Commit Graph

18 Commits

Author SHA1 Message Date
Victor Stinner
89f9875448
gh-106320: Move private _PyHash API to the internal C API (#107026)
* No longer export most private _PyHash symbols, only export the ones
  which are needed by shared extensions.
* Modules/_xxtestfuzz/fuzzer.c now uses the internal C API.
2023-07-22 13:49:37 +00:00
Inada Naoki
d5bd32fb48
gh-104922: remove PY_SSIZE_T_CLEAN (#106315) 2023-07-02 15:07:46 +09:00
Irit Katriel
81fc135f26
gh-104051: fix crash in test_xxtestfuzz with -We (#104052) 2023-05-05 11:34:13 +01:00
Gregory P. Smith
bee1070289
gh-73691: Increase size limits in _xxtestfuzz (#99070)
Now that our int<->str conversions are size limited and we have the
_pylong module handling larger integers, we don't need to limit
everything just to avoid wasting time in the quadratic time DoS-like
case while fuzzing.

We can tweak these further after seeing how this goes.
2022-11-03 14:41:20 -07:00
Ammar Askar
db72e58ea5
bpo-29505: Add fuzzer for ast.literal_eval (GH-28777)
This supercedes https://github.com/python/cpython/pull/3437 and fuzzes the method we recommend for unsafe inputs, `ast.literal_eval`. This should exercise the tokenizer and parser.
2021-10-06 16:22:09 -07:00
Dong-hee Na
a0ccc404ca
bpo-44113: Update __xxtestfuzz not to use Py_SetProgramName (GH-26083) 2021-05-13 08:22:18 +09:00
Ikko Ashimine
232f4cb667
Fix typo in fuzzer.c (GH-25013) 2021-03-25 00:47:21 +09:00
Brandt Bucher
c61ec7e6b8
bpo-43394: Fix -Wstrict-prototypes warnings (GH-24737) 2021-03-03 21:53:59 -08:00
Ammar Askar
e263bb1e97
Fuzz struct.unpack and catch RecursionError in re.compile (GH-18679) 2020-02-27 23:05:02 -08:00
Petr Viktorin
ffd9753a94
bpo-39245: Switch to public API for Vectorcall (GH-18460)
The bulk of this patch was generated automatically with:

    for name in \
        PyObject_Vectorcall \
        Py_TPFLAGS_HAVE_VECTORCALL \
        PyObject_VectorcallMethod \
        PyVectorcall_Function \
        PyObject_CallOneArg \
        PyObject_CallMethodNoArgs \
        PyObject_CallMethodOneArg \
    ;
    do
        echo $name
        git grep -lwz _$name | xargs -0 sed -i "s/\b_$name\b/$name/g"
    done

    old=_PyObject_FastCallDict
    new=PyObject_VectorcallDict
    git grep -lwz $old | xargs -0 sed -i "s/\b$old\b/$new/g"

and then cleaned up:

- Revert changes to in docs & news
- Revert changes to backcompat defines in headers
- Nudge misaligned comments
2020-02-11 17:46:57 +01:00
Brandt Bucher
e5d1f734db bpo-38823: Clean up _xxtestfuzz initialization. (GH-17216)
https://bugs.python.org/issue38823
2019-11-20 16:17:02 -08:00
Min ho Kim
96e12d5f4f Fix typos in docs, comments and test assert messages (#14872) 2019-07-21 16:12:33 -04:00
Jeroen Demeyer
196a530e00 bpo-37483: add _PyObject_CallOneArg() function (#14558) 2019-07-04 19:31:34 +09:00
Ammar Askar
5cbbbd73a6 bpo-29505: Add more fuzzing for re.compile, re.load and csv.reader (GH-14255)
Add more fuzz testing for re.compile, re.load and csv.reader
2019-06-29 22:54:42 -07:00
Ammar Askar
a6e190e94b bpo-29505: Fuzz json module, enforce size limit on int(x) fuzz (GH-13991)
* bpo-29505: Enable fuzz testing of the json module, enforce size limit on int(x) fuzz and json input size to avoid timeouts.

Contributed by by Ammar Askar for Google.
2019-06-11 21:30:34 -07:00
Ammar Askar
a15a7bcaea bpo-29505: Fix interpreter in fuzzing targets to be relocatable (GH-13907) 2019-06-08 07:43:16 -07:00
Devin Jeanpierre
78ebc73f9b Avoid UB in test selection macro. (#3407)
This fixes the gcc "warning: this use of "defined" may not be portable [-Wexpansion-to-defined]"

See discussion in http://bugs.python.org/issue29505
2017-09-06 18:00:47 -07:00
Devin Jeanpierre
c5bace2bf7 bpo-29505: Add fuzz tests for float(str), int(str), unicode(str) (#2878)
Add basic fuzz tests for a few common builtin functions.

This is an easy place to start, and these functions are probably safe.
We'll want to add more fuzz tests later.  Lets bootstrap using these.

While the fuzz tests are included in CPython and compiled / tested on a
very basic level inside CPython itself, the actual fuzzing happens as
part of oss-fuzz (https://github.com/google/oss-fuzz). The reason to
include the tests in CPython is to make sure that they're maintained
as part of the CPython project, especially when (as some eventually
will) they use internal implementation details in the test.

(This will be necessary sometimes because e.g. the fuzz test should
never enter Python's interpreter loop, whereas some APIs only expose
themselves publicly as Python functions.)

This particular set of changes is part of testing Python's builtins,
tracked internally at Google by b/37562550.

The _xxtestfuzz module that this change adds need not be shipped with binary distributions of Python.
2017-09-06 11:15:35 -07:00