Mercurial > public > mercurial-scm > hg

diff contrib/fuzz/bdiff.cc @ 35670:2b9e2415f5b5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
contrib: add some basic scaffolding for some fuzz test targets I'd like to get the majority of our C code covered by automated fuzz testing. I've started with bdiff because it was already decoupled from libpython and therefore was fairly quick to produce a working fuzzer. The code here is a little odd because I've been having trouble convincing libfuzzer to define a main and I threw in the towel. This code will also work with github.com/google/oss-fuzz, and once it lands in our main repo I intend to enable automated fuzzing in oss-fuzz with reports going to our security alias. Differential Revision: https://phab.mercurial-scm.org/D1875
author Augie Fackler <augie@google.com>
date Wed, 17 Jan 2018 15:47:38 -0500
parents
children fa0ddd5e8fff
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/contrib/fuzz/bdiff.cc	Wed Jan 17 15:47:38 2018 -0500
@@ -0,0 +1,49 @@
+/*
+ * bdiff.cc - fuzzer harness for bdiff.c
+ *
+ * Copyright 2018, Google Inc.
+ *
+ * This software may be used and distributed according to the terms of
+ * the GNU General Public License, incorporated herein by reference.
+ */
+#include <stdlib.h>
+
+extern "C" {
+#include "bdiff.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
+	if (!Size) {
+		return 0;
+	}
+	// figure out a random point in [0, Size] to split our input.
+	size_t split = Data[0] / 255.0 * Size;
+
+	// left input to diff is data[1:split]
+	const uint8_t *left = Data + 1;
+	// which has len split-1
+	size_t left_size = split - 1;
+	// right starts at the next byte after left ends
+	const uint8_t *right = left + left_size;
+	size_t right_size = Size - split;
+
+	struct bdiff_line *a, *b;
+	int an = bdiff_splitlines((const char *)left, split - 1, &a);
+	int bn = bdiff_splitlines((const char *)right, right_size, &b);
+	struct bdiff_hunk l;
+	bdiff_diff(a, an, b, bn, &l);
+	free(a);
+	free(b);
+	bdiff_freehunks(l.next);
+	return 0; // Non-zero return values are reserved for future use.
+}
+
+#ifdef HG_FUZZER_INCLUDE_MAIN
+int main(int argc, char **argv)
+{
+	const char data[] = "asdf";
+	return LLVMFuzzerTestOneInput((const uint8_t *)data, 4);
+}
+#endif
+
+} // extern "C"