Mercurial > hg

view contrib/fuzz/standalone_fuzz_target_runner.cc @ 45095:8e04607023e5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
procutil: ensure that procutil.std{out,err}.write() writes all bytes Python 3 offers different kind of streams and it’s not guaranteed for all of them that calling write() writes all bytes. When Python is started in unbuffered mode, sys.std{out,err}.buffer are instances of io.FileIO, whose write() can write less bytes for platform-specific reasons (e.g. Linux has a 0x7ffff000 bytes maximum and could write less if interrupted by a signal; when writing to Windows consoles, it’s limited to 32767 bytes to avoid the "not enough space" error). This can lead to silent loss of data, both when using sys.std{out,err}.buffer (which may in fact not be a buffered stream) and when using the text streams sys.std{out,err} (I’ve created a CPython bug report for that: https://bugs.python.org/issue41221). Python may fix the problem at some point. For now, we implement our own wrapper for procutil.std{out,err} that calls the raw stream’s write() method until all bytes have been written. We don’t use sys.std{out,err} for larger writes, so I think it’s not worth the effort to patch them.
author Manuel Jacob <me@manueljacob.de>
date Fri, 10 Jul 2020 12:27:58 +0200
parents e137338e926b
children
line wrap: on
line source

// Copyright 2017 Google Inc. All Rights Reserved.
// Licensed under the Apache License, Version 2.0 (the "License");

// Example of a standalone runner for "fuzz targets".
// It reads all files passed as parameters and feeds their contents
// one by one into the fuzz target (LLVMFuzzerTestOneInput).
// This runner does not do any fuzzing, but allows us to run the fuzz target
// on the test corpus (e.g. "do_stuff_test_data") or on a single file,
// e.g. the one that comes from a bug report.

#include <cassert>
#include <fstream>
#include <iostream>
#include <vector>

// Forward declare the "fuzz target" interface.
// We deliberately keep this inteface simple and header-free.
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);

extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv);

int main(int argc, char **argv)
{
	LLVMFuzzerInitialize(&argc, &argv);

	for (int i = 1; i < argc; i++) {
		std::ifstream in(argv[i]);
		in.seekg(0, in.end);
		size_t length = in.tellg();
		in.seekg(0, in.beg);
		std::cout << "Reading " << length << " bytes from " << argv[i]
		          << std::endl;
		// Allocate exactly length bytes so that we reliably catch
		// buffer overflows.
		std::vector<char> bytes(length);
		in.read(bytes.data(), bytes.size());
		assert(in);
		LLVMFuzzerTestOneInput(
		    reinterpret_cast<const uint8_t *>(bytes.data()),
		    bytes.size());
		std::cout << "Execution successful" << std::endl;
	}
	return 0;
}
// no-check-code since this is from a third party