[tor-commits] [tor/master] Add fuzzers for consensus diff backend code
nickm at torproject.org
nickm at torproject.org
Thu Mar 16 19:01:08 UTC 2017
commit dd92579b63fa012bcbe081ab66ff40d6a036b765
Author: Nick Mathewson <nickm at torproject.org>
Date: Tue Mar 7 15:07:27 2017 -0500
Add fuzzers for consensus diff backend code
This takes two fuzzers: one which generates a diff and makes sure it
works, and one which applies a diff.
So far, they won't crash, but there's a bug in my
string-manipulation code someplace that I'm having to work around,
related to the case where you have a blank line at the end of a
file, or where you diff a file with itself.
---
src/test/fuzz/fuzz_diff.c | 67 +++++++++++++++++++++++++++++++++++++++++
src/test/fuzz/fuzz_diff_apply.c | 65 +++++++++++++++++++++++++++++++++++++++
src/test/fuzz/include.am | 47 ++++++++++++++++++++++++++++-
3 files changed, 178 insertions(+), 1 deletion(-)
diff --git a/src/test/fuzz/fuzz_diff.c b/src/test/fuzz/fuzz_diff.c
new file mode 100644
index 0000000..c241f63
--- /dev/null
+++ b/src/test/fuzz/fuzz_diff.c
@@ -0,0 +1,67 @@
+/* Copyright (c) 2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#define CONSDIFF_PRIVATE
+
+#include "orconfig.h"
+#include "or.h"
+#include "consdiff.h"
+
+#include "fuzzing.h"
+
+static int
+mock_consensus_compute_digest_(const char *c, consensus_digest_t *d)
+{
+ (void)c;
+ memset(d->sha3_256, 3, sizeof(d->sha3_256));
+ return 0;
+}
+
+int
+fuzz_init(void)
+{
+ MOCK(consensus_compute_digest, mock_consensus_compute_digest_);
+ return 0;
+}
+
+int
+fuzz_cleanup(void)
+{
+ UNMOCK(consensus_compute_digest);
+ return 0;
+}
+
+int
+fuzz_main(const uint8_t *stdin_buf, size_t data_size)
+{
+#define SEP "=====\n"
+#define SEPLEN strlen(SEP)
+ const uint8_t *separator = tor_memmem(stdin_buf, data_size, SEP, SEPLEN);
+ if (! separator)
+ return 0;
+ size_t c1_len = separator - stdin_buf;
+ char *c1 = tor_memdup_nulterm(stdin_buf, c1_len);
+ size_t c2_len = data_size - c1_len - SEPLEN;
+ char *c2 = tor_memdup_nulterm(separator + SEPLEN, c2_len);
+
+ char *c3 = consensus_diff_generate(c1, c2);
+
+ if (c3) {
+ char *c4 = consensus_diff_apply(c1, c3);
+ tor_assert(c4);
+ if (strcmp(c2, c4)) {
+ printf("%s\n", escaped(c1));
+ printf("%s\n", escaped(c2));
+ printf("%s\n", escaped(c3));
+ printf("%s\n", escaped(c4));
+ }
+ tor_assert(! strcmp(c2, c4));
+ tor_free(c3);
+ tor_free(c4);
+ }
+ tor_free(c1);
+ tor_free(c2);
+
+ return 0;
+}
+
diff --git a/src/test/fuzz/fuzz_diff_apply.c b/src/test/fuzz/fuzz_diff_apply.c
new file mode 100644
index 0000000..8d7bf75
--- /dev/null
+++ b/src/test/fuzz/fuzz_diff_apply.c
@@ -0,0 +1,65 @@
+/* Copyright (c) 2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#define CONSDIFF_PRIVATE
+
+#include "orconfig.h"
