Mercurial Mercurial > hg / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
contrib: add some basic scaffolding for some fuzz test targets
authorAugie Fackler <augie@google.com>
Wed, 17 Jan 2018 15:47:38 -0500
changeset 35670 2b9e2415f5b5
parent 35669 39499bc31fcd
child 35671 8810f0643fa1
contrib: add some basic scaffolding for some fuzz test targets I'd like to get the majority of our C code covered by automated fuzz testing. I've started with bdiff because it was already decoupled from libpython and therefore was fairly quick to produce a working fuzzer. The code here is a little odd because I've been having trouble convincing libfuzzer to define a main and I threw in the towel. This code will also work with github.com/google/oss-fuzz, and once it lands in our main repo I intend to enable automated fuzzing in oss-fuzz with reports going to our security alias. Differential Revision: https://phab.mercurial-scm.org/D1875
contrib/fuzz/Makefile file | annotate | diff | comparison | revisions
contrib/fuzz/bdiff.cc file | annotate | diff | comparison | revisions
tests/test-fuzz-targets.t file | annotate | diff | comparison | revisions 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/contrib/fuzz/Makefile	Wed Jan 17 15:47:38 2018 -0500
@@ -0,0 +1,20 @@
+bdiff.o: ../../mercurial/bdiff.c
+	clang -g -O1 -fsanitize=fuzzer-no-link,address -c -o bdiff.o \
+	  ../../mercurial/bdiff.c
+
+bdiff: bdiff.cc bdiff.o
+	clang -DHG_FUZZER_INCLUDE_MAIN=1 -g -O1 -fsanitize=fuzzer-no-link,address \
+	  -I../../mercurial bdiff.cc bdiff.o -o bdiff
+
+bdiff-oss-fuzz.o: ../../mercurial/bdiff.c
+	$$CC $$CFLAGS -c -o bdiff-oss-fuzz.o ../../mercurial/bdiff.c
+
+bdiff_fuzzer: bdiff.cc bdiff-oss-fuzz.o
+	$$CXX $$CXXFLAGS -std=c++11 -I../../mercurial bdiff.cc \
+	  bdiff-oss-fuzz.o -lFuzzingEngine -o $$OUT/bdiff_fuzzer
+
+all: bdiff
+
+oss-fuzz: bdiff_fuzzer
+
+.PHONY: all oss-fuzz
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/contrib/fuzz/bdiff.cc	Wed Jan 17 15:47:38 2018 -0500
@@ -0,0 +1,49 @@
+/*
+ * bdiff.cc - fuzzer harness for bdiff.c
+ *
+ * Copyright 2018, Google Inc.
+ *
+ * This software may be used and distributed according to the terms of
+ * the GNU General Public License, incorporated herein by reference.
+ */
+#include <stdlib.h>
+
+extern "C" {
+#include "bdiff.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
+	if (!Size) {
+		return 0;
+	}
+	// figure out a random point in [0, Size] to split our input.
+	size_t split = Data[0] / 255.0 * Size;
+
+	// left input to diff is data[1:split]
+	const uint8_t *left = Data + 1;
+	// which has len split-1
+	size_t left_size = split - 1;
+	// right starts at the next byte after left ends
+	const uint8_t *right = left + left_size;
+	size_t right_size = Size - split;
+
+	struct bdiff_line *a, *b;
+	int an = bdiff_splitlines((const char *)left, split - 1, &a);
+	int bn = bdiff_splitlines((const char *)right, right_size, &b);
+	struct bdiff_hunk l;
+	bdiff_diff(a, an, b, bn, &l);
+	free(a);
+	free(b);
+	bdiff_freehunks(l.next);
+	return 0; // Non-zero return values are reserved for future use.
+}
+
+#ifdef HG_FUZZER_INCLUDE_MAIN
+int main(int argc, char **argv)
+{
+	const char data[] = "asdf";
+	return LLVMFuzzerTestOneInput((const uint8_t *)data, 4);
+}
+#endif
+
+} // extern "C"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/test-fuzz-targets.t	Wed Jan 17 15:47:38 2018 -0500
@@ -0,0 +1,5 @@
+#require clang-libfuzzer test-repo
+  $ cd $TESTDIR/../contrib/fuzz
+  $ make
+Just run the fuzzer for five seconds to verify it works at all.
+  $ ./bdiff -max_total_time 5
Mercurial