Show More
@@ -0,0 +1,26 b'' | |||||
|
1 | #include "fuzzutil.h" | |||
|
2 | ||||
|
3 | #include <utility> | |||
|
4 | ||||
|
5 | std::optional<two_inputs> SplitInputs(const uint8_t *Data, size_t Size) | |||
|
6 | { | |||
|
7 | if (!Size) { | |||
|
8 | return std::nullopt; | |||
|
9 | } | |||
|
10 | // figure out a random point in [0, Size] to split our input. | |||
|
11 | size_t left_size = (Data[0] / 255.0) * (Size - 1); | |||
|
12 | ||||
|
13 | // Copy inputs to new allocations so if bdiff over-reads | |||
|
14 | // AddressSanitizer can detect it. | |||
|
15 | std::unique_ptr<char[]> left(new char[left_size]); | |||
|
16 | memcpy(left.get(), Data + 1, left_size); | |||
|
17 | // right starts at the next byte after left ends | |||
|
18 | size_t right_size = Size - (left_size + 1); | |||
|
19 | std::unique_ptr<char[]> right(new char[right_size]); | |||
|
20 | memcpy(right.get(), Data + 1 + left_size, right_size); | |||
|
21 | LOG(2) << "inputs are " << left_size << " and " << right_size | |||
|
22 | << " bytes" << std::endl; | |||
|
23 | two_inputs result = {std::move(right), right_size, std::move(left), | |||
|
24 | left_size}; | |||
|
25 | return result; | |||
|
26 | } |
@@ -0,0 +1,24 b'' | |||||
|
1 | #ifndef CONTRIB_FUZZ_FUZZUTIL_H | |||
|
2 | #define CONTRIB_FUZZ_FUZZUTIL_H | |||
|
3 | #include <iostream> | |||
|
4 | #include <memory> | |||
|
5 | #include <optional> | |||
|
6 | #include <stdint.h> | |||
|
7 | ||||
|
8 | /* set DEBUG to 1 for a few debugging prints, or 2 for a lot */ | |||
|
9 | #define DEBUG 0 | |||
|
10 | #define LOG(level) \ | |||
|
11 | if (level <= DEBUG) \ | |||
|
12 | std::cout | |||
|
13 | ||||
|
14 | struct two_inputs { | |||
|
15 | std::unique_ptr<char[]> right; | |||
|
16 | size_t right_size; | |||
|
17 | std::unique_ptr<char[]> left; | |||
|
18 | size_t left_size; | |||
|
19 | }; | |||
|
20 | ||||
|
21 | /* Split a non-zero-length input into two inputs. */ | |||
|
22 | std::optional<two_inputs> SplitInputs(const uint8_t *Data, size_t Size); | |||
|
23 | ||||
|
24 | #endif /* CONTRIB_FUZZ_FUZZUTIL_H */ |
@@ -1,36 +1,42 b'' | |||||
|
1 | fuzzutil.o: fuzzutil.cc fuzzutil.h | |||
|
2 | $$CXX $$CXXFLAGS -g -O1 -fsanitize=fuzzer-no-link,address \ | |||
|
3 | -std=c++17 \ | |||
|
4 | -I../../mercurial -c -o fuzzutil.o fuzzutil.cc | |||
|
5 | ||||
1 | bdiff.o: ../../mercurial/bdiff.c |
|
6 | bdiff.o: ../../mercurial/bdiff.c | |
2 |
|
|
7 | $$CC $$CFLAGS -fsanitize=fuzzer-no-link,address -c -o bdiff.o \ | |
3 | ../../mercurial/bdiff.c |
|
8 | ../../mercurial/bdiff.c | |
4 |
|
9 | |||
5 | bdiff: bdiff.cc bdiff.o |
|
10 | bdiff: bdiff.cc bdiff.o fuzzutil.o | |
6 |
|
|
11 | $$CXX $$CXXFLAGS -DHG_FUZZER_INCLUDE_MAIN=1 -g -O1 -fsanitize=fuzzer-no-link,address \ | |
7 | -I../../mercurial bdiff.cc bdiff.o -o bdiff |
|
12 | -std=c++17 \ | |
|
13 | -I../../mercurial bdiff.cc bdiff.o fuzzutil.o -o bdiff | |||
8 |
|
14 | |||
9 | bdiff-oss-fuzz.o: ../../mercurial/bdiff.c |
