I../../mercurial dirs.cc \
118 manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o \
93 manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o \
119 $(LIB_FUZZING_ENGINE) `$(PYTHON_CONFIG) --ldflags` \
94 $(LIB_FUZZING_ENGINE) `$(PYTHON_CONFIG) --ldflags` \
120 -o $$OUT/dirs_fuzzer
95 -o $$OUT/dirs_fuzzer
121
96
122 fncache_fuzzer: fncache.cc manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o
97 fncache_fuzzer: fncache.cc manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o
123 $(CXX) $(CXXFLAGS) `$(PYTHON_CONFIG) --cflags` \
98 $(CXX) $(CXXFLAGS) `$(PYTHON_CONFIG) --cflags` \
124 -Wno-register -Wno-macro-redefined \
99 -Wno-register -Wno-macro-redefined \
125 -I../../mercurial fncache.cc \
100 -I../../mercurial fncache.cc \
126 manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o \
101 manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o \
127 $(LIB_FUZZING_ENGINE) `$(PYTHON_CONFIG) --ldflags` \
102 $(LIB_FUZZING_ENGINE) `$(PYTHON_CONFIG) --ldflags` \
128 -o $$OUT/fncache_fuzzer
103 -o $$OUT/fncache_fuzzer
129
104
130 jsonescapeu8fast_fuzzer: jsonescapeu8fast.cc manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o
105 jsonescapeu8fast_fuzzer: jsonescapeu8fast.cc manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o
131 $(CXX) $(CXXFLAGS) `$(PYTHON_CONFIG) --cflags` \
106 $(CXX) $(CXXFLAGS) `$(PYTHON_CONFIG) --cflags` \
132 -Wno-register -Wno-macro-redefined \
107 -Wno-register -Wno-macro-redefined \
133 -I../../mercurial jsonescapeu8fast.cc \
108 -I../../mercurial jsonescapeu8fast.cc \
134 manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o \
109 manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o \
135 $(LIB_FUZZING_ENGINE) `$(PYTHON_CONFIG) --ldflags` \
110 $(LIB_FUZZING_ENGINE) `$(PYTHON_CONFIG) --ldflags` \
136 -o $$OUT/jsonescapeu8fast_fuzzer
111 -o $$OUT/jsonescapeu8fast_fuzzer
137
112
138 manifest_corpus.zip:
113 manifest_corpus.zip:
139 python manifest_corpus.py $$OUT/manifest_fuzzer_seed_corpus.zip
114 python manifest_corpus.py $$OUT/manifest_fuzzer_seed_corpus.zip
140
115
141 manifest_fuzzer: manifest.cc manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o
116 manifest_fuzzer: manifest.cc manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o
142 $(CXX) $(CXXFLAGS) `$(PYTHON_CONFIG) --cflags` \
117 $(CXX) $(CXXFLAGS) `$(PYTHON_CONFIG) --cflags` \
143 -Wno-register -Wno-macro-redefined \
118 -Wno-register -Wno-macro-redefined \
144 -I../../mercurial manifest.cc \
119 -I../../mercurial manifest.cc \
145 manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o \
120 manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o \
146 $(LIB_FUZZING_ENGINE) `$(PYTHON_CONFIG) --ldflags` \
121 $(LIB_FUZZING_ENGINE) `$(PYTHON_CONFIG) --ldflags` \
147 -o $$OUT/manifest_fuzzer
122 -o $$OUT/manifest_fuzzer
148
123
149 revlog_fuzzer: revlog.cc manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o
124 revlog_fuzzer: revlog.cc manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o
150 $(CXX) $(CXXFLAGS) `$(PYTHON_CONFIG) --cflags` \
125 $(CXX) $(CXXFLAGS) `$(PYTHON_CONFIG) --cflags` \
151 -Wno-register -Wno-macro-redefined \
126 -Wno-register -Wno-macro-redefined \
152 -I../../mercurial revlog.cc \
127 -I../../mercurial revlog.cc \
153 manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o \
