upstream/mercurial-mirror Files · contrib/fuzz/manifest.cc

parsers: better bounds checking in fm1readmarkers...

parsers: better bounds checking in fm1readmarkers Our Python already calls this with reasonable values consistently, but my upcoming fuzzer is extremely quick to discover the lack of sanity checking here. Differential Revision: https://phab.mercurial-scm.org/D5464

Augie Fackler - - Load All Authors

File last commit:

r41049:ef103c96 default


                r41052:5c68b617

default

Download file

             manifest.cc
        
                    55 lines
            
             | 1.4 KiB
            
                | text/x-c
            
             |
                CppLexer
            
             / contrib / fuzz / manifest.cc
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      #include <Python.h>

      #include <assert.h>

      #include <stdlib.h>

      #include <unistd.h>

      #include "pyutil.h"

      #include <string>

      extern "C" {

      static PyCodeObject *code;

      extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)

      {

      	contrib::initpy(*argv[0]);

      	code = (PyCodeObject *)Py_CompileString(R"py(

      from parsers import lazymanifest

      try:

        lm = lazymanifest(mdata)

        # iterate the whole thing, which causes the code to fully parse

        # every line in the manifest

        list(lm.iterentries())

        lm[b'xyzzy'] = (b'\0' * 20, 'x')

        # do an insert, text should change

        assert lm.text() != mdata, "insert should change text and didn't: %r %r" % (lm.text(), mdata)

        del lm[b'xyzzy']

        # should be back to the same

        assert lm.text() == mdata, "delete should have restored text but didn't: %r %r" % (lm.text(), mdata)

      except Exception as e:

        pass

        # uncomment this print if you're editing this Python code

        # to debug failures.

        # print e

      )py",

      	                                        "fuzzer", Py_file_input);

      	return 0;

      }

      int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)

      {

      	PyObject *mtext =

      	    PyBytes_FromStringAndSize((const char *)Data, (Py_ssize_t)Size);

      	PyObject *locals = PyDict_New();

      	PyDict_SetItemString(locals, "mdata", mtext);

      	PyObject *res = PyEval_EvalCode(code, contrib::pyglobals(), locals);

      	if (!res) {

      		PyErr_Print();

      	}

      	Py_XDECREF(res);

      	Py_DECREF(locals);

      	Py_DECREF(mtext);

      	return 0; // Non-zero return values are reserved for future use.

      }

      }

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				#include <Python.h>
				#include <assert.h>
				#include <stdlib.h>
				#include <unistd.h>

				#include "pyutil.h"

				#include <string>

				extern "C" {

				static PyCodeObject *code;

				extern "C" int LLVMFuzzerInitialize(int argc, char **argv)
				{
				contrib::initpy(*argv[0]);
				code = (PyCodeObject *)Py_CompileString(R"py(
				from parsers import lazymanifest
				try:
				lm = lazymanifest(mdata)
				# iterate the whole thing, which causes the code to fully parse
				# every line in the manifest
				list(lm.iterentries())
				lm[b'xyzzy'] = (b'\0' * 20, 'x')
				# do an insert, text should change
				assert lm.text() != mdata, "insert should change text and didn't: %r %r" % (lm.text(), mdata)
				del lm[b'xyzzy']
				# should be back to the same
				assert lm.text() == mdata, "delete should have restored text but didn't: %r %r" % (lm.text(), mdata)
				except Exception as e:
				pass
				# uncomment this print if you're editing this Python code
				# to debug failures.
				# print e
				)py",
				"fuzzer", Py_file_input);
				return 0;
				}

				int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
				{
				PyObject *mtext =
				PyBytes_FromStringAndSize((const char *)Data, (Py_ssize_t)Size);
				PyObject *locals = PyDict_New();
				PyDict_SetItemString(locals, "mdata", mtext);
				PyObject *res = PyEval_EvalCode(code, contrib::pyglobals(), locals);
				if (!res) {
				PyErr_Print();
				}
				Py_XDECREF(res);
				Py_DECREF(locals);
				Py_DECREF(mtext);
				return 0; // Non-zero return values are reserved for future use.
				}
				}