upstream/mercurial-mirror Files · contrib/fuzz/mpatch.cc

revlog: clear revision cache on hash verification failure...

revlog: clear revision cache on hash verification failure The revision cache is populated after raw revision fulltext is retrieved but before hash verification. If hash verification fails, the revision cache will be populated and subsequent operations to retrieve the invalid fulltext may return the cached fulltext instead of raising. This commit changes hash verification so it will invalidate the revision cache if the cached node fails hash verification. The side-effect is that subsequent operations to request the revision text - even the raw revision text - will always fail. The new behavior is consistent and is definitely less wrong. There is an open question of whether revision(raw=True) should validate hashes. But I'm going to punt on this problem. We can always change behavior later. And to be honest, I'm not sure we should expose raw=True on the storage interface at all. Another day... Differential Revision: https://phab.mercurial-scm.org/D4867

Augie Fackler - - Load All Authors

File last commit:

r38264:46dcb9f1 default


                r40090:801ccd8e

default

Download file

             mpatch.cc
        
                    122 lines
            
             | 3.3 KiB
            
                | text/x-c
            
             |
                CppLexer
            
             / contrib / fuzz / mpatch.cc
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      /*

       * mpatch.cc - fuzzer harness for mpatch.c

       *

       * Copyright 2018, Google Inc.

       *

       * This software may be used and distributed according to the terms of

       * the GNU General Public License, incorporated herein by reference.

       */

      #include <iostream>

      #include <memory>

      #include <stdint.h>

      #include <stdlib.h>

      #include <vector>

      #include "fuzzutil.h"

      // To avoid having too many OOMs from the fuzzer infrastructure, we'll

      // skip patch application if the resulting fulltext would be bigger

      // than 10MiB.

      #define MAX_OUTPUT_SIZE 10485760

      extern "C" {

      #include "bitmanipulation.h"

      #include "mpatch.h"

      struct mpatchbin {

      	std::unique_ptr<char[]> data;

      	size_t len;

      };

      static mpatch_flist *getitem(void *vbins, ssize_t pos)

      {

      	std::vector<mpatchbin> *bins = (std::vector<mpatchbin> *)vbins;

      	const mpatchbin &bin = bins->at(pos + 1);

      	struct mpatch_flist *res;

      	LOG(2) << "mpatch_decode " << bin.len << std::endl;

      	if (mpatch_decode(bin.data.get(), bin.len, &res) < 0)

      		return NULL;

      	return res;

      }

      // input format:

      // u8 number of inputs

      // one u16 for each input, its length

      // the inputs

      int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)

      {

      	if (!Size) {

      		return 0;

      	}

      	// First byte of data is how many texts we expect, first text

      	// being the base the rest being the deltas.

      	ssize_t numtexts = Data[0];

      	if (numtexts < 2) {

      		// No point if we don't have at least a base text and a delta...

      		return 0;

      	}

      	// Each text will be described by a byte for how long it

      	// should be, so give up if we don't have enough.

      	if ((Size - 1) < (numtexts * 2)) {

      		return 0;

      	}

      	size_t consumed = 1 + (numtexts * 2);

      	LOG(2) << "input contains " << Size << std::endl;

      	LOG(2) << numtexts << " texts, consuming " << consumed << std::endl;

      	std::vector<mpatchbin> bins;

      	bins.reserve(numtexts);

      	for (int i = 0; i < numtexts; ++i) {

      		mpatchbin bin;

      		size_t nthsize = getbeuint16((char *)Data + 1 + (2 * i));

      		LOG(2) << "text " << i << " is " << nthsize << std::endl;

      		char *start = (char *)Data + consumed;

      		consumed += nthsize;

      		if (consumed > Size) {

      			LOG(2) << "ran out of data, consumed " << consumed

      			       << " of " << Size << std::endl;

      			return 0;

      		}

      		bin.len = nthsize;

      		bin.data.reset(new char[nthsize]);

      		memcpy(bin.data.get(), start, nthsize);

      		bins.push_back(std::move(bin));

      	}

      	LOG(2) << "mpatch_flist" << std::endl;

      	struct mpatch_flist *patch =

      	    mpatch_fold(&bins, getitem, 0, numtexts - 1);

      	if (!patch) {

      		return 0;

      	}

      	LOG(2) << "mpatch_calcsize" << std::endl;

      	ssize_t outlen = mpatch_calcsize(bins[0].len, patch);

      	LOG(2) << "outlen " << outlen << std::endl;

      	if (outlen < 0 || outlen > MAX_OUTPUT_SIZE) {

      		goto cleanup;

      	}

      	{

      		char *dest = (char *)malloc(outlen);

      		LOG(2) << "expecting " << outlen << " total bytes at "

