##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

parsers: better bounds checking in fm1readmarkers...
parsers: better bounds checking in fm1readmarkers Our Python already calls this with reasonable values consistently, but my upcoming fuzzer is extremely quick to discover the lack of sanity checking here. Differential Revision: https://phab.mercurial-scm.org/D5464
Yuya Nishihara - - Load All Authors

File last commit:

r38234:a1c0873a default
r41052:5c68b617 default
Show More
fuzzutil.cc
27 lines | 922 B | text/x-c | CppLexer
/ contrib / fuzz / fuzzutil.cc
History | Annotation | Raw |Copy content |Copy permalink
#include "fuzzutil.h"
#include <cstring>
#include <utility>
contrib::optional<two_inputs> SplitInputs(const uint8_t *Data, size_t Size)
{
if (!Size) {
return contrib::nullopt;
}
// figure out a random point in [0, Size] to split our input.
size_t left_size = (Data[0] / 255.0) * (Size - 1);
// Copy inputs to new allocations so if bdiff over-reads
// AddressSanitizer can detect it.
std::unique_ptr<char[]> left(new char[left_size]);
std::memcpy(left.get(), Data + 1, left_size);
// right starts at the next byte after left ends
size_t right_size = Size - (left_size + 1);
std::unique_ptr<char[]> right(new char[right_size]);
std::memcpy(right.get(), Data + 1 + left_size, right_size);
LOG(2) << "inputs are " << left_size << " and " << right_size
<< " bytes" << std::endl;
two_inputs result = {std::move(right), right_size, std::move(left),
left_size};
return result;
}