Patchwork D1875: contrib: add some basic scaffolding for some fuzz test targets

login
register
mail settings
Submitter phabricator
Date Jan. 17, 2018, 9:40 p.m.
Message ID <7b5c28241de7986648a32bbdbcd14174@localhost.localdomain>
Download mbox | patch
Permalink /patch/26831/
State Not Applicable
Headers show

Comments

phabricator - Jan. 17, 2018, 9:40 p.m.
This revision was automatically updated to reflect the committed changes.
Closed by commit rHG75a3c876fbd1: contrib: add some basic scaffolding for some fuzz test targets (authored by durin42, committed by ).

REPOSITORY
  rHG Mercurial

CHANGES SINCE LAST UPDATE
  https://phab.mercurial-scm.org/D1875?vs=4856&id=4861

REVISION DETAIL
  https://phab.mercurial-scm.org/D1875

AFFECTED FILES
  contrib/fuzz/Makefile
  contrib/fuzz/bdiff.cc
  tests/test-fuzz-targets.t

CHANGE DETAILS




To: durin42, #hg-reviewers, indygreg
Cc: indygreg, mercurial-devel

Patch

diff --git a/tests/test-fuzz-targets.t b/tests/test-fuzz-targets.t
new file mode 100644
--- /dev/null
+++ b/tests/test-fuzz-targets.t
@@ -0,0 +1,5 @@ 
+#require clang-libfuzzer test-repo
+  $ cd $TESTDIR/../contrib/fuzz
+  $ make
+Just run the fuzzer for five seconds to verify it works at all.
+  $ ./bdiff -max_total_time 5
diff --git a/contrib/fuzz/bdiff.cc b/contrib/fuzz/bdiff.cc
new file mode 100644
--- /dev/null
+++ b/contrib/fuzz/bdiff.cc
@@ -0,0 +1,49 @@ 
+/*
+ * bdiff.cc - fuzzer harness for bdiff.c
+ *
+ * Copyright 2018, Google Inc.
+ *
+ * This software may be used and distributed according to the terms of
+ * the GNU General Public License, incorporated herein by reference.
+ */
+#include <stdlib.h>
+
+extern "C" {
+#include "bdiff.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
+	if (!Size) {
+		return 0;
+	}
+	// figure out a random point in [0, Size] to split our input.
+	size_t split = Data[0] / 255.0 * Size;
+
+	// left input to diff is data[1:split]
+	const uint8_t *left = Data + 1;
+	// which has len split-1
+	size_t left_size = split - 1;
+	// right starts at the next byte after left ends
+	const uint8_t *right = left + left_size;
+	size_t right_size = Size - split;
+
+	struct bdiff_line *a, *b;
+	int an = bdiff_splitlines((const char *)left, split - 1, &a);
+	int bn = bdiff_splitlines((const char *)right, right_size, &b);
+	struct bdiff_hunk l;
+	bdiff_diff(a, an, b, bn, &l);
+	free(a);
+	free(b);
+	bdiff_freehunks(l.next);
+	return 0; // Non-zero return values are reserved for future use.
+}
+
+#ifdef HG_FUZZER_INCLUDE_MAIN
+int main(int argc, char **argv)
+{
+	const char data[] = "asdf";
+	return LLVMFuzzerTestOneInput((const uint8_t *)data, 4);
+}
+#endif
+
+} // extern "C"
diff --git a/contrib/fuzz/Makefile b/contrib/fuzz/Makefile
new file mode 100644
--- /dev/null
+++ b/contrib/fuzz/Makefile
@@ -0,0 +1,20 @@ 
+bdiff.o: ../../mercurial/bdiff.c
+	clang -g -O1 -fsanitize=fuzzer-no-link,address -c -o bdiff.o \
+	  ../../mercurial/bdiff.c
+
+bdiff: bdiff.cc bdiff.o
+	clang -DHG_FUZZER_INCLUDE_MAIN=1 -g -O1 -fsanitize=fuzzer-no-link,address \
+	  -I../../mercurial bdiff.cc bdiff.o -o bdiff
+
+bdiff-oss-fuzz.o: ../../mercurial/bdiff.c
+	$$CC $$CFLAGS -c -o bdiff-oss-fuzz.o ../../mercurial/bdiff.c
+
+bdiff_fuzzer: bdiff.cc bdiff-oss-fuzz.o
+	$$CXX $$CXXFLAGS -std=c++11 -I../../mercurial bdiff.cc \
+	  bdiff-oss-fuzz.o -lFuzzingEngine -o $$OUT/bdiff_fuzzer
+
+all: bdiff
+
+oss-fuzz: bdiff_fuzzer
+
+.PHONY: all oss-fuzz