##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

fuzz: remove legacy setup for running fuzzers outside oss-fuzz...
Augie Fackler -
r44255:7857bd9b default draft
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,190 +1,165 b''
1 1 CC = clang
2 2 CXX = clang++
3 3
4 4 # By default, use our own standalone_fuzz_target_runner.
5 5 # This runner does no fuzzing, but simply executes the inputs
6 6 # provided via parameters.
7 7 # Run e.g. "make all LIB_FUZZING_ENGINE=/path/to/libFuzzer.a"
8 8 # to link the fuzzer(s) against a real fuzzing engine.
9 9 #
10 10 # OSS-Fuzz will define its own value for LIB_FUZZING_ENGINE.
11 11 LIB_FUZZING_ENGINE ?= standalone_fuzz_target_runner.o
12 12
13 13 PYTHON_CONFIG ?= $$OUT/sanpy/bin/python-config
14 14
15 15 CXXFLAGS += -Wno-deprecated-register
16 16
17 17 all: standalone_fuzz_target_runner.o oss-fuzz
18 18
19 19 standalone_fuzz_target_runner.o: standalone_fuzz_target_runner.cc
20 20
21 21 pyutil.o: pyutil.cc pyutil.h
22 22 $(CXX) $(CXXFLAGS) -g -O1 \
23 23 `$(PYTHON_CONFIG) --cflags` \
24 24 -I../../mercurial -c -o pyutil.o pyutil.cc
25 25
26 bdiff.o: ../../mercurial/bdiff.c
27 $(CC) $(CFLAGS) -fsanitize=fuzzer-no-link,address -c -o bdiff.o \
28 ../../mercurial/bdiff.c
29
30 bdiff: bdiff.cc bdiff.o
31 $(CXX) $(CXXFLAGS) -DHG_FUZZER_INCLUDE_MAIN=1 -g -O1 -fsanitize=fuzzer-no-link,address \
32 -std=c++17 \
33 -I../../mercurial bdiff.cc bdiff.o -o bdiff
34
35 26 bdiff-oss-fuzz.o: ../../mercurial/bdiff.c
36 27 $(CC) $(CFLAGS) -c -o bdiff-oss-fuzz.o ../../mercurial/bdiff.c
37 28
38 29 bdiff_fuzzer: bdiff.cc bdiff-oss-fuzz.o
39 30 $(CXX) $(CXXFLAGS) -std=c++17 -I../../mercurial bdiff.cc \
40 31 bdiff-oss-fuzz.o $(LIB_FUZZING_ENGINE) -o \
41 32 $$OUT/bdiff_fuzzer
42 33
43 34 mpatch.o: ../../mercurial/mpatch.c
44 35 $(CC) -g -O1 -fsanitize=fuzzer-no-link,address -c -o mpatch.o \
45 36 ../../mercurial/mpatch.c
46 37
47 mpatch: CXXFLAGS += -std=c++17
48 mpatch: mpatch.cc mpatch.o
49 $(CXX) $(CXXFLAGS) -DHG_FUZZER_INCLUDE_MAIN=1 -g -O1 -fsanitize=fuzzer-no-link,address \
50 -I../../mercurial mpatch.cc mpatch.o -o mpatch
51
52 38 mpatch-oss-fuzz.o: ../../mercurial/mpatch.c
53 39 $(CC) $(CFLAGS) -c -o mpatch-oss-fuzz.o ../../mercurial/mpatch.c
54 40
55 41 mpatch_fuzzer: mpatch.cc mpatch-oss-fuzz.o
56 42 $(CXX) $(CXXFLAGS) -std=c++17 -I../../mercurial mpatch.cc \
57 43 mpatch-oss-fuzz.o $(LIB_FUZZING_ENGINE) -o \
58 44 $$OUT/mpatch_fuzzer
59 45
60 46 mpatch_corpus.zip:
61 47 python mpatch_corpus.py $$OUT/mpatch_fuzzer_seed_corpus.zip
62 48
63 x%.o: ../../mercurial/thirdparty/xdiff/x%.c ../../mercurial/thirdparty/xdiff/*.h
64 $(CC) -g -O1 -fsanitize=fuzzer-no-link,address -c \
65 -o $@ \
66 $<
67
68 xdiff: CXXFLAGS += -std=c++17
69 xdiff: xdiff.cc xdiffi.o xprepare.o xutils.o
70 $(CXX) $(CXXFLAGS) -DHG_FUZZER_INCLUDE_MAIN=1 -g -O1 -fsanitize=fuzzer-no-link,address \