128 manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o \
154 $(LIB_FUZZING_ENGINE) `$(PYTHON_CONFIG) --ldflags` \
129 $(LIB_FUZZING_ENGINE) `$(PYTHON_CONFIG) --ldflags` \
155 -o $$OUT/revlog_fuzzer
130 -o $$OUT/revlog_fuzzer
156
131
157 revlog_corpus.zip:
132 revlog_corpus.zip:
158 python revlog_corpus.py $$OUT/revlog_fuzzer_seed_corpus.zip
133 python revlog_corpus.py $$OUT/revlog_fuzzer_seed_corpus.zip
159
134
160 dirstate_fuzzer: dirstate.cc manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o
135 dirstate_fuzzer: dirstate.cc manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o
161 $(CXX) $(CXXFLAGS) `$(PYTHON_CONFIG) --cflags` \
136 $(CXX) $(CXXFLAGS) `$(PYTHON_CONFIG) --cflags` \
162 -Wno-register -Wno-macro-redefined \
137 -Wno-register -Wno-macro-redefined \
163 -I../../mercurial dirstate.cc \
138 -I../../mercurial dirstate.cc \
164 manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o \
139 manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o \
165 $(LIB_FUZZING_ENGINE) `$(PYTHON_CONFIG) --ldflags` \
140 $(LIB_FUZZING_ENGINE) `$(PYTHON_CONFIG) --ldflags` \
166 -o $$OUT/dirstate_fuzzer
141 -o $$OUT/dirstate_fuzzer
167
142
168 dirstate_corpus.zip:
143 dirstate_corpus.zip:
169 python dirstate_corpus.py $$OUT/dirstate_fuzzer_seed_corpus.zip
144 python dirstate_corpus.py $$OUT/dirstate_fuzzer_seed_corpus.zip
170
145
171 fm1readmarkers_fuzzer: fm1readmarkers.cc manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o
146 fm1readmarkers_fuzzer: fm1readmarkers.cc manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o
172 $(CXX) $(CXXFLAGS) `$(PYTHON_CONFIG) --cflags` \
147 $(CXX) $(CXXFLAGS) `$(PYTHON_CONFIG) --cflags` \
173 -Wno-register -Wno-macro-redefined \
148 -Wno-register -Wno-macro-redefined \
174 -I../../mercurial fm1readmarkers.cc \
149 -I../../mercurial fm1readmarkers.cc \
175 manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o \
150 manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o \
176 $(LIB_FUZZING_ENGINE) `$(PYTHON_CONFIG) --ldflags` \
151 $(LIB_FUZZING_ENGINE) `$(PYTHON_CONFIG) --ldflags` \
177 -o $$OUT/fm1readmarkers_fuzzer
152 -o $$OUT/fm1readmarkers_fuzzer
178
153
179 fm1readmarkers_corpus.zip:
154 fm1readmarkers_corpus.zip:
180 python fm1readmarkers_corpus.py $$OUT/fm1readmarkers_fuzzer_seed_corpus.zip
155 python fm1readmarkers_corpus.py $$OUT/fm1readmarkers_fuzzer_seed_corpus.zip
181
156
182 clean:
157 clean:
183 $(RM) *.o *_fuzzer \
158 $(RM) *.o *_fuzzer \
184 bdiff \
159 bdiff \
185 mpatch \
160 mpatch \
186 xdiff
161 xdiff
187
162
188 oss-fuzz: bdiff_fuzzer mpatch_fuzzer mpatch_corpus.zip xdiff_fuzzer dirs_fuzzer fncache_fuzzer jsonescapeu8fast_fuzzer manifest_fuzzer manifest_corpus.zip revlog_fuzzer revlog_corpus.zip dirstate_fuzzer dirstate_corpus.zip fm1readmarkers_fuzzer fm1readmarkers_corpus.zip
163 oss-fuzz: bdiff_fuzzer mpatch_fuzzer mpatch_corpus.zip xdiff_fuzzer dirs_fuzzer fncache_fuzzer jsonescapeu8fast_fuzzer manifest_fuzzer manifest_corpus.zip revlog_fuzzer revlog_corpus.zip dirstate_fuzzer dirstate_corpus.zip fm1readmarkers_fuzzer fm1readmarkers_corpus.zip
189
164
190 .PHONY: all clean oss-fuzz
165 .PHONY: all clean oss-fuzz
Show file before | Show file after | Hide comments
@@ -1,47 +1,39 b''
1 /*
1 /*
2 * bdiff.cc - fuzzer harness for bdiff.c
2 * bdiff.cc - fuzzer harness for bdiff.c
3 *
3 *
4 * Copyright 2018, Google Inc.
