Patchwork D8374: fuzz: tell manifest fuzzer about longer node hashes

login
register
mail settings
Submitter phabricator
Date April 2, 2020, 8:32 p.m.
Message ID <differential-rev-PHID-DREV-ppwsiq7nsgwnuyuhq6sf-req@mercurial-scm.org>
Download mbox | patch
Permalink /patch/46006/
State Superseded
Headers show

Comments

phabricator - April 2, 2020, 8:32 p.m.
durin42 created this revision.
Herald added a subscriber: mercurial-devel.
Herald added a reviewer: hg-reviewers.

REPOSITORY
  rHG Mercurial

BRANCH
  default

REVISION DETAIL
  https://phab.mercurial-scm.org/D8374

AFFECTED FILES
  contrib/fuzz/manifest.cc
  contrib/fuzz/manifest_corpus.py

CHANGE DETAILS




To: durin42, #hg-reviewers
Cc: mercurial-devel
phabricator - April 14, 2020, 9:02 a.m.
This revision now requires changes to proceed.
Alphare added a comment.
Alphare requested changes to this revision.


  Looks to me like this is two changes in one, with the addition of null bytes. Or am I missing something?

REPOSITORY
  rHG Mercurial

CHANGES SINCE LAST ACTION
  https://phab.mercurial-scm.org/D8374/new/

REVISION DETAIL
  https://phab.mercurial-scm.org/D8374

To: durin42, #hg-reviewers, Alphare
Cc: Alphare, mercurial-devel
phabricator - April 14, 2020, 3:22 p.m.
durin42 added a comment.


  In D8374#125469 <https://phab.mercurial-scm.org/D8374#125469>, @Alphare wrote:
  
  > Looks to me like this is two changes in one, with the addition of null bytes. Or am I missing something?
  
  The input format for the corpus changed because of the ConsumeBool() call that then determines the width of generated node IDs.

REPOSITORY
  rHG Mercurial

CHANGES SINCE LAST ACTION
  https://phab.mercurial-scm.org/D8374/new/

REVISION DETAIL
  https://phab.mercurial-scm.org/D8374

To: durin42, #hg-reviewers, Alphare
Cc: Alphare, mercurial-devel
phabricator - June 15, 2020, 9:14 a.m.
Herald added a subscriber: mercurial-patches.
pulkit added a comment.


  I am not sure what's the status of this one. @durin42 does this needs to be reviewed? If yes, can you rebase and push?

REPOSITORY
  rHG Mercurial

CHANGES SINCE LAST ACTION
  https://phab.mercurial-scm.org/D8374/new/

REVISION DETAIL
  https://phab.mercurial-scm.org/D8374

To: durin42, #hg-reviewers, Alphare
Cc: mercurial-patches, pulkit, Alphare, mercurial-devel
phabricator - June 17, 2020, 3:01 p.m.
durin42 added a comment.


  This is still valid.

REPOSITORY
  rHG Mercurial

CHANGES SINCE LAST ACTION
  https://phab.mercurial-scm.org/D8374/new/

REVISION DETAIL
  https://phab.mercurial-scm.org/D8374

To: durin42, #hg-reviewers, Alphare
Cc: mercurial-patches, pulkit, Alphare, mercurial-devel

Patch

diff --git a/contrib/fuzz/manifest_corpus.py b/contrib/fuzz/manifest_corpus.py
--- a/contrib/fuzz/manifest_corpus.py
+++ b/contrib/fuzz/manifest_corpus.py
@@ -10,7 +10,7 @@ 
 with zipfile.ZipFile(args.out[0], "w", zipfile.ZIP_STORED) as zf:
     zf.writestr(
         "manifest_zero",
-        '''PKG-INFO\09b3ed8f2b81095a13064402e930565f083346e9a
+        '''\0PKG-INFO\09b3ed8f2b81095a13064402e930565f083346e9a
 README\080b6e76643dcb44d4bc729e932fc464b3e36dbe3
 hg\0b6444347c629cc058d478023905cfb83b7f5bb9d
 mercurial/__init__.py\0b80de5d138758541c5f05265ad144ab9fa86d1db
@@ -25,9 +25,14 @@ 
 tkmerge\03c922edb43a9c143682f7bc7b00f98b3c756ebe7
 ''',
     )
-    zf.writestr("badmanifest_shorthashes", "narf\0aa\nnarf2\0aaa\n")
+    zf.writestr("badmanifest_shorthashes", "\0narf\0aa\nnarf2\0aaa\n")
     zf.writestr(
         "badmanifest_nonull",
-        "narf\0cccccccccccccccccccccccccccccccccccccccc\n"
+        "\0narf\0cccccccccccccccccccccccccccccccccccccccc\n"
         "narf2aaaaaaaaaaaaaaaaaaaa\n",
     )
+
+    zf.writestr(
+        "manifest_long_nodes",
+        "\1a\0ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\n",
+    )
diff --git a/contrib/fuzz/manifest.cc b/contrib/fuzz/manifest.cc
--- a/contrib/fuzz/manifest.cc
+++ b/contrib/fuzz/manifest.cc
@@ -3,6 +3,7 @@ 
 #include <stdlib.h>
 #include <unistd.h>
 
+#include "FuzzedDataProvider.h"
 #include "pyutil.h"
 
 #include <string>
@@ -24,7 +25,7 @@ 
       lm[e]
       e in lm
       (e + 'nope') in lm
-  lm[b'xyzzy'] = (b'\0' * 20, 'x')
+  lm[b'xyzzy'] = (b'\0' * nlen, 'x')
   # do an insert, text should change
   assert lm.text() != mdata, "insert should change text and didn't: %r %r" % (lm.text(), mdata)
   cloned = lm.filtercopy(lambda x: x != 'xyzzy')
@@ -51,10 +52,14 @@ 
 	if (Size > 100000) {
 		return 0;
 	}
+	FuzzedDataProvider provider(Data, Size);
+	Py_ssize_t nodelength = provider.ConsumeBool() ? 20 : 32;
+	PyObject *nlen = PyLong_FromSsize_t(nodelength);
 	PyObject *mtext =
 	    PyBytes_FromStringAndSize((const char *)Data, (Py_ssize_t)Size);
 	PyObject *locals = PyDict_New();
 	PyDict_SetItemString(locals, "mdata", mtext);
+	PyDict_SetItemString(locals, "nlen", nlen);
 	PyObject *res = PyEval_EvalCode(code, contrib::pyglobals(), locals);
 	if (!res) {
 		PyErr_Print();