contrib: add some basic scaffolding for some fuzz test targets
I'd like to get the majority of our C code covered by automated fuzz
testing. I've started with bdiff because it was already decoupled from
libpython and therefore was fairly quick to produce a working
fuzzer. The code here is a little odd because I've been having trouble
convincing libfuzzer to define a main and I threw in the towel.
This code will also work with github.com/google/oss-fuzz, and once it
lands in our main repo I intend to enable automated fuzzing in
oss-fuzz with reports going to our security alias.
Differential Revision: https://phab.mercurial-scm.org/D1875
/*
* bdiff.cc - fuzzer harness for bdiff.c
*
* Copyright 2018, Google Inc.
*
* This software may be used and distributed according to the terms of
* the GNU General Public License, incorporated herein by reference.
*/
#include <stdlib.h>
extern "C" {
#include "bdiff.h"
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
if (!Size) {
return 0;
}
// figure out a random point in [0, Size] to split our input.
size_t split = Data[0] / 255.0 * Size;
// left input to diff is data[1:split]
const uint8_t *left = Data + 1;
// which has len split-1
size_t left_size = split - 1;
// right starts at the next byte after left ends
const uint8_t *right = left + left_size;
size_t right_size = Size - split;
struct bdiff_line *a, *b;
int an = bdiff_splitlines((const char *)left, split - 1, &a);
int bn = bdiff_splitlines((const char *)right, right_size, &b);
struct bdiff_hunk l;
bdiff_diff(a, an, b, bn, &l);
free(a);
free(b);
bdiff_freehunks(l.next);
return 0; // Non-zero return values are reserved for future use.
}
#ifdef HG_FUZZER_INCLUDE_MAIN
int main(int argc, char **argv)
{
const char data[] = "asdf";
return LLVMFuzzerTestOneInput((const uint8_t *)data, 4);
}
#endif
} // extern "C"