D2632: fuzz: add a fuzzer for xdiff

Sun Mar 4 03:12:11 UTC 2018

durin42 created this revision.
Herald added a subscriber: mercurial-devel.
Herald added a reviewer: hg-reviewers.

REVISION SUMMARY
  Based entirely on the fuzzer for bdiff.

REPOSITORY
  rHG Mercurial

REVISION DETAIL
  https://phab.mercurial-scm.org/D2632

AFFECTED FILES
  contrib/fuzz/Makefile
  contrib/fuzz/xdiff.cc

CHANGE DETAILS

diff --git a/contrib/fuzz/xdiff.cc b/contrib/fuzz/xdiff.cc
new file mode 100644
--- /dev/null
+++ b/contrib/fuzz/xdiff.cc
@@ -0,0 +1,67 @@
+/*
+ * xdiff.cc - fuzzer harness for thirdparty/xdiff
+ *
+ * Copyright 2018, Google Inc.
+ *
+ * This software may be used and distributed according to the terms of
+ * the GNU General Public License, incorporated herein by reference.
+ */
+#include "thirdparty/xdiff/xdiff.h"
+#include <inttypes.h>
+#include <stdlib.h>
+
+extern "C" {
+
+int hunk_consumer(long a1, long a2, long b1, long b2, void *priv)
+{
+	// TODO: probably also test returning -1 from this when things break?
+	return 0;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
+	if (!Size) {
+		return 0;
+	}
+	// figure out a random point in [0, Size] to split our input.
+	size_t split = Data[0] / 255.0 * Size;
+
+	mmfile_t a, b;
+
+	// `a` input to diff is data[1:split]
+	a.ptr = (char *)Data + 1;
+	// which has len split-1
+	a.size = split - 1;
+	// `b` starts at the next byte after `a` ends
+	b.ptr = a.ptr + a.size;
+	b.size = Size - split;
+	xpparam_t xpp = {
+	    XDF_INDENT_HEURISTIC, /* flags */
+	    NULL,                 /* anchors */
+	    0,                    /* anchors_nr */
+	};
+	xdemitconf_t xecfg = {
+	    0,                  /* ctxlen */
+	    0,                  /* interhunkctxlen */
+	    XDL_EMIT_BDIFFHUNK, /* flags */
+	    NULL,               /* find_func */
+	    NULL,               /* find_func_priv */
+	    hunk_consumer,      /* hunk_consume_func */
+	};
+	xdemitcb_t ecb = {
+	    NULL, /* priv */
+	    NULL, /* outf */
+	};
+	xdl_diff(&a, &b, &xpp, &xecfg, &ecb);
+	return 0; // Non-zero return values are reserved for future use.
+}
+
+#ifdef HG_FUZZER_INCLUDE_MAIN
+int main(int argc, char **argv)
+{
+	const char data[] = "asdf";
+	return LLVMFuzzerTestOneInput((const uint8_t *)data, 4);
+}
+#endif
+
+} // extern "C"
diff --git a/contrib/fuzz/Makefile b/contrib/fuzz/Makefile
--- a/contrib/fuzz/Makefile
+++ b/contrib/fuzz/Makefile
@@ -13,8 +13,28 @@
 	$$CXX $$CXXFLAGS -std=c++11 -I../../mercurial bdiff.cc \
 	  bdiff-oss-fuzz.o -lFuzzingEngine -o $$OUT/bdiff_fuzzer
 
-all: bdiff
+x%.o: ../../mercurial/thirdparty/xdiff/x%.c ../../mercurial/thirdparty/xdiff/*.h
+	clang -g -O1 -fsanitize=fuzzer-no-link,address -c \
+	  -o $@ \
+	  $<
 
-oss-fuzz: bdiff_fuzzer
+xdiff: xdiff.cc xdiffi.o  xemit.o  xmerge.o  xprepare.o  xutils.o
+	clang -DHG_FUZZER_INCLUDE_MAIN=1 -g -O1 -fsanitize=fuzzer-no-link,address \
+	  -I../../mercurial xdiff.cc \
+	  xdiffi.o xemit.o xmerge.o xprepare.o xutils.o -o xdiff
+
+fuzz-x%.o: ../../mercurial/thirdparty/xdiff/x%.c ../../mercurial/thirdparty/xdiff/*.h
+	$$CC $$CFLAGS -c \
+	  -o $@ \
+	  $<
+
+xdiff_fuzzer: xdiff.cc fuzz-xdiffi.o  fuzz-xemit.o  fuzz-xmerge.o  fuzz-xprepare.o  fuzz-xutils.o
+	$$CXX $$CXXFLAGS -std=c++11 -I../../mercurial xdiff.cc \
+	  fuzz-xdiffi.o fuzz-xemit.o fuzz-xmerge.o fuzz-xprepare.o fuzz-xutils.o \
+	  -lFuzzingEngine -o $$OUT/xdiff_fuzzer
+
+all: bdiff xdiff
+
+oss-fuzz: bdiff_fuzzer xdiff_fuzzer
 
 .PHONY: all oss-fuzz



To: durin42, #hg-reviewers
Cc: mercurial-devel