4 * Copyright 2018, Google Inc.
5 *
5 *
6 * This software may be used and distributed according to the terms of
6 * This software may be used and distributed according to the terms of
7 * the GNU General Public License, incorporated herein by reference.
7 * the GNU General Public License, incorporated herein by reference.
8 */
8 */
9 #include <memory>
9 #include <memory>
10 #include <stdlib.h>
10 #include <stdlib.h>
11
11
12 #include "FuzzedDataProvider.h"
12 #include "FuzzedDataProvider.h"
13
13
14 extern "C" {
14 extern "C" {
15 #include "bdiff.h"
15 #include "bdiff.h"
16
16
17 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
17 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
18 {
18 {
19 return 0;
19 return 0;
20 }
20 }
21
21
22 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
22 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
23 {
23 {
24 FuzzedDataProvider provider(Data, Size);
24 FuzzedDataProvider provider(Data, Size);
25 std::string left = provider.ConsumeRandomLengthString(Size);
25 std::string left = provider.ConsumeRandomLengthString(Size);
26 std::string right = provider.ConsumeRemainingBytesAsString();
26 std::string right = provider.ConsumeRemainingBytesAsString();
27
27
28 struct bdiff_line *a, *b;
28 struct bdiff_line *a, *b;
29 int an = bdiff_splitlines(left.c_str(), left.size(), &a);
29 int an = bdiff_splitlines(left.c_str(), left.size(), &a);
30 int bn = bdiff_splitlines(right.c_str(), right.size(), &b);
30 int bn = bdiff_splitlines(right.c_str(), right.size(), &b);
31 struct bdiff_hunk l;
31 struct bdiff_hunk l;
32 bdiff_diff(a, an, b, bn, &l);
32 bdiff_diff(a, an, b, bn, &l);
33 free(a);
33 free(a);
34 free(b);
34 free(b);
35 bdiff_freehunks(l.next);
35 bdiff_freehunks(l.next);
36 return 0; // Non-zero return values are reserved for future use.
36 return 0; // Non-zero return values are reserved for future use.
37 }
37 }
38
38
39 #ifdef HG_FUZZER_INCLUDE_MAIN
40 int main(int argc, char **argv)
41 {
42 const char data[] = "asdf";
43 return LLVMFuzzerTestOneInput((const uint8_t *)data, 4);
44 }
45 #endif
46
47 } // extern "C"
39 } // extern "C"
Show file before | Show file after | Hide comments
@@ -1,127 +1,114 b''
1 /*
1 /*
2 * mpatch.cc - fuzzer harness for mpatch.c
2 * mpatch.cc - fuzzer harness for mpatch.c
3 *
3 *
4 * Copyright 2018, Google Inc.
4 * Copyright 2018, Google Inc.
5 *
5 *
6 * This software may be used and distributed according to the terms of
6 * This software may be used and distributed according to the terms of
7 * the GNU General Public License, incorporated herein by reference.
7 * the GNU General Public License, incorporated herein by reference.
