##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

dirs: resolve fuzzer OOM situation by disallowing deep directory hierarchies...
dirs: resolve fuzzer OOM situation by disallowing deep directory hierarchies It seems like 2048 directories ought to be enough for any reasonable use of Mercurial? A previous version of this patch scanned for slashes before any allocations occurred. That approach is slower than this in the happy path, but much faster than this in the case that too many slashes are encountered. We may want to revisit it in the future using memchr() so it'll be well-optimized by the libc we're using. .. bc: Mercurial will now defend against OOMs by refusing to operate on paths with 2048 or more components. This means that _extremely_ deep path hierarchies will be rejected, but we anticipate nobody is using hierarchies this deep. Differential Revision: https://phab.mercurial-scm.org/D7411
Augie Fackler - - Load All Authors

File last commit:

r41342:d60bd5c7 default
r44057:0796e266 default
Show More
manifest.cc
68 lines | 1.8 KiB | text/x-c | CppLexer
/ contrib / fuzz / manifest.cc
History | Annotation | Raw |Copy content |Copy permalink
#include <Python.h>
#include <assert.h>
#include <stdlib.h>
#include <unistd.h>
#include "pyutil.h"
#include <string>
extern "C" {
static PyCodeObject *code;
extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
{
contrib::initpy(*argv[0]);
code = (PyCodeObject *)Py_CompileString(R"py(
from parsers import lazymanifest
try:
lm = lazymanifest(mdata)
# iterate the whole thing, which causes the code to fully parse
# every line in the manifest
for e, _, _ in lm.iterentries():
# also exercise __getitem__ et al
lm[e]
e in lm
(e + 'nope') in lm
lm[b'xyzzy'] = (b'\0' * 20, 'x')
# do an insert, text should change
assert lm.text() != mdata, "insert should change text and didn't: %r %r" % (lm.text(), mdata)
cloned = lm.filtercopy(lambda x: x != 'xyzzy')
assert cloned.text() == mdata, 'cloned text should equal mdata'
cloned.diff(lm)
del lm[b'xyzzy']
cloned.diff(lm)
# should be back to the same
assert lm.text() == mdata, "delete should have restored text but didn't: %r %r" % (lm.text(), mdata)
except Exception as e:
pass
# uncomment this print if you're editing this Python code
# to debug failures.
# print e
)py",
"fuzzer", Py_file_input);
return 0;
}
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
// Don't allow fuzzer inputs larger than 100k, since we'll just bog
// down and not accomplish much.
if (Size > 100000) {
return 0;
}
PyObject *mtext =
PyBytes_FromStringAndSize((const char *)Data, (Py_ssize_t)Size);
PyObject *locals = PyDict_New();
PyDict_SetItemString(locals, "mdata", mtext);
PyObject *res = PyEval_EvalCode(code, contrib::pyglobals(), locals);
if (!res) {
PyErr_Print();
}
Py_XDECREF(res);
Py_DECREF(locals);
Py_DECREF(mtext);
return 0; // Non-zero return values are reserved for future use.
}
}