upstream/mercurial-mirror Files · contrib/fuzz/fuzzutil.cc

fuzz: new fuzzer for cext/manifest.c...

fuzz: new fuzzer for cext/manifest.c This is a bit messy, because lazymanifest is tightly coupled to the cpython API for performance reasons. As a result, we have to build a whole Python without pymalloc (so ASAN can help us out) and link against that. Then we have to use an embedded Python interpreter. We could manually drive the lazymanifest in C from that point, but experimentally just using PyEval_EvalCode isn't really any slower so we may as well do that and write the innermost guts of the fuzzer in Python. Leak detection is currently disabled for this fuzzer because there are a few global-lifetime things in our extensions that we more or less intentionally leak and I didn't want to take the detour to work around that for now. This should not be pushed to our repo until https://github.com/google/oss-fuzz/pull/1853 is merged, as this depends on having the Python tarball around. Differential Revision: https://phab.mercurial-scm.org/D4879

Yuya Nishihara - - Load All Authors

File last commit:

r38234:a1c0873a default


                r40089:8c692a6b

default

Download file

             fuzzutil.cc
        
                    27 lines
            
             | 922 B
            
                | text/x-c
            
             |
                CppLexer
            
             / contrib / fuzz / fuzzutil.cc
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      #include "fuzzutil.h"

      #include <cstring>

      #include <utility>

      contrib::optional<two_inputs> SplitInputs(const uint8_t *Data, size_t Size)

      {

      	if (!Size) {

      		return contrib::nullopt;

      	}

      	// figure out a random point in [0, Size] to split our input.

      	size_t left_size = (Data[0] / 255.0) * (Size - 1);

      	// Copy inputs to new allocations so if bdiff over-reads

      	// AddressSanitizer can detect it.

      	std::unique_ptr<char[]> left(new char[left_size]);

      	std::memcpy(left.get(), Data + 1, left_size);

      	// right starts at the next byte after left ends

      	size_t right_size = Size - (left_size + 1);

      	std::unique_ptr<char[]> right(new char[right_size]);

      	std::memcpy(right.get(), Data + 1 + left_size, right_size);

      	LOG(2) << "inputs are  " << left_size << " and " << right_size

      	       << " bytes" << std::endl;

      	two_inputs result = {std::move(right), right_size, std::move(left),

      	                     left_size};

      	return result;

      }

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				#include "fuzzutil.h"

				#include <cstring>
				#include <utility>

				contrib::optional<two_inputs> SplitInputs(const uint8_t *Data, size_t Size)
				{
				if (!Size) {
				return contrib::nullopt;
				}
				// figure out a random point in [0, Size] to split our input.
				size_t left_size = (Data[0] / 255.0) * (Size - 1);

				// Copy inputs to new allocations so if bdiff over-reads
				// AddressSanitizer can detect it.
				std::unique_ptr<char[]> left(new char[left_size]);
				std::memcpy(left.get(), Data + 1, left_size);
				// right starts at the next byte after left ends
				size_t right_size = Size - (left_size + 1);
				std::unique_ptr<char[]> right(new char[right_size]);
				std::memcpy(right.get(), Data + 1 + left_size, right_size);
				LOG(2) << "inputs are " << left_size << " and " << right_size
				<< " bytes" << std::endl;
				two_inputs result = {std::move(right), right_size, std::move(left),
				left_size};
				return result;
				}