##// END OF EJS Templates
fuzz: new fuzzer for revlog's parse_index2 method...
Augie Fackler -
r41050:c06f0ef9 default
parent child Browse files
Show More
@@ -0,0 +1,47
1 #include <Python.h>
2 #include <assert.h>
3 #include <stdlib.h>
4 #include <unistd.h>
5
6 #include <string>
7
8 #include "pyutil.h"
9
10 extern "C" {
11
12 static PyCodeObject *code;
13
14 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
15 {
16 contrib::initpy(*argv[0]);
17 code = (PyCodeObject *)Py_CompileString(R"py(
18 from parsers import parse_index2
19 for inline in (True, False):
20 try:
21 index, cache = parse_index2(data, inline)
22 except Exception as e:
23 pass
24 # uncomment this print if you're editing this Python code
25 # to debug failures.
26 # print e
27 )py",
28 "fuzzer", Py_file_input);
29 return 0;
30 }
31
32 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
33 {
34 PyObject *text =
35 PyBytes_FromStringAndSize((const char *)Data, (Py_ssize_t)Size);
36 PyObject *locals = PyDict_New();
37 PyDict_SetItemString(locals, "data", text);
38 PyObject *res = PyEval_EvalCode(code, contrib::pyglobals(), locals);
39 if (!res) {
40 PyErr_Print();
41 }
42 Py_XDECREF(res);
43 Py_DECREF(locals);
44 Py_DECREF(text);
45 return 0; // Non-zero return values are reserved for future use.
46 }
47 }
@@ -0,0 +1,28
1 from __future__ import absolute_import, print_function
2
3 import argparse
4 import os
5 import zipfile
6
7 ap = argparse.ArgumentParser()
8 ap.add_argument("out", metavar="some.zip", type=str, nargs=1)
9 args = ap.parse_args()
10
11 reporoot = os.path.normpath(os.path.join(os.path.dirname(__file__),
12 '..', '..'))
13 # typically a standalone index
14 changelog = os.path.join(reporoot, '.hg', 'store', '00changelog.i')
15 # an inline revlog with only a few revisions
16 contributing = os.path.join(
17 reporoot, '.hg', 'store', 'data', 'contrib', 'fuzz', 'mpatch.cc.i')
18
19 print(changelog, os.path.exists(changelog))
20 print(contributing, os.path.exists(contributing))
21
22 with zipfile.ZipFile(args.out[0], "w", zipfile.ZIP_STORED) as zf:
23 if os.path.exists(changelog):
24 with open(changelog) as f:
25 zf.writestr("00changelog.i", f.read())
26 if os.path.exists(contributing):
27 with open(contributing) as f:
28 zf.writestr("contributing.i", f.read())
@@ -1,135 +1,146
1 CC = clang
1 CC = clang
2 CXX = clang++
2 CXX = clang++
3
3
4 all: bdiff mpatch xdiff
4 all: bdiff mpatch xdiff
5
5
6 fuzzutil.o: fuzzutil.cc fuzzutil.h
6 fuzzutil.o: fuzzutil.cc fuzzutil.h
7 $(CXX) $(CXXFLAGS) -g -O1 \
7 $(CXX) $(CXXFLAGS) -g -O1 \
8 -std=c++17 \
8 -std=c++17 \
9 -I../../mercurial -c -o fuzzutil.o fuzzutil.cc