+#include "or.h"
+#include "consdiff.h"
+
+#include "fuzzing.h"
+
+static int
+mock_consensus_compute_digest_(const char *c, consensus_digest_t *d)
+{
+ (void)c;
+ memset(d->sha3_256, 3, sizeof(d->sha3_256));
+ return 0;
+}
+
+static int
+mock_consensus_digest_eq_(const uint8_t *a, const uint8_t *b)
+{
+ (void)a;
+ (void)b;
+ return 1;
+}
+
+int
+fuzz_init(void)
+{
+ MOCK(consensus_compute_digest, mock_consensus_compute_digest_);
+ MOCK(consensus_digest_eq, mock_consensus_digest_eq_);
+ return 0;
+}
+
+int
+fuzz_cleanup(void)
+{
+ UNMOCK(consensus_compute_digest);
+ UNMOCK(consensus_digest_eq);
+ return 0;
+}
+
+int
+fuzz_main(const uint8_t *stdin_buf, size_t data_size)
+{
+#define SEP "=====\n"
+#define SEPLEN strlen(SEP)
+ const uint8_t *separator = tor_memmem(stdin_buf, data_size, SEP, SEPLEN);
+ if (! separator)
+ return 0;
+ size_t c1_len = separator - stdin_buf;
+ char *c1 = tor_memdup_nulterm(stdin_buf, c1_len);
+ size_t c2_len = data_size - c1_len - SEPLEN;
+ char *c2 = tor_memdup_nulterm(separator + SEPLEN, c2_len);
+
+ char *c3 = consensus_diff_apply(c1, c2);
+
+ tor_free(c1);
+ tor_free(c2);
+ tor_free(c3);
+
+ return 0;
+}
+
diff --git a/src/test/fuzz/include.am b/src/test/fuzz/include.am
index 8067108..97afd18 100644
--- a/src/test/fuzz/include.am
+++ b/src/test/fuzz/include.am
@@ -48,6 +48,22 @@ src_test_fuzz_fuzz_descriptor_CFLAGS = $(FUZZING_CFLAGS)
src_test_fuzz_fuzz_descriptor_LDFLAGS = $(FUZZING_LDFLAG)
src_test_fuzz_fuzz_descriptor_LDADD = $(FUZZING_LIBS)
+src_test_fuzz_fuzz_diff_SOURCES = \
+ src/test/fuzz/fuzzing_common.c \
+ src/test/fuzz/fuzz_diff.c
+src_test_fuzz_fuzz_diff_CPPFLAGS = $(FUZZING_CPPFLAGS)
+src_test_fuzz_fuzz_diff_CFLAGS = $(FUZZING_CFLAGS)
+src_test_fuzz_fuzz_diff_LDFLAGS = $(FUZZING_LDFLAG)
+src_test_fuzz_fuzz_diff_LDADD = $(FUZZING_LIBS)
+
+src_test_fuzz_fuzz_diff_apply_SOURCES = \
+ src/test/fuzz/fuzzing_common.c \
+ src/test/fuzz/fuzz_diff_apply.c
+src_test_fuzz_fuzz_diff_apply_CPPFLAGS = $(FUZZING_CPPFLAGS)
+src_test_fuzz_fuzz_diff_apply_CFLAGS = $(FUZZING_CFLAGS)
+src_test_fuzz_fuzz_diff_apply_LDFLAGS = $(FUZZING_LDFLAG)
+src_test_fuzz_fuzz_diff_apply_LDADD = $(FUZZING_LIBS)
+
src_test_fuzz_fuzz_http_SOURCES = \
src/test/fuzz/fuzzing_common.c \
src/test/fuzz/fuzz_http.c
@@ -99,6 +115,8 @@ src_test_fuzz_fuzz_vrs_LDADD = $(FUZZING_LIBS)
FUZZERS = \
src/test/fuzz/fuzz-consensus \
src/test/fuzz/fuzz-descriptor \
+ src/test/fuzz/fuzz-diff \
+ src/test/fuzz/fuzz-diff-apply \
src/test/fuzz/fuzz-extrainfo \
src/test/fuzz/fuzz-http \
src/test/fuzz/fuzz-hsdescv2 \
@@ -106,7 +124,6 @@ FUZZERS = \
src/test/fuzz/fuzz-microdesc \
src/test/fuzz/fuzz-vrs
-
LIBFUZZER = /home/nickm/build/libfuzz/libFuzzer.a
LIBFUZZER_CPPFLAGS = $(FUZZING_CPPFLAGS) -DLLVM_FUZZ
LIBFUZZER_CFLAGS = $(FUZZING_CFLAGS)
