procutil: compare fd number to see if stdio protection is needed (
issue5992)
When I wrote this function for commandserver at
69f86b937035, testing object
identity was suffice, and I was sloppy enough not to compare fileno() values.
However, it doesn't work in chg session because chgserver reopens stdio to
apply new buffering mode.
This patch partially fixes the issue 5992. Still we have another problem in
chgui._runsystem().
/*
* mpatch.cc - fuzzer harness for mpatch.c
*
* Copyright 2018, Google Inc.
*
* This software may be used and distributed according to the terms of
* the GNU General Public License, incorporated herein by reference.
*/
#include <iostream>
#include <memory>
#include <stdint.h>
#include <stdlib.h>
#include <vector>
#include "fuzzutil.h"
// To avoid having too many OOMs from the fuzzer infrastructure, we'll
// skip patch application if the resulting fulltext would be bigger
// than 10MiB.
#define MAX_OUTPUT_SIZE 10485760
extern "C" {
#include "bitmanipulation.h"
#include "mpatch.h"
struct mpatchbin {
std::unique_ptr<char[]> data;
size_t len;
};
static mpatch_flist *getitem(void *vbins, ssize_t pos)
{
std::vector<mpatchbin> *bins = (std::vector<mpatchbin> *)vbins;
const mpatchbin &bin = bins->at(pos + 1);
struct mpatch_flist *res;
LOG(2) << "mpatch_decode " << bin.len << std::endl;
if (mpatch_decode(bin.data.get(), bin.len, &res) < 0)
return NULL;
return res;
}
// input format:
// u8 number of inputs
// one u16 for each input, its length
// the inputs
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
if (!Size) {
return 0;
}
// First byte of data is how many texts we expect, first text
// being the base the rest being the deltas.
ssize_t numtexts = Data[0];
if (numtexts < 2) {
// No point if we don't have at least a base text and a delta...
return 0;
}
// Each text will be described by a byte for how long it
// should be, so give up if we don't have enough.
if ((Size - 1) < (numtexts * 2)) {
return 0;
}
size_t consumed = 1 + (numtexts * 2);
LOG(2) << "input contains " << Size << std::endl;
LOG(2) << numtexts << " texts, consuming " << consumed << std::endl;
std::vector<mpatchbin> bins;
bins.reserve(numtexts);
for (int i = 0; i < numtexts; ++i) {
mpatchbin bin;
size_t nthsize = getbeuint16((char *)Data + 1 + (2 * i));
LOG(2) << "text " << i << " is " << nthsize << std::endl;
char *start = (char *)Data + consumed;
consumed += nthsize;
if (consumed > Size) {
LOG(2) << "ran out of data, consumed " << consumed
<< " of " << Size << std::endl;
return 0;
}
bin.len = nthsize;
bin.data.reset(new char[nthsize]);
memcpy(bin.data.get(), start, nthsize);
bins.push_back(std::move(bin));
}
LOG(2) << "mpatch_flist" << std::endl;
struct mpatch_flist *patch =
mpatch_fold(&bins, getitem, 0, numtexts - 1);
if (!patch) {
return 0;
}
LOG(2) << "mpatch_calcsize" << std::endl;
ssize_t outlen = mpatch_calcsize(bins[0].len, patch);
LOG(2) << "outlen " << outlen << std::endl;
if (outlen < 0 || outlen > MAX_OUTPUT_SIZE) {
goto cleanup;
}
{
char *dest = (char *)malloc(outlen);
LOG(2) << "expecting " << outlen << " total bytes at "
<< (void *)dest << std::endl;
mpatch_apply(dest, bins[0].data.get(), bins[0].len, patch);
free(dest);
LOG(1) << "applied a complete patch" << std::endl;
}
cleanup:
mpatch_lfree(patch);
return 0;
}
#ifdef HG_FUZZER_INCLUDE_MAIN
int main(int argc, char **argv)
{
// One text, one patch.
const char data[] = "\x02\x00\0x1\x00\x0d"
// base text
"a"
// binary delta that will append a single b
"\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01b";
return LLVMFuzzerTestOneInput((const uint8_t *)data, 19);
}
#endif
} // extern "C"