71 -I../../mercurial xdiff.cc \
72 xdiffi.o xprepare.o xutils.o -o xdiff
73
74 49 fuzz-x%.o: ../../mercurial/thirdparty/xdiff/x%.c ../../mercurial/thirdparty/xdiff/*.h
75 50 $(CC) $(CFLAGS) -c \
76 51 -o $@ \
77 52 $<
78 53
79 54 xdiff_fuzzer: xdiff.cc fuzz-xdiffi.o fuzz-xprepare.o fuzz-xutils.o
80 55 $(CXX) $(CXXFLAGS) -std=c++17 -I../../mercurial xdiff.cc \
81 56 fuzz-xdiffi.o fuzz-xprepare.o fuzz-xutils.o \
82 57 $(LIB_FUZZING_ENGINE) -o $$OUT/xdiff_fuzzer
83 58
84 59 manifest.o: ../../mercurial/cext/manifest.c
85 60 $(CC) $(CFLAGS) `$(PYTHON_CONFIG) --cflags` \
86 61 -I../../mercurial \
87 62 -c -o manifest.o ../../mercurial/cext/manifest.c
88 63
89 64 charencode.o: ../../mercurial/cext/charencode.c
90 65 $(CC) $(CFLAGS) `$(PYTHON_CONFIG) --cflags` \
91 66 -I../../mercurial \
92 67 -c -o charencode.o ../../mercurial/cext/charencode.c
93 68
94 69 parsers.o: ../../mercurial/cext/parsers.c
95 70 $(CC) $(CFLAGS) `$(PYTHON_CONFIG) --cflags` \
96 71 -I../../mercurial \
97 72 -c -o parsers.o ../../mercurial/cext/parsers.c
98 73
99 74 dirs.o: ../../mercurial/cext/dirs.c
100 75 $(CC) $(CFLAGS) `$(PYTHON_CONFIG) --cflags` \
101 76 -I../../mercurial \
102 77 -c -o dirs.o ../../mercurial/cext/dirs.c
103 78
104 79 pathencode.o: ../../mercurial/cext/pathencode.c
105 80 $(CC) $(CFLAGS) `$(PYTHON_CONFIG) --cflags` \
106 81 -I../../mercurial \
107 82 -c -o pathencode.o ../../mercurial/cext/pathencode.c
108 83
109 84 revlog.o: ../../mercurial/cext/revlog.c
110 85 $(CC) $(CFLAGS) `$(PYTHON_CONFIG) --cflags` \
111 86 -I../../mercurial \
112 87 -c -o revlog.o ../../mercurial/cext/revlog.c
113 88
114 89 dirs_fuzzer: dirs.cc manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o
115 90 $(CXX) $(CXXFLAGS) `$(PYTHON_CONFIG) --cflags` \
116 91 -Wno-register -Wno-macro-redefined \
117 92 -I../../mercurial dirs.cc \
118 93 manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o \
119 94 $(LIB_FUZZING_ENGINE) `$(PYTHON_CONFIG) --ldflags` \
120 95 -o $$OUT/dirs_fuzzer
121 96
122 97 fncache_fuzzer: fncache.cc manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o
123 98 $(CXX) $(CXXFLAGS) `$(PYTHON_CONFIG) --cflags` \
124 99 -Wno-register -Wno-macro-redefined \
125 100 -I../../mercurial fncache.cc \
126 101 manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o \
127 102 $(LIB_FUZZING_ENGINE) `$(PYTHON_CONFIG) --ldflags` \
128 103 -o $$OUT/fncache_fuzzer
129 104
130 105 jsonescapeu8fast_fuzzer: jsonescapeu8fast.cc manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o
131 106 $(CXX) $(CXXFLAGS) `$(PYTHON_CONFIG) --cflags` \
132 107 -Wno-register -Wno-macro-redefined \
133 108 -I../../mercurial jsonescapeu8fast.cc \
134 109 manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o \
135 110 $(LIB_FUZZING_ENGINE) `$(PYTHON_CONFIG) --ldflags` \
136 111 -o $$OUT/jsonescapeu8fast_fuzzer