9 -I../../mercurial -c -o fuzzutil.o fuzzutil.cc
10
10
11 fuzzutil-oss-fuzz.o: fuzzutil.cc fuzzutil.h
11 fuzzutil-oss-fuzz.o: fuzzutil.cc fuzzutil.h
12 $(CXX) $(CXXFLAGS) -std=c++17 \
12 $(CXX) $(CXXFLAGS) -std=c++17 \
13 -I../../mercurial -c -o fuzzutil-oss-fuzz.o fuzzutil.cc
13 -I../../mercurial -c -o fuzzutil-oss-fuzz.o fuzzutil.cc
14
14
15 pyutil.o: pyutil.cc pyutil.h
15 pyutil.o: pyutil.cc pyutil.h
16 $(CXX) $(CXXFLAGS) -g -O1 \
16 $(CXX) $(CXXFLAGS) -g -O1 \
17 `$$OUT/sanpy/bin/python-config --cflags` \
17 `$$OUT/sanpy/bin/python-config --cflags` \
18 -I../../mercurial -c -o pyutil.o pyutil.cc
18 -I../../mercurial -c -o pyutil.o pyutil.cc
19
19
20 bdiff.o: ../../mercurial/bdiff.c
20 bdiff.o: ../../mercurial/bdiff.c
21 $(CC) $(CFLAGS) -fsanitize=fuzzer-no-link,address -c -o bdiff.o \
21 $(CC) $(CFLAGS) -fsanitize=fuzzer-no-link,address -c -o bdiff.o \
22 ../../mercurial/bdiff.c
22 ../../mercurial/bdiff.c
23
23
24 bdiff: bdiff.cc bdiff.o fuzzutil.o
24 bdiff: bdiff.cc bdiff.o fuzzutil.o
25 $(CXX) $(CXXFLAGS) -DHG_FUZZER_INCLUDE_MAIN=1 -g -O1 -fsanitize=fuzzer-no-link,address \
25 $(CXX) $(CXXFLAGS) -DHG_FUZZER_INCLUDE_MAIN=1 -g -O1 -fsanitize=fuzzer-no-link,address \
26 -std=c++17 \
26 -std=c++17 \
27 -I../../mercurial bdiff.cc bdiff.o fuzzutil.o -o bdiff
27 -I../../mercurial bdiff.cc bdiff.o fuzzutil.o -o bdiff
28
28
29 bdiff-oss-fuzz.o: ../../mercurial/bdiff.c
29 bdiff-oss-fuzz.o: ../../mercurial/bdiff.c
30 $(CC) $(CFLAGS) -c -o bdiff-oss-fuzz.o ../../mercurial/bdiff.c
30 $(CC) $(CFLAGS) -c -o bdiff-oss-fuzz.o ../../mercurial/bdiff.c
31
31
32 bdiff_fuzzer: bdiff.cc bdiff-oss-fuzz.o fuzzutil-oss-fuzz.o
32 bdiff_fuzzer: bdiff.cc bdiff-oss-fuzz.o fuzzutil-oss-fuzz.o
33 $(CXX) $(CXXFLAGS) -std=c++17 -I../../mercurial bdiff.cc \
33 $(CXX) $(CXXFLAGS) -std=c++17 -I../../mercurial bdiff.cc \
34 bdiff-oss-fuzz.o fuzzutil-oss-fuzz.o -lFuzzingEngine -o \
34 bdiff-oss-fuzz.o fuzzutil-oss-fuzz.o -lFuzzingEngine -o \
35 $$OUT/bdiff_fuzzer
35 $$OUT/bdiff_fuzzer
36
36
37 mpatch.o: ../../mercurial/mpatch.c
37 mpatch.o: ../../mercurial/mpatch.c
38 $(CC) -g -O1 -fsanitize=fuzzer-no-link,address -c -o mpatch.o \
38 $(CC) -g -O1 -fsanitize=fuzzer-no-link,address -c -o mpatch.o \
39 ../../mercurial/mpatch.c
39 ../../mercurial/mpatch.c
40
40
41 mpatch: CXXFLAGS += -std=c++17
41 mpatch: CXXFLAGS += -std=c++17
42 mpatch: mpatch.cc mpatch.o fuzzutil.o
42 mpatch: mpatch.cc mpatch.o fuzzutil.o
43 $(CXX) $(CXXFLAGS) -DHG_FUZZER_INCLUDE_MAIN=1 -g -O1 -fsanitize=fuzzer-no-link,address \
43 $(CXX) $(CXXFLAGS) -DHG_FUZZER_INCLUDE_MAIN=1 -g -O1 -fsanitize=fuzzer-no-link,address \
