Patchwork [2,of,2] fuzz: report error if Python code raised exception

login
register
mail settings
Submitter Yuya Nishihara
Date Oct. 9, 2018, 12:58 p.m.
Message ID <5f7fc2ed2431c3ea50da.1539089932@mimosa>
Download mbox | patch
Permalink /patch/35577/
State Accepted
Headers show

Comments

Yuya Nishihara - Oct. 9, 2018, 12:58 p.m.
# HG changeset patch
# User Yuya Nishihara <yuya@tcha.org>
# Date 1539038761 -32400
#      Tue Oct 09 07:46:01 2018 +0900
# Node ID 5f7fc2ed2431c3ea50daa3ffedb9d9698c7fe53f
# Parent  fec6a0498695298ec0507a76cd26334794da93be
fuzz: report error if Python code raised exception

I think that's what we wanted to do, given the most of the code block is
surrounded by try-except. 'lazymanifest(mdata)' is moved to the try block
as it can fail.

Patch

diff --git a/contrib/fuzz/manifest.cc b/contrib/fuzz/manifest.cc
--- a/contrib/fuzz/manifest.cc
+++ b/contrib/fuzz/manifest.cc
@@ -47,8 +47,8 @@  int LLVMFuzzerTestOneInput(const uint8_t
 	PyCodeObject *code =
 	    (PyCodeObject *)Py_CompileString(R"py(
 from parsers import lazymanifest
-lm = lazymanifest(mdata)
 try:
+  lm = lazymanifest(mdata)
   # iterate the whole thing, which causes the code to fully parse
   # every line in the manifest
   list(lm.iterentries())
@@ -65,7 +65,11 @@  except Exception as e:
   # print e
 )py",
 	                                     "fuzzer", Py_file_input);
-	PyEval_EvalCode(code, globals, locals);
+	PyObject *res = PyEval_EvalCode(code, globals, locals);
+	if (!res) {
+		PyErr_Print();
+	}
+	Py_XDECREF(res);
 	Py_DECREF(code);
 	Py_DECREF(locals);
 	Py_DECREF(mtext);