8 */
8 */
9 #include <iostream>
9 #include <iostream>
10 #include <memory>
10 #include <memory>
11 #include <stdint.h>
11 #include <stdint.h>
12 #include <stdlib.h>
12 #include <stdlib.h>
13 #include <vector>
13 #include <vector>
14
14
15 #include "fuzzutil.h"
15 #include "fuzzutil.h"
16
16
17 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
17 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
18 {
18 {
19 return 0;
19 return 0;
20 }
20 }
21
21
22 // To avoid having too many OOMs from the fuzzer infrastructure, we'll
22 // To avoid having too many OOMs from the fuzzer infrastructure, we'll
23 // skip patch application if the resulting fulltext would be bigger
23 // skip patch application if the resulting fulltext would be bigger
24 // than 10MiB.
24 // than 10MiB.
25 #define MAX_OUTPUT_SIZE 10485760
25 #define MAX_OUTPUT_SIZE 10485760
26
26
27 extern "C" {
27 extern "C" {
28 #include "bitmanipulation.h"
28 #include "bitmanipulation.h"
29 #include "mpatch.h"
29 #include "mpatch.h"
30
30
31 struct mpatchbin {
31 struct mpatchbin {
32 std::unique_ptr<char[]> data;
32 std::unique_ptr<char[]> data;
33 size_t len;
33 size_t len;
34 };
34 };
35
35
36 static mpatch_flist *getitem(void *vbins, ssize_t pos)
36 static mpatch_flist *getitem(void *vbins, ssize_t pos)
37 {
37 {
38 std::vector<mpatchbin> *bins = (std::vector<mpatchbin> *)vbins;
38 std::vector<mpatchbin> *bins = (std::vector<mpatchbin> *)vbins;
39 const mpatchbin &bin = bins->at(pos + 1);
39 const mpatchbin &bin = bins->at(pos + 1);
40 struct mpatch_flist *res;
40 struct mpatch_flist *res;
41 LOG(2) << "mpatch_decode " << bin.len << std::endl;
41 LOG(2) << "mpatch_decode " << bin.len << std::endl;
42 if (mpatch_decode(bin.data.get(), bin.len, &res) < 0)
42 if (mpatch_decode(bin.data.get(), bin.len, &res) < 0)
43 return NULL;
43 return NULL;
44 return res;
44 return res;
45 }
45 }
46
46
47 // input format:
47 // input format:
48 // u8 number of inputs
48 // u8 number of inputs
49 // one u16 for each input, its length
49 // one u16 for each input, its length
50 // the inputs
50 // the inputs
51 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
51 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
52 {
52 {
53 if (!Size) {
53 if (!Size) {
54 return 0;
54 return 0;
55 }
55 }
56 // First byte of data is how many texts we expect, first text
56 // First byte of data is how many texts we expect, first text
57 // being the base the rest being the deltas.
57 // being the base the rest being the deltas.
58 ssize_t numtexts = Data[0];
58 ssize_t numtexts = Data[0];
59 if (numtexts < 2) {
59 if (numtexts < 2) {
60 // No point if we don't have at least a base text and a delta...
60 // No point if we don't have at least a base text and a delta...
61 return 0;
61 return 0;
62 }
62 }
63 // Each text will be described by a byte for how long it
63 // Each text will be described by a byte for how long it
64 // should be, so give up if we don't have enough.
64 // should be, so give up if we don't have enough.