@@ -128,6 +145,20 @@ src_test_fuzz_lf_fuzz_descriptor_CFLAGS = $(LIBFUZZER_CFLAGS)
src_test_fuzz_lf_fuzz_descriptor_LDFLAGS = $(LIBFUZZER_LDFLAG)
src_test_fuzz_lf_fuzz_descriptor_LDADD = $(LIBFUZZER_LIBS)
+src_test_fuzz_lf_fuzz_diff_SOURCES = \
+ $(src_test_fuzz_fuzz_diff_SOURCES)
+src_test_fuzz_lf_fuzz_diff_CPPFLAGS = $(LIBFUZZER_CPPFLAGS)
+src_test_fuzz_lf_fuzz_diff_CFLAGS = $(LIBFUZZER_CFLAGS)
+src_test_fuzz_lf_fuzz_diff_LDFLAGS = $(LIBFUZZER_LDFLAG)
+src_test_fuzz_lf_fuzz_diff_LDADD = $(LIBFUZZER_LIBS)
+
+src_test_fuzz_lf_fuzz_diff_apply_SOURCES = \
+ $(src_test_fuzz_fuzz_diff_apply_SOURCES)
+src_test_fuzz_lf_fuzz_diff_apply_CPPFLAGS = $(LIBFUZZER_CPPFLAGS)
+src_test_fuzz_lf_fuzz_diff_apply_CFLAGS = $(LIBFUZZER_CFLAGS)
+src_test_fuzz_lf_fuzz_diff_apply_LDFLAGS = $(LIBFUZZER_LDFLAG)
+src_test_fuzz_lf_fuzz_diff_apply_LDADD = $(LIBFUZZER_LIBS)
+
src_test_fuzz_lf_fuzz_extrainfo_SOURCES = \
$(src_test_fuzz_fuzz_extrainfo_SOURCES)
src_test_fuzz_lf_fuzz_extrainfo_CPPFLAGS = $(LIBFUZZER_CPPFLAGS)
@@ -172,6 +203,8 @@ src_test_fuzz_lf_fuzz_vrs_LDADD = $(LIBFUZZER_LIBS)
LIBFUZZER_FUZZERS = \
src/test/fuzz/lf-fuzz-consensus \
+ src/test/fuzz/lf-fuzz-diff \
+ src/test/fuzz/lf-fuzz-diff-apply \
src/test/fuzz/lf-fuzz-descriptor \
src/test/fuzz/lf-fuzz-extrainfo \
src/test/fuzz/lf-fuzz-http \
@@ -198,6 +231,16 @@ src_test_fuzz_liboss_fuzz_descriptor_a_SOURCES = \
src_test_fuzz_liboss_fuzz_descriptor_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS)
src_test_fuzz_liboss_fuzz_descriptor_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS)
+src_test_fuzz_liboss_fuzz_diff_a_SOURCES = \
+ $(src_test_fuzz_fuzz_diff_SOURCES)
+src_test_fuzz_liboss_fuzz_diff_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS)
+src_test_fuzz_liboss_fuzz_diff_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS)
+
+src_test_fuzz_liboss_fuzz_diff_apply_a_SOURCES = \
+ $(src_test_fuzz_fuzz_diff_apply_SOURCES)
+src_test_fuzz_liboss_fuzz_diff_apply_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS)
+src_test_fuzz_liboss_fuzz_diff_apply_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS)
+
src_test_fuzz_liboss_fuzz_extrainfo_a_SOURCES = \
$(src_test_fuzz_fuzz_extrainfo_SOURCES)
src_test_fuzz_liboss_fuzz_extrainfo_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS)
@@ -231,6 +274,8 @@ src_test_fuzz_liboss_fuzz_vrs_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS)
OSS_FUZZ_FUZZERS = \
src/test/fuzz/liboss-fuzz-consensus.a \
src/test/fuzz/liboss-fuzz-descriptor.a \
+ src/test/fuzz/liboss-fuzz-diff.a \
+ src/test/fuzz/liboss-fuzz-diff-apply.a \
src/test/fuzz/liboss-fuzz-extrainfo.a \
src/test/fuzz/liboss-fuzz-http.a \
src/test/fuzz/liboss-fuzz-hsdescv2.a \
More information about the tor-commits
mailing list