      		       << (void *)dest << std::endl;

      		mpatch_apply(dest, bins[0].data.get(), bins[0].len, patch);

      		free(dest);

      		LOG(1) << "applied a complete patch" << std::endl;

      	}

      cleanup:

      	mpatch_lfree(patch);

      	return 0;

      }

      #ifdef HG_FUZZER_INCLUDE_MAIN

      int main(int argc, char **argv)

      {

      	// One text, one patch.

      	const char data[] = "\x02\x00\0x1\x00\x0d"

      	                    // base text

      	                    "a"

      	                    // binary delta that will append a single b

      	                    "\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01b";

      	return LLVMFuzzerTestOneInput((const uint8_t *)data, 19);

      }

      #endif

      } // extern "C"

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				/*
				* mpatch.cc - fuzzer harness for mpatch.c
				*
				* Copyright 2018, Google Inc.
				*
				* This software may be used and distributed according to the terms of
				* the GNU General Public License, incorporated herein by reference.
				*/
				#include <iostream>
				#include <memory>
				#include <stdint.h>
				#include <stdlib.h>
				#include <vector>

				#include "fuzzutil.h"

				// To avoid having too many OOMs from the fuzzer infrastructure, we'll
				// skip patch application if the resulting fulltext would be bigger
				// than 10MiB.
				#define MAX_OUTPUT_SIZE 10485760

				extern "C" {
				#include "bitmanipulation.h"
				#include "mpatch.h"

				struct mpatchbin {
				std::unique_ptr<char[]> data;
				size_t len;
				};

				static mpatch_flist getitem(void vbins, ssize_t pos)
				{
				std::vector<mpatchbin> bins = (std::vector<mpatchbin> )vbins;
				const mpatchbin &bin = bins->at(pos + 1);
				struct mpatch_flist *res;
				LOG(2) << "mpatch_decode " << bin.len << std::endl;
				if (mpatch_decode(bin.data.get(), bin.len, &res) < 0)
				return NULL;
				return res;
				}

				// input format:
				// u8 number of inputs
				// one u16 for each input, its length
				// the inputs
				int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
				{
				if (!Size) {
				return 0;
				}
				// First byte of data is how many texts we expect, first text
				// being the base the rest being the deltas.
				ssize_t numtexts = Data[0];
				if (numtexts < 2) {
				// No point if we don't have at least a base text and a delta...
				return 0;
				}
				// Each text will be described by a byte for how long it
				// should be, so give up if we don't have enough.
				if ((Size - 1) < (numtexts * 2)) {
				return 0;
				}
				size_t consumed = 1 + (numtexts * 2);
				LOG(2) << "input contains " << Size << std::endl;
				LOG(2) << numtexts << " texts, consuming " << consumed << std::endl;
				std::vector<mpatchbin> bins;
				bins.reserve(numtexts);
				for (int i = 0; i < numtexts; ++i) {
				mpatchbin bin;
				size_t nthsize = getbeuint16((char )Data + 1 + (2 i));
				LOG(2) << "text " << i << " is " << nthsize << std::endl;
				char start = (char )Data + consumed;
				consumed += nthsize;
				if (consumed > Size) {
				LOG(2) << "ran out of data, consumed " << consumed
				<< " of " << Size << std::endl;
				return 0;
				}
				bin.len = nthsize;
				bin.data.reset(new char[nthsize]);
				memcpy(bin.data.get(), start, nthsize);
				bins.push_back(std::move(bin));
				}
				LOG(2) << "mpatch_flist" << std::endl;
				struct mpatch_flist *patch =
				mpatch_fold(&bins, getitem, 0, numtexts - 1);
				if (!patch) {
				return 0;
				}
				LOG(2) << "mpatch_calcsize" << std::endl;
				ssize_t outlen = mpatch_calcsize(bins[0].len, patch);
				LOG(2) << "outlen " << outlen << std::endl;
				if (outlen < 0 \|\| outlen > MAX_OUTPUT_SIZE) {
				goto cleanup;
				}
				{
				char dest = (char )malloc(outlen);
				LOG(2) << "expecting " << outlen << " total bytes at "
				<< (void *)dest << std::endl;
				mpatch_apply(dest, bins[0].data.get(), bins[0].len, patch);
				free(dest);
				LOG(1) << "applied a complete patch" << std::endl;
				}
				cleanup:
				mpatch_lfree(patch);
				return 0;
				}

				#ifdef HG_FUZZER_INCLUDE_MAIN
				int main(int argc, char **argv)
				{
				// One text, one patch.
				const char data[] = "\x02\x00\0x1\x00\x0d"
				// base text
				"a"
				// binary delta that will append a single b
				"\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01b";
				return LLVMFuzzerTestOneInput((const uint8_t *)data, 19);
				}
				#endif

				} // extern "C"