65 if ((Size - 1) < (numtexts * 2)) {
65 if ((Size - 1) < (numtexts * 2)) {
66 return 0;
66 return 0;
67 }
67 }
68 size_t consumed = 1 + (numtexts * 2);
68 size_t consumed = 1 + (numtexts * 2);
69 LOG(2) << "input contains " << Size << std::endl;
69 LOG(2) << "input contains " << Size << std::endl;
70 LOG(2) << numtexts << " texts, consuming " << consumed << std::endl;
70 LOG(2) << numtexts << " texts, consuming " << consumed << std::endl;
71 std::vector<mpatchbin> bins;
71 std::vector<mpatchbin> bins;
72 bins.reserve(numtexts);
72 bins.reserve(numtexts);
73 for (int i = 0; i < numtexts; ++i) {
73 for (int i = 0; i < numtexts; ++i) {
74 mpatchbin bin;
74 mpatchbin bin;
75 size_t nthsize = getbeuint16((char *)Data + 1 + (2 * i));
75 size_t nthsize = getbeuint16((char *)Data + 1 + (2 * i));
76 LOG(2) << "text " << i << " is " << nthsize << std::endl;
76 LOG(2) << "text " << i << " is " << nthsize << std::endl;
77 char *start = (char *)Data + consumed;
77 char *start = (char *)Data + consumed;
78 consumed += nthsize;
78 consumed += nthsize;
79 if (consumed > Size) {
79 if (consumed > Size) {
80 LOG(2) << "ran out of data, consumed " << consumed
80 LOG(2) << "ran out of data, consumed " << consumed
81 << " of " << Size << std::endl;
81 << " of " << Size << std::endl;
82 return 0;
82 return 0;
83 }
83 }
84 bin.len = nthsize;
84 bin.len = nthsize;
85 bin.data.reset(new char[nthsize]);
85 bin.data.reset(new char[nthsize]);
86 memcpy(bin.data.get(), start, nthsize);
86 memcpy(bin.data.get(), start, nthsize);
87 bins.push_back(std::move(bin));
87 bins.push_back(std::move(bin));
88 }
88 }
89 LOG(2) << "mpatch_flist" << std::endl;
89 LOG(2) << "mpatch_flist" << std::endl;
90 struct mpatch_flist *patch =
90 struct mpatch_flist *patch =
91 mpatch_fold(&bins, getitem, 0, numtexts - 1);
91 mpatch_fold(&bins, getitem, 0, numtexts - 1);
92 if (!patch) {
92 if (!patch) {
93 return 0;
93 return 0;
94 }
94 }
95 LOG(2) << "mpatch_calcsize" << std::endl;
95 LOG(2) << "mpatch_calcsize" << std::endl;
96 ssize_t outlen = mpatch_calcsize(bins[0].len, patch);
96 ssize_t outlen = mpatch_calcsize(bins[0].len, patch);
97 LOG(2) << "outlen " << outlen << std::endl;
97 LOG(2) << "outlen " << outlen << std::endl;
98 if (outlen < 0 || outlen > MAX_OUTPUT_SIZE) {
98 if (outlen < 0 || outlen > MAX_OUTPUT_SIZE) {
99 goto cleanup;
99 goto cleanup;
100 }
100 }
101 {
101 {
102 char *dest = (char *)malloc(outlen);
102 char *dest = (char *)malloc(outlen);
103 LOG(2) << "expecting " << outlen << " total bytes at "
103 LOG(2) << "expecting " << outlen << " total bytes at "
104 << (void *)dest << std::endl;
104 << (void *)dest << std::endl;
105 mpatch_apply(dest, bins[0].data.get(), bins[0].len, patch);
105 mpatch_apply(dest, bins[0].data.get(), bins[0].len, patch);
106 free(dest);
106 free(dest);
107 LOG(1) << "applied a complete patch" << std::endl;
107 LOG(1) << "applied a complete patch" << std::endl;
108 }
108 }
109 cleanup:
109 cleanup:
110 mpatch_lfree(patch);
110 mpatch_lfree(patch);
111 return 0;
111 return 0;
112 }
112 }
113
113
114 #ifdef HG_FUZZER_INCLUDE_MAIN
115 int main(int argc, char **argv)
116 {
117 // One text, one patch.
118 const char data[] = "\x02\x00\0x1\x00\x0d"
119 // base text
120 "a"
121 // binary delta that will append a single b
122 "\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01b";
123 return LLVMFuzzerTestOneInput((const uint8_t *)data, 19);
124 }
125 #endif
126
127 } // extern "C"
114 } // extern "C"
Show file before | Show file after | Hide comments
@@ -1,66 +1,58 b''
1 /*
1 /*
2 * xdiff.cc - fuzzer harness for thirdparty/xdiff
2 * xdiff.cc - fuzzer harness for thirdparty/xdiff
3 *
3 *
4 * Copyright 2018, Google Inc.