137 112
138 113 manifest_corpus.zip:
139 114 python manifest_corpus.py $$OUT/manifest_fuzzer_seed_corpus.zip
140 115
141 116 manifest_fuzzer: manifest.cc manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o
142 117 $(CXX) $(CXXFLAGS) `$(PYTHON_CONFIG) --cflags` \
143 118 -Wno-register -Wno-macro-redefined \
144 119 -I../../mercurial manifest.cc \
145 120 manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o \
146 121 $(LIB_FUZZING_ENGINE) `$(PYTHON_CONFIG) --ldflags` \
147 122 -o $$OUT/manifest_fuzzer
148 123
149 124 revlog_fuzzer: revlog.cc manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o
150 125 $(CXX) $(CXXFLAGS) `$(PYTHON_CONFIG) --cflags` \
151 126 -Wno-register -Wno-macro-redefined \
152 127 -I../../mercurial revlog.cc \
153 128 manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o \
154 129 $(LIB_FUZZING_ENGINE) `$(PYTHON_CONFIG) --ldflags` \
155 130 -o $$OUT/revlog_fuzzer
156 131
157 132 revlog_corpus.zip:
158 133 python revlog_corpus.py $$OUT/revlog_fuzzer_seed_corpus.zip
159 134
160 135 dirstate_fuzzer: dirstate.cc manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o
161 136 $(CXX) $(CXXFLAGS) `$(PYTHON_CONFIG) --cflags` \
162 137 -Wno-register -Wno-macro-redefined \
163 138 -I../../mercurial dirstate.cc \
164 139 manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o \
165 140 $(LIB_FUZZING_ENGINE) `$(PYTHON_CONFIG) --ldflags` \
166 141 -o $$OUT/dirstate_fuzzer
167 142
168 143 dirstate_corpus.zip:
169 144 python dirstate_corpus.py $$OUT/dirstate_fuzzer_seed_corpus.zip
170 145
171 146 fm1readmarkers_fuzzer: fm1readmarkers.cc manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o
172 147 $(CXX) $(CXXFLAGS) `$(PYTHON_CONFIG) --cflags` \
173 148 -Wno-register -Wno-macro-redefined \
174 149 -I../../mercurial fm1readmarkers.cc \
175 150 manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o \
176 151 $(LIB_FUZZING_ENGINE) `$(PYTHON_CONFIG) --ldflags` \
177 152 -o $$OUT/fm1readmarkers_fuzzer
178 153
179 154 fm1readmarkers_corpus.zip:
180 155 python fm1readmarkers_corpus.py $$OUT/fm1readmarkers_fuzzer_seed_corpus.zip
181 156
182 157 clean:
183 158 $(RM) *.o *_fuzzer \
184 159 bdiff \
185 160 mpatch \
186 161 xdiff
187 162
188 163 oss-fuzz: bdiff_fuzzer mpatch_fuzzer mpatch_corpus.zip xdiff_fuzzer dirs_fuzzer fncache_fuzzer jsonescapeu8fast_fuzzer manifest_fuzzer manifest_corpus.zip revlog_fuzzer revlog_corpus.zip dirstate_fuzzer dirstate_corpus.zip fm1readmarkers_fuzzer fm1readmarkers_corpus.zip
189 164
190 165 .PHONY: all clean oss-fuzz
Show file before | Show file after | Hide comments
@@ -1,47 +1,39 b''
1 1 /*
2 2 * bdiff.cc - fuzzer harness for bdiff.c
3 3 *
4 4 * Copyright 2018, Google Inc.
5 5 *
6 6 * This software may be used and distributed according to the terms of
7 7 * the GNU General Public License, incorporated herein by reference.
