Mercurial > hg
annotate contrib/fuzz/manifest.cc @ 41311:44cd432aed9f
fuzz: restrict manifest input size
Again, let's keep the fuzzer from getting excited about huge inputs.
Differential Revision: https://phab.mercurial-scm.org/D5642
| author | Augie Fackler <raf@durin42.com> |
|---|---|
| date | Tue, 22 Jan 2019 11:41:09 -0500 |
| parents | ef103c96ed33 |
| children | d60bd5c71cbb |
| rev | line source |
|---|---|
|
40053
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
1 #include <Python.h> |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
2 #include <assert.h> |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
3 #include <stdlib.h> |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
4 #include <unistd.h> |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
5 |
|
41013
ef103c96ed33
fuzz: extract Python initialization to utility package
Augie Fackler <augie@google.com>
parents:
40373
diff
changeset
|
6 #include "pyutil.h" |
|
ef103c96ed33
fuzz: extract Python initialization to utility package
Augie Fackler <augie@google.com>
parents:
40373
diff
changeset
|
7 |
|
40053
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
8 #include <string> |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
9 |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
10 extern "C" { |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
11 |
|
40373
c3ab0a89331d
fuzz: move many initialization steps into LLVMFuzzerInitialize
Augie Fackler <augie@google.com>
parents:
40280
diff
changeset
|
12 static PyCodeObject *code; |
|
c3ab0a89331d
fuzz: move many initialization steps into LLVMFuzzerInitialize
Augie Fackler <augie@google.com>
parents:
40280
diff
changeset
|
13 |
|
40053
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
14 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
15 { |
|
41013
ef103c96ed33
fuzz: extract Python initialization to utility package
Augie Fackler <augie@google.com>
parents:
40373
diff
changeset
|
16 contrib::initpy(*argv[0]); |
|
40373
c3ab0a89331d
fuzz: move many initialization steps into LLVMFuzzerInitialize
Augie Fackler <augie@google.com>
parents:
40280
diff
changeset
|
17 code = (PyCodeObject *)Py_CompileString(R"py( |
|
40053
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
18 from parsers import lazymanifest |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
19 try: |
|
40100
ca4a32d0a4d6
fuzz: report error if Python code raised exception
Yuya Nishihara <yuya@tcha.org>
parents:
40089
diff
changeset
|
20 lm = lazymanifest(mdata) |
|
40053
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
21 # iterate the whole thing, which causes the code to fully parse |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
22 # every line in the manifest |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
23 list(lm.iterentries()) |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
24 lm[b'xyzzy'] = (b'\0' * 20, 'x') |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
25 # do an insert, text should change |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
26 assert lm.text() != mdata, "insert should change text and didn't: %r %r" % (lm.text(), mdata) |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
27 del lm[b'xyzzy'] |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
28 # should be back to the same |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
29 assert lm.text() == mdata, "delete should have restored text but didn't: %r %r" % (lm.text(), mdata) |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
30 except Exception as e: |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
31 pass |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
32 # uncomment this print if you're editing this Python code |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
33 # to debug failures. |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
34 # print e |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
35 )py", |
|
40373
c3ab0a89331d
fuzz: move many initialization steps into LLVMFuzzerInitialize
Augie Fackler <augie@google.com>
parents:
40280
diff
changeset
|
36 "fuzzer", Py_file_input); |
|
c3ab0a89331d
fuzz: move many initialization steps into LLVMFuzzerInitialize
Augie Fackler <augie@google.com>
parents:
40280
diff
changeset
|
37 return 0; |
|
c3ab0a89331d
fuzz: move many initialization steps into LLVMFuzzerInitialize
Augie Fackler <augie@google.com>
parents:
40280
diff
changeset
|
38 } |
|
c3ab0a89331d
fuzz: move many initialization steps into LLVMFuzzerInitialize
Augie Fackler <augie@google.com>
parents:
40280
diff
changeset
|
39 |
|
c3ab0a89331d
fuzz: move many initialization steps into LLVMFuzzerInitialize
Augie Fackler <augie@google.com>
parents:
40280
diff
changeset
|
40 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) |
|
c3ab0a89331d
fuzz: move many initialization steps into LLVMFuzzerInitialize
Augie Fackler <augie@google.com>
parents:
40280
diff
changeset
|
41 { |
|
41311
44cd432aed9f
fuzz: restrict manifest input size
Augie Fackler <raf@durin42.com>
parents:
41013
diff
changeset
|
42 // Don't allow fuzzer inputs larger than 100k, since we'll just bog |
|
44cd432aed9f
fuzz: restrict manifest input size
Augie Fackler <raf@durin42.com>
parents:
41013
diff
changeset
|
43 // down and not accomplish much. |
|
44cd432aed9f
fuzz: restrict manifest input size
Augie Fackler <raf@durin42.com>
parents:
41013
diff
changeset
|
44 if (Size > 100000) { |
|
44cd432aed9f
fuzz: restrict manifest input size
Augie Fackler <raf@durin42.com>
parents:
41013
diff
changeset
|
45 return 0; |
|
44cd432aed9f
fuzz: restrict manifest input size
Augie Fackler <raf@durin42.com>
parents:
41013
diff
changeset
|
46 } |
|
40373
c3ab0a89331d
fuzz: move many initialization steps into LLVMFuzzerInitialize
Augie Fackler <augie@google.com>
parents:
40280
diff
changeset
|
47 PyObject *mtext = |
|
c3ab0a89331d
fuzz: move many initialization steps into LLVMFuzzerInitialize
Augie Fackler <augie@google.com>
parents:
40280
diff
changeset
|
48 PyBytes_FromStringAndSize((const char *)Data, (Py_ssize_t)Size); |
|
c3ab0a89331d
fuzz: move many initialization steps into LLVMFuzzerInitialize
Augie Fackler <augie@google.com>
parents:
40280
diff
changeset
|
49 PyObject *locals = PyDict_New(); |
|
c3ab0a89331d
fuzz: move many initialization steps into LLVMFuzzerInitialize
Augie Fackler <augie@google.com>
parents:
40280
diff
changeset
|
50 PyDict_SetItemString(locals, "mdata", mtext); |
|
41013
ef103c96ed33
fuzz: extract Python initialization to utility package
Augie Fackler <augie@google.com>
parents:
40373
diff
changeset
|
51 PyObject *res = PyEval_EvalCode(code, contrib::pyglobals(), locals); |
|
40100
ca4a32d0a4d6
fuzz: report error if Python code raised exception
Yuya Nishihara <yuya@tcha.org>
parents:
40089
diff
changeset
|
52 if (!res) { |
|
ca4a32d0a4d6
fuzz: report error if Python code raised exception
Yuya Nishihara <yuya@tcha.org>
parents:
40089
diff
changeset
|
53 PyErr_Print(); |
|
ca4a32d0a4d6
fuzz: report error if Python code raised exception
Yuya Nishihara <yuya@tcha.org>
parents:
40089
diff
changeset
|
54 } |
|
ca4a32d0a4d6
fuzz: report error if Python code raised exception
Yuya Nishihara <yuya@tcha.org>
parents:
40089
diff
changeset
|
55 Py_XDECREF(res); |
|
40053
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
56 Py_DECREF(locals); |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
57 Py_DECREF(mtext); |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
58 return 0; // Non-zero return values are reserved for future use. |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
59 } |
|
8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff
changeset
|
60 } |