|
15 | bdiff-oss-fuzz.o: ../../mercurial/bdiff.c | |
10 | $$CC $$CFLAGS -c -o bdiff-oss-fuzz.o ../../mercurial/bdiff.c |
|
16 | $$CC $$CFLAGS -c -o bdiff-oss-fuzz.o ../../mercurial/bdiff.c | |
11 |
|
17 | |||
12 | bdiff_fuzzer: bdiff.cc bdiff-oss-fuzz.o |
|
18 | bdiff_fuzzer: bdiff.cc bdiff-oss-fuzz.o fuzzutil.o | |
13 |
$$CXX $$CXXFLAGS -std=c++1 |
|
19 | $$CXX $$CXXFLAGS -std=c++17 -I../../mercurial bdiff.cc \ | |
14 | bdiff-oss-fuzz.o -lFuzzingEngine -o $$OUT/bdiff_fuzzer |
|
20 | bdiff-oss-fuzz.o fuzzutil.o -lFuzzingEngine -o $$OUT/bdiff_fuzzer | |
15 |
|
21 | |||
16 | x%.o: ../../mercurial/thirdparty/xdiff/x%.c ../../mercurial/thirdparty/xdiff/*.h |
|
22 | x%.o: ../../mercurial/thirdparty/xdiff/x%.c ../../mercurial/thirdparty/xdiff/*.h | |
17 |
|
|
23 | $$CC -g -O1 -fsanitize=fuzzer-no-link,address -c \ | |
18 | -o $@ \ |
|
24 | -o $@ \ | |
19 | $< |
|
25 | $< | |
20 |
|
26 | |||
21 |
xdiff: xdiff.cc xdiffi.o xprepare.o |
|
27 | xdiff: xdiff.cc xdiffi.o xprepare.o xutils.o fuzzutil.o | |
22 |
|
|
28 | $$CXX $$CXXFLAGS -DHG_FUZZER_INCLUDE_MAIN=1 -g -O1 -fsanitize=fuzzer-no-link,address \ | |
23 | -I../../mercurial xdiff.cc \ |
|
29 | -I../../mercurial xdiff.cc \ | |
24 | xdiffi.o xprepare.o xutils.o -o xdiff |
|
30 | xdiffi.o xprepare.o xutils.o fuzzutil.o -o xdiff | |
25 |
|
31 | |||
26 | fuzz-x%.o: ../../mercurial/thirdparty/xdiff/x%.c ../../mercurial/thirdparty/xdiff/*.h |
|
32 | fuzz-x%.o: ../../mercurial/thirdparty/xdiff/x%.c ../../mercurial/thirdparty/xdiff/*.h | |
27 | $$CC $$CFLAGS -c \ |
|
33 | $$CC $$CFLAGS -c \ | |
28 | -o $@ \ |
|
34 | -o $@ \ | |
29 | $< |
|
35 | $< | |
30 |
|
36 | |||
31 |
xdiff_fuzzer: xdiff.cc fuzz-xdiffi.o fuzz-xprepare.o |
|
37 | xdiff_fuzzer: xdiff.cc fuzz-xdiffi.o fuzz-xprepare.o fuzz-xutils.o fuzzutil.o | |
32 |
$$CXX $$CXXFLAGS -std=c++1 |
|
38 | $$CXX $$CXXFLAGS -std=c++17 -I../../mercurial xdiff.cc \ | |
33 | fuzz-xdiffi.o fuzz-xprepare.o fuzz-xutils.o \ |
|
39 | fuzz-xdiffi.o fuzz-xprepare.o fuzz-xutils.o fuzzutil.o \ | |
34 | -lFuzzingEngine -o $$OUT/xdiff_fuzzer |
|
40 | -lFuzzingEngine -o $$OUT/xdiff_fuzzer | |
35 |
|
41 | |||
36 | all: bdiff xdiff |
|
42 | all: bdiff xdiff |
@@ -6,30 +6,25 b'' | |||||
6 | * This software may be used and distributed according to the terms of |
|
6 | * This software may be used and distributed according to the terms of | |
7 | * the GNU General Public License, incorporated herein by reference. |
|
7 | * the GNU General Public License, incorporated herein by reference. | |
8 | */ |
|
8 | */ | |
|
9 | #include <memory> | |||
9 | #include <stdlib.h> |
|
10 | #include <stdlib.h> | |
10 |
|
11 | |||
|
12 | #include "fuzzutil.h" | |||
|
13 | ||||
11 | extern "C" { |
|
14 | extern "C" { | |
12 | #include "bdiff.h" |
|
15 | #include "bdiff.h" | |
13 |
|
16 | |||
14 | int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) |
|
17 | int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) | |
15 | { |
|
18 | { | |