44 -I../../mercurial mpatch.cc mpatch.o fuzzutil.o -o mpatch
44 -I../../mercurial mpatch.cc mpatch.o fuzzutil.o -o mpatch
45
45
46 mpatch-oss-fuzz.o: ../../mercurial/mpatch.c
46 mpatch-oss-fuzz.o: ../../mercurial/mpatch.c
47 $(CC) $(CFLAGS) -c -o mpatch-oss-fuzz.o ../../mercurial/mpatch.c
47 $(CC) $(CFLAGS) -c -o mpatch-oss-fuzz.o ../../mercurial/mpatch.c
48
48
49 mpatch_fuzzer: mpatch.cc mpatch-oss-fuzz.o fuzzutil-oss-fuzz.o
49 mpatch_fuzzer: mpatch.cc mpatch-oss-fuzz.o fuzzutil-oss-fuzz.o
50 $(CXX) $(CXXFLAGS) -std=c++17 -I../../mercurial mpatch.cc \
50 $(CXX) $(CXXFLAGS) -std=c++17 -I../../mercurial mpatch.cc \
51 mpatch-oss-fuzz.o fuzzutil-oss-fuzz.o -lFuzzingEngine -o \
51 mpatch-oss-fuzz.o fuzzutil-oss-fuzz.o -lFuzzingEngine -o \
52 $$OUT/mpatch_fuzzer
52 $$OUT/mpatch_fuzzer
53
53
54 mpatch_corpus.zip:
54 mpatch_corpus.zip:
55 python mpatch_corpus.py $$OUT/mpatch_fuzzer_seed_corpus.zip
55 python mpatch_corpus.py $$OUT/mpatch_fuzzer_seed_corpus.zip
56
56
57 x%.o: ../../mercurial/thirdparty/xdiff/x%.c ../../mercurial/thirdparty/xdiff/*.h
57 x%.o: ../../mercurial/thirdparty/xdiff/x%.c ../../mercurial/thirdparty/xdiff/*.h
58 $(CC) -g -O1 -fsanitize=fuzzer-no-link,address -c \
58 $(CC) -g -O1 -fsanitize=fuzzer-no-link,address -c \
59 -o $@ \
59 -o $@ \
60 $<
60 $<
61
61
62 xdiff: CXXFLAGS += -std=c++17
62 xdiff: CXXFLAGS += -std=c++17
63 xdiff: xdiff.cc xdiffi.o xprepare.o xutils.o fuzzutil.o
63 xdiff: xdiff.cc xdiffi.o xprepare.o xutils.o fuzzutil.o
64 $(CXX) $(CXXFLAGS) -DHG_FUZZER_INCLUDE_MAIN=1 -g -O1 -fsanitize=fuzzer-no-link,address \
64 $(CXX) $(CXXFLAGS) -DHG_FUZZER_INCLUDE_MAIN=1 -g -O1 -fsanitize=fuzzer-no-link,address \
65 -I../../mercurial xdiff.cc \
65 -I../../mercurial xdiff.cc \
66 xdiffi.o xprepare.o xutils.o fuzzutil.o -o xdiff
66 xdiffi.o xprepare.o xutils.o fuzzutil.o -o xdiff
67
67
68 fuzz-x%.o: ../../mercurial/thirdparty/xdiff/x%.c ../../mercurial/thirdparty/xdiff/*.h
68 fuzz-x%.o: ../../mercurial/thirdparty/xdiff/x%.c ../../mercurial/thirdparty/xdiff/*.h
69 $(CC) $(CFLAGS) -c \
69 $(CC) $(CFLAGS) -c \
70 -o $@ \
70 -o $@ \
71 $<
71 $<
72
72
73 xdiff_fuzzer: xdiff.cc fuzz-xdiffi.o fuzz-xprepare.o fuzz-xutils.o fuzzutil-oss-fuzz.o
73 xdiff_fuzzer: xdiff.cc fuzz-xdiffi.o fuzz-xprepare.o fuzz-xutils.o fuzzutil-oss-fuzz.o
74 $(CXX) $(CXXFLAGS) -std=c++17 -I../../mercurial xdiff.cc \
74 $(CXX) $(CXXFLAGS) -std=c++17 -I../../mercurial xdiff.cc \
75 fuzz-xdiffi.o fuzz-xprepare.o fuzz-xutils.o fuzzutil-oss-fuzz.o \
75 fuzz-xdiffi.o fuzz-xprepare.o fuzz-xutils.o fuzzutil-oss-fuzz.o \
76 -lFuzzingEngine -o $$OUT/xdiff_fuzzer
76 -lFuzzingEngine -o $$OUT/xdiff_fuzzer
77
77
