Mercurial > hg
view contrib/fuzz/mpatch.cc @ 38336:bb7e3c6ef592
phabricator: preserve the phase when amending in the Differential fields
I have no idea if it's better to change scmutil.cleanupnodes() so that it has
the option to either apply a specific phase (e.g. for various --secret switches)
or carry over the phase of the old node. The benefit would be that the caller
doesn't have to remember to do this. The con is maybe inefficiency? I wrote
this up as issue5918. I'm leaving that open since Yuya flagged it as an API
bug.
Since most other callers already do this, it's the simplest fix. (It's not
obvious that `split`, `fix` and `rebase` are doing this, but there is test
coverage for `fix` and `rebase`, and experimenting with `split` shows it does
the right thing.)
author | Matt Harbison <matt_harbison@yahoo.com> |
---|---|
date | Thu, 14 Jun 2018 12:35:04 -0400 |
parents | 46dcb9f14900 |
children | 51a99e09c54b |
line wrap: on
line source
/* * mpatch.cc - fuzzer harness for mpatch.c * * Copyright 2018, Google Inc. * * This software may be used and distributed according to the terms of * the GNU General Public License, incorporated herein by reference. */ #include <iostream> #include <memory> #include <stdint.h> #include <stdlib.h> #include <vector> #include "fuzzutil.h" // To avoid having too many OOMs from the fuzzer infrastructure, we'll // skip patch application if the resulting fulltext would be bigger // than 10MiB. #define MAX_OUTPUT_SIZE 10485760 extern "C" { #include "bitmanipulation.h" #include "mpatch.h" struct mpatchbin { std::unique_ptr<char[]> data; size_t len; }; static mpatch_flist *getitem(void *vbins, ssize_t pos) { std::vector<mpatchbin> *bins = (std::vector<mpatchbin> *)vbins; const mpatchbin &bin = bins->at(pos + 1); struct mpatch_flist *res; LOG(2) << "mpatch_decode " << bin.len << std::endl; if (mpatch_decode(bin.data.get(), bin.len, &res) < 0) return NULL; return res; } // input format: // u8 number of inputs // one u16 for each input, its length // the inputs int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { if (!Size) { return 0; } // First byte of data is how many texts we expect, first text // being the base the rest being the deltas. ssize_t numtexts = Data[0]; if (numtexts < 2) { // No point if we don't have at least a base text and a delta... return 0; } // Each text will be described by a byte for how long it // should be, so give up if we don't have enough. if ((Size - 1) < (numtexts * 2)) { return 0; } size_t consumed = 1 + (numtexts * 2); LOG(2) << "input contains " << Size << std::endl; LOG(2) << numtexts << " texts, consuming " << consumed << std::endl; std::vector<mpatchbin> bins; bins.reserve(numtexts); for (int i = 0; i < numtexts; ++i) { mpatchbin bin; size_t nthsize = getbeuint16((char *)Data + 1 + (2 * i)); LOG(2) << "text " << i << " is " << nthsize << std::endl; char *start = (char *)Data + consumed; consumed += nthsize; if (consumed > Size) { LOG(2) << "ran out of data, consumed " << consumed << " of " << Size << std::endl; return 0; } bin.len = nthsize; bin.data.reset(new char[nthsize]); memcpy(bin.data.get(), start, nthsize); bins.push_back(std::move(bin)); } LOG(2) << "mpatch_flist" << std::endl; struct mpatch_flist *patch = mpatch_fold(&bins, getitem, 0, numtexts - 1); if (!patch) { return 0; } LOG(2) << "mpatch_calcsize" << std::endl; ssize_t outlen = mpatch_calcsize(bins[0].len, patch); LOG(2) << "outlen " << outlen << std::endl; if (outlen < 0 || outlen > MAX_OUTPUT_SIZE) { goto cleanup; } { char *dest = (char *)malloc(outlen); LOG(2) << "expecting " << outlen << " total bytes at " << (void *)dest << std::endl; mpatch_apply(dest, bins[0].data.get(), bins[0].len, patch); free(dest); LOG(1) << "applied a complete patch" << std::endl; } cleanup: mpatch_lfree(patch); return 0; } #ifdef HG_FUZZER_INCLUDE_MAIN int main(int argc, char **argv) { // One text, one patch. const char data[] = "\x02\x00\0x1\x00\x0d" // base text "a" // binary delta that will append a single b "\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01b"; return LLVMFuzzerTestOneInput((const uint8_t *)data, 19); } #endif } // extern "C"