Commit Graph

14 Commits

Author SHA1 Message Date
Ammar Askar db72e58ea5
bpo-29505: Add fuzzer for ast.literal_eval (GH-28777)
This supercedes https://github.com/python/cpython/pull/3437 and fuzzes the method we recommend for unsafe inputs, `ast.literal_eval`. This should exercise the tokenizer and parser.
2021-10-06 16:22:09 -07:00
Dong-hee Na a0ccc404ca
bpo-44113: Update __xxtestfuzz not to use Py_SetProgramName (GH-26083) 2021-05-13 08:22:18 +09:00
Ikko Ashimine 232f4cb667
Fix typo in fuzzer.c (GH-25013) 2021-03-25 00:47:21 +09:00
Brandt Bucher c61ec7e6b8
bpo-43394: Fix -Wstrict-prototypes warnings (GH-24737) 2021-03-03 21:53:59 -08:00
Ammar Askar e263bb1e97
Fuzz struct.unpack and catch RecursionError in re.compile (GH-18679) 2020-02-27 23:05:02 -08:00
Petr Viktorin ffd9753a94
bpo-39245: Switch to public API for Vectorcall (GH-18460)
The bulk of this patch was generated automatically with:

    for name in \
        PyObject_Vectorcall \
        Py_TPFLAGS_HAVE_VECTORCALL \
        PyObject_VectorcallMethod \
        PyVectorcall_Function \
        PyObject_CallOneArg \
        PyObject_CallMethodNoArgs \
        PyObject_CallMethodOneArg \
    ;
    do
        echo $name
        git grep -lwz _$name | xargs -0 sed -i "s/\b_$name\b/$name/g"
    done

    old=_PyObject_FastCallDict
    new=PyObject_VectorcallDict
    git grep -lwz $old | xargs -0 sed -i "s/\b$old\b/$new/g"

and then cleaned up:

- Revert changes to in docs & news
- Revert changes to backcompat defines in headers
- Nudge misaligned comments
2020-02-11 17:46:57 +01:00
Brandt Bucher e5d1f734db bpo-38823: Clean up _xxtestfuzz initialization. (GH-17216)
https://bugs.python.org/issue38823
2019-11-20 16:17:02 -08:00
Min ho Kim 96e12d5f4f Fix typos in docs, comments and test assert messages (#14872) 2019-07-21 16:12:33 -04:00
Jeroen Demeyer 196a530e00 bpo-37483: add _PyObject_CallOneArg() function (#14558) 2019-07-04 19:31:34 +09:00
Ammar Askar 5cbbbd73a6 bpo-29505: Add more fuzzing for re.compile, re.load and csv.reader (GH-14255)
Add more fuzz testing for re.compile, re.load and csv.reader
2019-06-29 22:54:42 -07:00
Ammar Askar a6e190e94b bpo-29505: Fuzz json module, enforce size limit on int(x) fuzz (GH-13991)
* bpo-29505: Enable fuzz testing of the json module, enforce size limit on int(x) fuzz and json input size to avoid timeouts.

Contributed by by Ammar Askar for Google.
2019-06-11 21:30:34 -07:00
Ammar Askar a15a7bcaea bpo-29505: Fix interpreter in fuzzing targets to be relocatable (GH-13907) 2019-06-08 07:43:16 -07:00
Devin Jeanpierre 78ebc73f9b Avoid UB in test selection macro. (#3407)
This fixes the gcc "warning: this use of "defined" may not be portable [-Wexpansion-to-defined]"

See discussion in http://bugs.python.org/issue29505
2017-09-06 18:00:47 -07:00
Devin Jeanpierre c5bace2bf7 bpo-29505: Add fuzz tests for float(str), int(str), unicode(str) (#2878)
Add basic fuzz tests for a few common builtin functions.

This is an easy place to start, and these functions are probably safe.
We'll want to add more fuzz tests later.  Lets bootstrap using these.

While the fuzz tests are included in CPython and compiled / tested on a
very basic level inside CPython itself, the actual fuzzing happens as
part of oss-fuzz (https://github.com/google/oss-fuzz). The reason to
include the tests in CPython is to make sure that they're maintained
as part of the CPython project, especially when (as some eventually
will) they use internal implementation details in the test.

(This will be necessary sometimes because e.g. the fuzz test should
never enter Python's interpreter loop, whereas some APIs only expose
themselves publicly as Python functions.)

This particular set of changes is part of testing Python's builtins,
tracked internally at Google by b/37562550.

The _xxtestfuzz module that this change adds need not be shipped with binary distributions of Python.
2017-09-06 11:15:35 -07:00