78 # TODO use the $OUT env var instead of hardcoding /out
78 # TODO use the $OUT env var instead of hardcoding /out
79 /out/sanpy/bin/python:
79 /out/sanpy/bin/python:
80 cd /Python-2.7.15/ ; ASAN_OPTIONS=detect_leaks=0 ./configure --without-pymalloc --prefix=$$OUT/sanpy CFLAGS="$(CFLAGS)" LINKCC="$($CXX)" LDFLAGS="$(CXXFLAGS)"
80 cd /Python-2.7.15/ ; ASAN_OPTIONS=detect_leaks=0 ./configure --without-pymalloc --prefix=$$OUT/sanpy CFLAGS="$(CFLAGS)" LINKCC="$($CXX)" LDFLAGS="$(CXXFLAGS)"
81 cd /Python-2.7.15/ ; grep -v HAVE_GETC_UNLOCKED < pyconfig.h > tmp && mv tmp pyconfig.h
81 cd /Python-2.7.15/ ; grep -v HAVE_GETC_UNLOCKED < pyconfig.h > tmp && mv tmp pyconfig.h
82 cd /Python-2.7.15/ ; ASAN_OPTIONS=detect_leaks=0 make && make install
82 cd /Python-2.7.15/ ; ASAN_OPTIONS=detect_leaks=0 make && make install
83
83
84 sanpy: /out/sanpy/bin/python
84 sanpy: /out/sanpy/bin/python
85
85
86 manifest.o: sanpy ../../mercurial/cext/manifest.c
86 manifest.o: sanpy ../../mercurial/cext/manifest.c
87 $(CC) $(CFLAGS) `$$OUT/sanpy/bin/python-config --cflags` \
87 $(CC) $(CFLAGS) `$$OUT/sanpy/bin/python-config --cflags` \
88 -I../../mercurial \
88 -I../../mercurial \
89 -c -o manifest.o ../../mercurial/cext/manifest.c
89 -c -o manifest.o ../../mercurial/cext/manifest.c
90
90
91 charencode.o: sanpy ../../mercurial/cext/charencode.c
91 charencode.o: sanpy ../../mercurial/cext/charencode.c
92 $(CC) $(CFLAGS) `$$OUT/sanpy/bin/python-config --cflags` \
92 $(CC) $(CFLAGS) `$$OUT/sanpy/bin/python-config --cflags` \
93 -I../../mercurial \
93 -I../../mercurial \
94 -c -o charencode.o ../../mercurial/cext/charencode.c
94 -c -o charencode.o ../../mercurial/cext/charencode.c
95
95
96 parsers.o: sanpy ../../mercurial/cext/parsers.c
96 parsers.o: sanpy ../../mercurial/cext/parsers.c
97 $(CC) $(CFLAGS) `$$OUT/sanpy/bin/python-config --cflags` \
97 $(CC) $(CFLAGS) `$$OUT/sanpy/bin/python-config --cflags` \
98 -I../../mercurial \
98 -I../../mercurial \
99 -c -o parsers.o ../../mercurial/cext/parsers.c
99 -c -o parsers.o ../../mercurial/cext/parsers.c
100
100
101 dirs.o: sanpy ../../mercurial/cext/dirs.c
101 dirs.o: sanpy ../../mercurial/cext/dirs.c
102 $(CC) $(CFLAGS) `$$OUT/sanpy/bin/python-config --cflags` \
102 $(CC) $(CFLAGS) `$$OUT/sanpy/bin/python-config --cflags` \
103 -I../../mercurial \
103 -I../../mercurial \
104 -c -o dirs.o ../../mercurial/cext/dirs.c
104 -c -o dirs.o ../../mercurial/cext/dirs.c
105
105
106 pathencode.o: sanpy ../../mercurial/cext/pathencode.c
106 pathencode.o: sanpy ../../mercurial/cext/pathencode.c
107 $(CC) $(CFLAGS) `$$OUT/sanpy/bin/python-config --cflags` \
107 $(CC) $(CFLAGS) `$$OUT/sanpy/bin/python-config --cflags` \