8 8 */
9 9 #include <memory>
10 10 #include <stdlib.h>
11 11
12 12 #include "FuzzedDataProvider.h"
13 13
14 14 extern "C" {
15 15 #include "bdiff.h"
16 16
17 17 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
18 18 {
19 19 return 0;
20 20 }
21 21
22 22 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
23 23 {
24 24 FuzzedDataProvider provider(Data, Size);
25 25 std::string left = provider.ConsumeRandomLengthString(Size);
26 26 std::string right = provider.ConsumeRemainingBytesAsString();
27 27
28 28 struct bdiff_line *a, *b;
29 29 int an = bdiff_splitlines(left.c_str(), left.size(), &a);
30 30 int bn = bdiff_splitlines(right.c_str(), right.size(), &b);
31 31 struct bdiff_hunk l;
32 32 bdiff_diff(a, an, b, bn, &l);
33 33 free(a);
34 34 free(b);
35 35 bdiff_freehunks(l.next);
36 36 return 0; // Non-zero return values are reserved for future use.
37 37 }
38 38
39 #ifdef HG_FUZZER_INCLUDE_MAIN
40 int main(int argc, char **argv)
41 {
42 const char data[] = "asdf";
43 return LLVMFuzzerTestOneInput((const uint8_t *)data, 4);
44 }
45 #endif
46
47 39 } // extern "C"
Show file before | Show file after | Hide comments
@@ -1,127 +1,114 b''
1 1 /*
2 2 * mpatch.cc - fuzzer harness for mpatch.c
3 3 *
4 4 * Copyright 2018, Google Inc.
5 5 *
6 6 * This software may be used and distributed according to the terms of
7 7 * the GNU General Public License, incorporated herein by reference.
8 8 */
9 9 #include <iostream>
10 10 #include <memory>
11 11 #include <stdint.h>
12 12 #include <stdlib.h>
13 13 #include <vector>
14 14
15 15 #include "fuzzutil.h"
16 16
17 17 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
18 18 {
19 19 return 0;
20 20 }
21 21
22 22 // To avoid having too many OOMs from the fuzzer infrastructure, we'll
23 23 // skip patch application if the resulting fulltext would be bigger
24 24 // than 10MiB.
25 25 #define MAX_OUTPUT_SIZE 10485760
26 26
27 27 extern "C" {
28 28 #include "bitmanipulation.h"
29 29 #include "mpatch.h"
30 30
31 31 struct mpatchbin {
32 32 std::unique_ptr<char[]> data;
33 33 size_t len;
34 34 };
35 35
36 36 static mpatch_flist *getitem(void *vbins, ssize_t pos)
37 37 {
38 38 std::vector<mpatchbin> *bins = (std::vector<mpatchbin> *)vbins;
39 39 const mpatchbin &bin = bins->at(pos + 1);
40 40 struct mpatch_flist *res;
41 41 LOG(2) << "mpatch_decode " << bin.len << std::endl;
42 42 if (mpatch_decode(bin.data.get(), bin.len, &res) < 0)
43 43 return NULL;
44 44 return res;
45 45 }
46 46
47 47 // input format:
48 48 // u8 number of inputs
49 49 // one u16 for each input, its length
50 50 // the inputs
51 51 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
52 52 {
53 53 if (!Size) {
54 54 return 0;
55 55 }
56 56 // First byte of data is how many texts we expect, first text
57 57 // being the base the rest being the deltas.
58 58 ssize_t numtexts = Data[0];
59 59 if (numtexts < 2) {
60 60 // No point if we don't have at least a base text and a delta...
61 61 return 0;
62 62 }
63 63 // Each text will be described by a byte for how long it
64 64 // should be, so give up if we don't have enough.
