Mercurial Mercurial > hg / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
contrib/fuzz/manifest.cc
author Augie Fackler <augie@google.com>
Thu, 06 Sep 2018 02:36:25 -0400
changeset 40053 8c692a6b5ad1
child 40089 3418f83c8874
permissions -rw-r--r--
fuzz: new fuzzer for cext/manifest.c This is a bit messy, because lazymanifest is tightly coupled to the cpython API for performance reasons. As a result, we have to build a whole Python without pymalloc (so ASAN can help us out) and link against that. Then we have to use an embedded Python interpreter. We could manually drive the lazymanifest in C from that point, but experimentally just using PyEval_EvalCode isn't really any slower so we may as well do that and write the innermost guts of the fuzzer in Python. Leak detection is currently disabled for this fuzzer because there are a few global-lifetime things in our extensions that we more or less intentionally leak and I didn't want to take the detour to work around that for now. This should not be pushed to our repo until https://github.com/google/oss-fuzz/pull/1853 is merged, as this depends on having the Python tarball around. Differential Revision: https://phab.mercurial-scm.org/D4879
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
40053
8c692a6b5ad1 fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff changeset 
     1
 
#include <Python.h>
8c692a6b5ad1 fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff changeset 
     2
 
#include <assert.h>
8c692a6b5ad1 fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff changeset 
     3
 
#include <stdlib.h>
8c692a6b5ad1 fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff changeset 
     4
 
#include <unistd.h>
8c692a6b5ad1 fuzz: new fuzzer for cext/manifest.c
Augie Fackler <augie@google.com>
parents:
diff changeset 
     5
 












8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




     6


#include <string>













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




     7














8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




     8


extern "C" {













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




     9














8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    10


/* TODO: use Python 3 for this fuzzing? */













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    11


PyMODINIT_FUNC initparsers(void);













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    12














8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    13


static char cpypath[8192] = "\0";













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    14














8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    15


extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    16


{













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    17


	const std::string subdir = "/sanpy/lib/python2.7";













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    18


	/* HACK ALERT: we need a full Python installation built without













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    19


	   pymalloc and with ASAN, so we dump one in













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    20


	   $OUT/sanpy/lib/python2.7. This helps us wire that up. */













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    21


	std::string selfpath(*argv[0]);













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    22


	std::string pypath;













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    23


	auto pos = selfpath.rfind("/");













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    24


	if (pos == std::string::npos) {













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    25


		char wd[8192];













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    26


		getcwd(wd, 8192);













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    27


		pypath = std::string(wd) + subdir;













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    28


	} else {













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    29


		pypath = selfpath.substr(0, pos) + subdir;













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    30


	}













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    31


	strncpy(cpypath, pypath.c_str(), pypath.size());













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    32


	setenv("PYTHONPATH", cpypath, 1);













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    33


	Py_SetPythonHome(cpypath);













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    34


	return 0;













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    35


}













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    36














8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    37


int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    38


{













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    39


	Py_InitializeEx(0);













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    40


	initparsers();













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    41


	PyObject *mtext =













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    42


	    PyBytes_FromStringAndSize((const char *)Data, (Py_ssize_t)Size);













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    43


	PyObject *mainmod = PyImport_AddModule("__main__");













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    44


	PyObject *globals = PyModule_GetDict(mainmod);













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    45


	PyObject *locals = PyDict_New();













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    46


	PyDict_SetItemString(locals, "mdata", mtext);













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    47


	PyCodeObject *code =













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    48


	    (PyCodeObject *)Py_CompileString(R"py(













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    49


from parsers import lazymanifest













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    50


lm = lazymanifest(mdata)













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    51


try:













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    52


  # iterate the whole thing, which causes the code to fully parse













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    53


  # every line in the manifest













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    54


  list(lm.iterentries())













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    55


  lm[b'xyzzy'] = (b'\0' * 20, 'x')













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    56


  # do an insert, text should change













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    57


  assert lm.text() != mdata, "insert should change text and didn't: %r %r" % (lm.text(), mdata)













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    58


  del lm[b'xyzzy']













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    59


  # should be back to the same













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    60


  assert lm.text() == mdata, "delete should have restored text but didn't: %r %r" % (lm.text(), mdata)













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    61


except Exception as e:













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    62


  pass













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    63


  # uncomment this print if you're editing this Python code













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    64


  # to debug failures.













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    65


  # print e













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    66


)py",













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    67


	                                     "fuzzer", Py_file_input);













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    68


	PyEval_EvalCode(code, globals, locals);













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    69


	Py_DECREF(code);













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    70


	Py_DECREF(locals);













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    71


	Py_DECREF(mtext);













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    72


	Py_Finalize();













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    73


	return 0; // Non-zero return values are reserved for future use.













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    74


}













8c692a6b5ad1
fuzz: new fuzzer for cext/manifest.c



Augie Fackler <augie@google.com>


parents: 

diff
changeset




    75


}















Mercurial