108 -I../../mercurial \
108 -I../../mercurial \
109 -c -o pathencode.o ../../mercurial/cext/pathencode.c
109 -c -o pathencode.o ../../mercurial/cext/pathencode.c
110
110
111 revlog.o: sanpy ../../mercurial/cext/revlog.c
111 revlog.o: sanpy ../../mercurial/cext/revlog.c
112 $(CC) $(CFLAGS) `$$OUT/sanpy/bin/python-config --cflags` \
112 $(CC) $(CFLAGS) `$$OUT/sanpy/bin/python-config --cflags` \
113 -I../../mercurial \
113 -I../../mercurial \
114 -c -o revlog.o ../../mercurial/cext/revlog.c
114 -c -o revlog.o ../../mercurial/cext/revlog.c
115
115
116 manifest_fuzzer: sanpy manifest.cc manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o
116 manifest_fuzzer: sanpy manifest.cc manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o
117 $(CXX) $(CXXFLAGS) `$$OUT/sanpy/bin/python-config --cflags` \
117 $(CXX) $(CXXFLAGS) `$$OUT/sanpy/bin/python-config --cflags` \
118 -Wno-register -Wno-macro-redefined \
118 -Wno-register -Wno-macro-redefined \
119 -I../../mercurial manifest.cc \
119 -I../../mercurial manifest.cc \
120 manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o \
120 manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o \
121 -lFuzzingEngine `$$OUT/sanpy/bin/python-config --ldflags` \
121 -lFuzzingEngine `$$OUT/sanpy/bin/python-config --ldflags` \
122 -o $$OUT/manifest_fuzzer
122 -o $$OUT/manifest_fuzzer
123
123
124 manifest_corpus.zip:
124 manifest_corpus.zip:
125 python manifest_corpus.py $$OUT/manifest_fuzzer_seed_corpus.zip
125 python manifest_corpus.py $$OUT/manifest_fuzzer_seed_corpus.zip
126
126
127 revlog_fuzzer: sanpy revlog.cc manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o
128 $(CXX) $(CXXFLAGS) `$$OUT/sanpy/bin/python-config --cflags` \
129 -Wno-register -Wno-macro-redefined \
130 -I../../mercurial revlog.cc \
131 manifest.o charencode.o parsers.o dirs.o pathencode.o revlog.o pyutil.o \
132 -lFuzzingEngine `$$OUT/sanpy/bin/python-config --ldflags` \
133 -o $$OUT/revlog_fuzzer
134
135 revlog_corpus.zip:
136 python revlog_corpus.py $$OUT/revlog_fuzzer_seed_corpus.zip
137
127 clean:
138 clean:
128 $(RM) *.o *_fuzzer \
139 $(RM) *.o *_fuzzer \
129 bdiff \
140 bdiff \
130 mpatch \
141 mpatch \
131 xdiff
142 xdiff
132
143
133 oss-fuzz: bdiff_fuzzer mpatch_fuzzer mpatch_corpus.zip xdiff_fuzzer manifest_fuzzer manifest_corpus.zip
144 oss-fuzz: bdiff_fuzzer mpatch_fuzzer mpatch_corpus.zip xdiff_fuzzer manifest_fuzzer manifest_corpus.zip revlog_fuzzer revlog_corpus.zip
134
145
135 .PHONY: all clean oss-fuzz sanpy
146 .PHONY: all clean oss-fuzz sanpy
General Comments 0
You need to be logged in to leave comments. Login now