65 65 if ((Size - 1) < (numtexts * 2)) {
66 66 return 0;
67 67 }
68 68 size_t consumed = 1 + (numtexts * 2);
69 69 LOG(2) << "input contains " << Size << std::endl;
70 70 LOG(2) << numtexts << " texts, consuming " << consumed << std::endl;
71 71 std::vector<mpatchbin> bins;
72 72 bins.reserve(numtexts);
73 73 for (int i = 0; i < numtexts; ++i) {
74 74 mpatchbin bin;
75 75 size_t nthsize = getbeuint16((char *)Data + 1 + (2 * i));
76 76 LOG(2) << "text " << i << " is " << nthsize << std::endl;
77 77 char *start = (char *)Data + consumed;
78 78 consumed += nthsize;
79 79 if (consumed > Size) {
80 80 LOG(2) << "ran out of data, consumed " << consumed
81 81 << " of " << Size << std::endl;
82 82 return 0;
83 83 }
84 84 bin.len = nthsize;
85 85 bin.data.reset(new char[nthsize]);
86 86 memcpy(bin.data.get(), start, nthsize);
87 87 bins.push_back(std::move(bin));
88 88 }
89 89 LOG(2) << "mpatch_flist" << std::endl;
90 90 struct mpatch_flist *patch =
91 91 mpatch_fold(&bins, getitem, 0, numtexts - 1);
92 92 if (!patch) {
93 93 return 0;
94 94 }
95 95 LOG(2) << "mpatch_calcsize" << std::endl;
96 96 ssize_t outlen = mpatch_calcsize(bins[0].len, patch);
97 97 LOG(2) << "outlen " << outlen << std::endl;
98 98 if (outlen < 0 || outlen > MAX_OUTPUT_SIZE) {
99 99 goto cleanup;
100 100 }
101 101 {
102 102 char *dest = (char *)malloc(outlen);
103 103 LOG(2) << "expecting " << outlen << " total bytes at "
104 104 << (void *)dest << std::endl;
105 105 mpatch_apply(dest, bins[0].data.get(), bins[0].len, patch);
106 106 free(dest);
107 107 LOG(1) << "applied a complete patch" << std::endl;
108 108 }
109 109 cleanup:
110 110 mpatch_lfree(patch);
111 111 return 0;
112 112 }
113 113
114 #ifdef HG_FUZZER_INCLUDE_MAIN
115 int main(int argc, char **argv)
116 {
117 // One text, one patch.
118 const char data[] = "\x02\x00\0x1\x00\x0d"
119 // base text
120 "a"
121 // binary delta that will append a single b
122 "\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01b";
123 return LLVMFuzzerTestOneInput((const uint8_t *)data, 19);
124 }
125 #endif
126
127 114 } // extern "C"
Show file before | Show file after | Hide comments
@@ -1,66 +1,58 b''
1 1 /*
2 2 * xdiff.cc - fuzzer harness for thirdparty/xdiff
3 3 *
4 4 * Copyright 2018, Google Inc.
5 5 *
6 6 * This software may be used and distributed according to the terms of
7 7 * the GNU General Public License, incorporated herein by reference.
8 8 */
9 9 #include "thirdparty/xdiff/xdiff.h"
10 10 #include <inttypes.h>
11 11 #include <stdlib.h>
12 12
13 13 #include "FuzzedDataProvider.h"
14 14
15 15 extern "C" {
16 16
17 17 int LLVMFuzzerInitialize(int *argc, char ***argv)
18 18 {
19 19 return 0;
20 20 }
21 21
22 22 int hunk_consumer(long a1, long a2, long b1, long b2, void *priv)
23 23 {
24 24 // TODO: probably also test returning -1 from this when things break?
25 25 return 0;
26 26 }
27 27
28 28 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
29 29 {
30 30 // Don't allow fuzzer inputs larger than 100k, since we'll just bog
31 31 // down and not accomplish much.
32 32 if (Size > 100000) {
33 33 return 0;
34 34 }
35 35 FuzzedDataProvider provider(Data, Size);
36 36 std::string left = provider.ConsumeRandomLengthString(Size);
37 37 std::string right = provider.ConsumeRemainingBytesAsString();
38 38 mmfile_t a, b;
39 39
40 40 a.ptr = (char *)left.c_str();
41 41 a.size = left.size();
42 42 b.ptr = (char *)right.c_str();
43 43 b.size = right.size();
44 44 xpparam_t xpp = {
45 45 XDF_INDENT_HEURISTIC, /* flags */
46 46 };
47 47 xdemitconf_t xecfg = {
48 48 XDL_EMIT_BDIFFHUNK, /* flags */
49 49 hunk_consumer, /* hunk_consume_func */
50 50 };
51 51 xdemitcb_t ecb = {
52 52 NULL, /* priv */
53 53 };
54 54 xdl_diff(&a, &b, &xpp, &xecfg, &ecb);
55 55 return 0; // Non-zero return values are reserved for future use.
56 56 }
57 57
58 #ifdef HG_FUZZER_INCLUDE_MAIN
59 int main(int argc, char **argv)
60 {
61 const char data[] = "asdf";
62 return LLVMFuzzerTestOneInput((const uint8_t *)data, 4);
63 }
64 #endif
65
66 58 } // extern "C"
General Comments 0
You need to be logged in to leave comments. Login now