4 * Copyright 2018, Google Inc.
5 *
5 *
6 * This software may be used and distributed according to the terms of
6 * This software may be used and distributed according to the terms of
7 * the GNU General Public License, incorporated herein by reference.
7 * the GNU General Public License, incorporated herein by reference.
8 */
8 */
9 #include "thirdparty/xdiff/xdiff.h"
9 #include "thirdparty/xdiff/xdiff.h"
10 #include <inttypes.h>
10 #include <inttypes.h>
11 #include <stdlib.h>
11 #include <stdlib.h>
12
12
13 #include "FuzzedDataProvider.h"
13 #include "FuzzedDataProvider.h"
14
14
15 extern "C" {
15 extern "C" {
16
16
17 int LLVMFuzzerInitialize(int *argc, char ***argv)
17 int LLVMFuzzerInitialize(int *argc, char ***argv)
18 {
18 {
19 return 0;
19 return 0;
20 }
20 }
21
21
22 int hunk_consumer(long a1, long a2, long b1, long b2, void *priv)
22 int hunk_consumer(long a1, long a2, long b1, long b2, void *priv)
23 {
23 {
24 // TODO: probably also test returning -1 from this when things break?
24 // TODO: probably also test returning -1 from this when things break?
25 return 0;
25 return 0;
26 }
26 }
27
27
28 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
28 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
29 {
29 {
30 // Don't allow fuzzer inputs larger than 100k, since we'll just bog
30 // Don't allow fuzzer inputs larger than 100k, since we'll just bog
31 // down and not accomplish much.
31 // down and not accomplish much.
32 if (Size > 100000) {
32 if (Size > 100000) {
33 return 0;
33 return 0;
34 }
34 }
35 FuzzedDataProvider provider(Data, Size);
35 FuzzedDataProvider provider(Data, Size);
36 std::string left = provider.ConsumeRandomLengthString(Size);
36 std::string left = provider.ConsumeRandomLengthString(Size);
37 std::string right = provider.ConsumeRemainingBytesAsString();
37 std::string right = provider.ConsumeRemainingBytesAsString();
38 mmfile_t a, b;
38 mmfile_t a, b;
39
39
40 a.ptr = (char *)left.c_str();
40 a.ptr = (char *)left.c_str();
41 a.size = left.size();
41 a.size = left.size();
42 b.ptr = (char *)right.c_str();
42 b.ptr = (char *)right.c_str();
43 b.size = right.size();
43 b.size = right.size();
44 xpparam_t xpp = {
44 xpparam_t xpp = {
45 XDF_INDENT_HEURISTIC, /* flags */
45 XDF_INDENT_HEURISTIC, /* flags */
46 };
46 };
47 xdemitconf_t xecfg = {
47 xdemitconf_t xecfg = {
48 XDL_EMIT_BDIFFHUNK, /* flags */
48 XDL_EMIT_BDIFFHUNK, /* flags */
49 hunk_consumer, /* hunk_consume_func */
49 hunk_consumer, /* hunk_consume_func */
50 };
50 };
51 xdemitcb_t ecb = {
51 xdemitcb_t ecb = {
52 NULL, /* priv */
52 NULL, /* priv */
53 };
53 };
54 xdl_diff(&a, &b, &xpp, &xecfg, &ecb);
54 xdl_diff(&a, &b, &xpp, &xecfg, &ecb);
55 return 0; // Non-zero return values are reserved for future use.
55 return 0; // Non-zero return values are reserved for future use.
56 }
56 }
57
57
58 #ifdef HG_FUZZER_INCLUDE_MAIN
59 int main(int argc, char **argv)
60 {
61 const char data[] = "asdf";
62 return LLVMFuzzerTestOneInput((const uint8_t *)data, 4);
63 }
64 #endif
65
66 } // extern "C"
58 } // extern "C"
General Comments 0
You need to be logged in to leave comments. Login now