fixed test/cli/fuzz_test.py not triggering all the crashes / minimi…

…zed fuzz data / fixed another fuzzing crash / fixed fuzzing timeout test (#6018) Not all the crashes were triggered by the test as the input has to be treated as C++. Also fixed another crash which was triggered by the reduced `crash-9ef938bba7d752386e24f2438c73cec66f6b972b`.
danmar · Feb 22, 2024 · 7ebb7bf · 7ebb7bf
1 parent 8d079f2
commit 7ebb7bf
Show file tree

Hide file tree

Showing 10 changed files with 32 additions and 18 deletions.
diff --git a/lib/programmemory.cpp b/lib/programmemory.cpp
@@ -274,6 +274,8 @@ static bool isBasicForLoop(const Token* tok)
 void programMemoryParseCondition(ProgramMemory& pm, const Token* tok, const Token* endTok, const Settings* settings, bool then)
 {
     auto eval = [&](const Token* t) -> std::vector<MathLib::bigint> {
+        if (!t)
+            return std::vector<MathLib::bigint>{};
         if (t->hasKnownIntValue())
             return {t->values().front().intvalue};
         MathLib::bigint result = 0;

diff --git a/test/cli/fuzz-crash/crash-15d71125ba17344f02417a9d46443cdaa30aa17f b/test/cli/fuzz-crash/crash-15d71125ba17344f02417a9d46443cdaa30aa17f
diff --git a/test/cli/fuzz-crash/crash-26edfe9761d3b681c841dfe80398847dee332f83 b/test/cli/fuzz-crash/crash-26edfe9761d3b681c841dfe80398847dee332f83
diff --git a/test/cli/fuzz-crash/crash-3ea64296c8518edb538e0047c3eba0792d5deeba b/test/cli/fuzz-crash/crash-3ea64296c8518edb538e0047c3eba0792d5deeba
diff --git a/test/cli/fuzz-crash/crash-7ead2ccf9be8b03b2d9c8c82891f58081390a560 b/test/cli/fuzz-crash/crash-7ead2ccf9be8b03b2d9c8c82891f58081390a560
diff --git a/test/cli/fuzz-crash/crash-8a24e81ac1d7627233a227e6cc156dd20d57b058 b/test/cli/fuzz-crash/crash-8a24e81ac1d7627233a227e6cc156dd20d57b058
@@ -1,2 +1 @@
-#i~clude <std*c =           nt rerd*c =           nt rern register 
-n**************&******* register 
+r*register
diff --git a/test/cli/fuzz-crash/crash-9ef938bba7d752386e24f2438c73cec66f6b972b b/test/cli/fuzz-crash/crash-9ef938bba7d752386e24f2438c73cec66f6b972b
@@ -1,12 +1 @@
-#include <?ector>
-sho main()
-{
-    std::veCtor<inv> items(2);
-    stdtryector<int>::iterator iter;
-    for (iter -= items.begin(); i&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&ter != items.end();) {
-        if (*iter == 2) {
-            iter = items.erase//(iter);
-        } else {
-             }
-    }
-}
+o n(){r<>items;t iter;for(&&){iter=items.g}}
diff --git a/test/cli/fuzz-crash/crash-e4a26f2d7d0a73836bf086f54e48204d8914b95a b/test/cli/fuzz-crash/crash-e4a26f2d7d0a73836bf086f54e48204d8914b95a
diff --git a/test/cli/fuzz_test.py b/test/cli/fuzz_test.py
@@ -11,7 +11,7 @@ def test_fuzz_crash():
 
     fuzz_crash_dir = os.path.join(__script_dir, 'fuzz-crash')
     for f in os.listdir(fuzz_crash_dir):
-        ret, stdout, _ = cppcheck(['-q', '--enable=all', '--inconclusive', f], cwd=fuzz_crash_dir)
+        ret, stdout, _ = cppcheck(['-q', '--language=c++', '--enable=all', '--inconclusive', f], cwd=fuzz_crash_dir)
         if ret != 0:
             failures[f] = stdout
 
@@ -27,7 +27,7 @@ def test_fuzz_timeout():
         return
     for f in os.listdir(fuzz_timeout_dir):
         try:
-            ret, stdout, _ = cppcheck(['-q', '--enable=all', '--inconclusive', f], cwd=fuzz_timeout_dir, timeout=5)
+            ret, stdout, _ = cppcheck(['-q', '--language=c++', '--enable=all', '--inconclusive', f], cwd=fuzz_timeout_dir, timeout=5)
         except subprocess.TimeoutExpired:
             failures.append(f)
 

diff --git a/test/cli/testutils.py b/test/cli/testutils.py
@@ -1,5 +1,6 @@
 import logging
 import os
+import signal
 import subprocess
 
 # Create Cppcheck project file
@@ -78,7 +79,30 @@ def cppcheck(args, env=None, remove_checkers_report=True, cwd=None, cppcheck_exe
 
     logging.info(exe + ' ' + ' '.join(args))
     p = subprocess.Popen([exe] + args, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env, cwd=cwd)
-    comm = p.communicate(timeout=timeout)
+    try:
+        comm = p.communicate(timeout=timeout)
+        return_code = p.returncode
+        p = None
+    except subprocess.TimeoutExpired:
+        import psutil
+        # terminate all the child processes
+        child_procs = psutil.Process(p.pid).children(recursive=True)
+        if len(child_procs) > 0:
+            for child in child_procs:
+                child.terminate()
+            try:
+                # call with timeout since it might be stuck
+                p.communicate(timeout=5)
+                p = None
+            except subprocess.TimeoutExpired:
+                pass
+        raise
+    finally:
+        if p:
+            # sending the signal to the process groups causes the parent Python process to terminate as well
+            #os.killpg(os.getpgid(p.pid), signal.SIGTERM)  # Send the signal to all the process groups
+            p.terminate()
+            comm = p.communicate()
     stdout = comm[0].decode(encoding='utf-8', errors='ignore').replace('\r\n', '\n')
     stderr = comm[1].decode(encoding='utf-8', errors='ignore').replace('\r\n', '\n')
     if remove_checkers_report:
@@ -95,7 +119,7 @@ def cppcheck(args, env=None, remove_checkers_report=True, cwd=None, cppcheck_exe
                 stderr = ''
             elif stderr[pos - 1] == '\n':
                 stderr = stderr[:pos]
-    return p.returncode, stdout, stderr
+    return return_code, stdout, stderr
 
 
 def assert_cppcheck(args, ec_exp=None, out_exp=None, err_exp=None, env=None):