16 | if (!Size) { |
|
19 | auto maybe_inputs = SplitInputs(Data, Size); | |
|
20 | if (!maybe_inputs) { | |||
17 | return 0; |
|
21 | return 0; | |
18 | } |
|
22 | } | |
19 | // figure out a random point in [0, Size] to split our input. |
|
23 | auto inputs = std::move(maybe_inputs.value()); | |
20 | size_t split = Data[0] / 255.0 * Size; |
|
|||
21 |
|
||||
22 | // left input to diff is data[1:split] |
|
|||
23 | const uint8_t *left = Data + 1; |
|
|||
24 | // which has len split-1 |
|
|||
25 | size_t left_size = split - 1; |
|
|||
26 | // right starts at the next byte after left ends |
|
|||
27 | const uint8_t *right = left + left_size; |
|
|||
28 | size_t right_size = Size - split; |
|
|||
29 |
|
24 | |||
30 | struct bdiff_line *a, *b; |
|
25 | struct bdiff_line *a, *b; | |
31 |
int an = bdiff_splitlines(( |
|
26 | int an = bdiff_splitlines(inputs.left.get(), inputs.left_size, &a); | |
32 |
int bn = bdiff_splitlines(( |
|
27 | int bn = bdiff_splitlines(inputs.right.get(), inputs.right_size, &b); | |
33 | struct bdiff_hunk l; |
|
28 | struct bdiff_hunk l; | |
34 | bdiff_diff(a, an, b, bn, &l); |
|
29 | bdiff_diff(a, an, b, bn, &l); | |
35 | free(a); |
|
30 | free(a); |
@@ -10,6 +10,8 b'' | |||||
10 | #include <inttypes.h> |
|
10 | #include <inttypes.h> | |
11 | #include <stdlib.h> |
|
11 | #include <stdlib.h> | |
12 |
|
12 | |||
|
13 | #include "fuzzutil.h" | |||
|
14 | ||||
13 | extern "C" { |
|
15 | extern "C" { | |
14 |
|
16 | |||
15 | int hunk_consumer(long a1, long a2, long b1, long b2, void *priv) |
|
17 | int hunk_consumer(long a1, long a2, long b1, long b2, void *priv) | |
@@ -20,21 +22,17 b' int hunk_consumer(long a1, long a2, long' | |||||
20 |
|
22 | |||
21 | int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) |
|
23 | int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) | |
22 | { |
|
24 | { | |
23 | if (!Size) { |
|
25 | auto maybe_inputs = SplitInputs(Data, Size); | |
|
26 | if (!maybe_inputs) { | |||
24 | return 0; |
|
27 | return 0; | |
25 | } |
|
28 | } | |
26 | // figure out a random point in [0, Size] to split our input. |
|
29 | auto inputs = std::move(maybe_inputs.value()); | |
27 | size_t split = Data[0] / 255.0 * Size; |
|
|||
28 |
|
||||
29 | mmfile_t a, b; |
|
30 | mmfile_t a, b; | |
30 |
|
31 | |||
31 | // `a` input to diff is data[1:split] |
|
32 | a.ptr = inputs.left.get(); | |
32 | a.ptr = (char *)Data + 1; |
|
33 | a.size = inputs.left_size; | |
33 | // which has len split-1 |
|
34 | b.ptr = inputs.right.get(); | |
34 | a.size = split - 1; |
|
35 | b.size = inputs.right_size; | |
35 | // `b` starts at the next byte after `a` ends |
|
|||
36 | b.ptr = a.ptr + a.size; |
|
|||
37 | b.size = Size - split; |
|
|||
38 | xpparam_t xpp = { |
|
36 | xpparam_t xpp = { | |
39 | XDF_INDENT_HEURISTIC, /* flags */ |
|
37 | XDF_INDENT_HEURISTIC, /* flags */ | |
40 | }; |
|
38 | }; |
General Comments 0
You need to be logged in to leave comments.
Login now