Mercurial > hg

view contrib/fuzz/mpatch.cc @ 38727:fcb517ff9562

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
debug: move extensions debug behind a dedicated flag Since b86664c81833, we process the `--debug` flag earlier. This is overall good and useful, but has at least one negative side effect. Previously the debug message we report when trying to import extensions were issued before we processed the `--debug` flag. Now they happen after. Before: $ ./hg id --debug 21f507b8de2f9c1606e9aeb5ec7d2a6dedb7a4a7 tip After: $ ./hg id --debug ☿ (revset-bench) could not import hgext.evolve (No module named evolve): trying hgext3rd.evolve could not import hgext.mercurial_keyring (No module named mercurial_keyring): trying hgext3rd.mercurial_keyring could not import hgext3rd.mercurial_keyring (No module named mercurial_keyring): trying mercurial_keyring could not import hgext.hggit (No module named hggit): trying hgext3rd.hggit could not import hgext3rd.hggit (No module named hggit): trying hggit 21f507b8de2f9c1606e9aeb5ec7d2a6dedb7a4a7 tip (This get worse if --traceback is used). To work around this, we move this extensions related debug message behind a new flag 'devel.debug.extensions' and restore the previous output. I'm not fully happy about using the 'devel' section for a flag that can be used by legitimate users to debug extensions issues. However, it fits well next to other `devel.devel.*` options and is mostly used by extensions author anyway. We might move it to another, more appropriate section in the future (using alias).
author Boris Feld <boris.feld@octobus.net>
date Mon, 16 Jul 2018 18:02:30 +0200
parents 46dcb9f14900
children 51a99e09c54b
line wrap: on
line source

/*
 * mpatch.cc - fuzzer harness for mpatch.c
 *
 * Copyright 2018, Google Inc.
 *
 * This software may be used and distributed according to the terms of
 * the GNU General Public License, incorporated herein by reference.
 */
#include <iostream>
#include <memory>
#include <stdint.h>
#include <stdlib.h>
#include <vector>

#include "fuzzutil.h"

// To avoid having too many OOMs from the fuzzer infrastructure, we'll
// skip patch application if the resulting fulltext would be bigger
// than 10MiB.
#define MAX_OUTPUT_SIZE 10485760

extern "C" {
#include "bitmanipulation.h"
#include "mpatch.h"

struct mpatchbin {
	std::unique_ptr<char[]> data;
	size_t len;
};

static mpatch_flist *getitem(void *vbins, ssize_t pos)
{
	std::vector<mpatchbin> *bins = (std::vector<mpatchbin> *)vbins;
	const mpatchbin &bin = bins->at(pos + 1);
	struct mpatch_flist *res;
	LOG(2) << "mpatch_decode " << bin.len << std::endl;
	if (mpatch_decode(bin.data.get(), bin.len, &res) < 0)
		return NULL;
	return res;
}

// input format:
// u8 number of inputs
// one u16 for each input, its length
// the inputs
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
	if (!Size) {
		return 0;
	}
	// First byte of data is how many texts we expect, first text
	// being the base the rest being the deltas.
	ssize_t numtexts = Data[0];
	if (numtexts < 2) {
		// No point if we don't have at least a base text and a delta...
		return 0;
	}
	// Each text will be described by a byte for how long it
	// should be, so give up if we don't have enough.
	if ((Size - 1) < (numtexts * 2)) {
		return 0;
	}
	size_t consumed = 1 + (numtexts * 2);
	LOG(2) << "input contains " << Size << std::endl;
	LOG(2) << numtexts << " texts, consuming " << consumed << std::endl;
	std::vector<mpatchbin> bins;
	bins.reserve(numtexts);
	for (int i = 0; i < numtexts; ++i) {
		mpatchbin bin;
		size_t nthsize = getbeuint16((char *)Data + 1 + (2 * i));
		LOG(2) << "text " << i << " is " << nthsize << std::endl;
		char *start = (char *)Data + consumed;
		consumed += nthsize;
		if (consumed > Size) {
			LOG(2) << "ran out of data, consumed " << consumed
			       << " of " << Size << std::endl;
			return 0;
		}
		bin.len = nthsize;
		bin.data.reset(new char[nthsize]);
		memcpy(bin.data.get(), start, nthsize);
		bins.push_back(std::move(bin));
	}
	LOG(2) << "mpatch_flist" << std::endl;
	struct mpatch_flist *patch =
	    mpatch_fold(&bins, getitem, 0, numtexts - 1);
	if (!patch) {
		return 0;
	}
	LOG(2) << "mpatch_calcsize" << std::endl;
	ssize_t outlen = mpatch_calcsize(bins[0].len, patch);
	LOG(2) << "outlen " << outlen << std::endl;
	if (outlen < 0 || outlen > MAX_OUTPUT_SIZE) {
		goto cleanup;
	}
	{
		char *dest = (char *)malloc(outlen);
		LOG(2) << "expecting " << outlen << " total bytes at "
		       << (void *)dest << std::endl;
		mpatch_apply(dest, bins[0].data.get(), bins[0].len, patch);
		free(dest);
		LOG(1) << "applied a complete patch" << std::endl;
	}
cleanup:
	mpatch_lfree(patch);
	return 0;
}

#ifdef HG_FUZZER_INCLUDE_MAIN
int main(int argc, char **argv)
{
	// One text, one patch.
	const char data[] = "\x02\x00\0x1\x00\x0d"
	                    // base text
	                    "a"
	                    // binary delta that will append a single b
	                    "\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01b";
	return LLVMFuzzerTestOneInput((const uint8_t *)data, 19);
}
#endif

} // extern "C"