[Toybox] patch and fuzz
enh
enh at google.com
Fri Jun 26 12:35:37 PDT 2020
toybox patch fails to apply the patch
https://android.googlesource.com/platform/external/snakeyaml/+/refs/heads/master/src/patches/android/Representer.patch
to the file https://android.googlesource.com/platform/external/snakeyaml/+/refs/heads/master/src/main/java/org/yaml/snakeyaml/representer/Representer.java.
the worst part is that it _thinks_ it succeeds :-(
the interesting bit happens when we come to apply this hunk:
@@ -15,7 +15,6 @@
*/
package org.yaml.snakeyaml.representer;
-import java.beans.IntrospectionException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
here:
package org.yaml.snakeyaml.representer;
import java.beans.IntrospectionException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
the eagle-eyed human will notice that there's an extra "Collections"
in the actual file that isn't in the patch, because the patch was
actually against an older version of the source.
the bug is that toybox drops that new line in its output.
it reads it:
MAYBE:
IN: import java.beans.IntrospectionException;
MAYBE: -import java.beans.IntrospectionException;
IN: import java.util.ArrayList;
MAYBE: import java.util.ArrayList;
IN: import java.util.Arrays;
MAYBE: import java.util.Arrays;
IN: import java.util.Collections;
FUZZED: 21 import java.util.Iterator;
but then it does a `goto fuzzed` and explicitly drops that line it
just read. which is clearly wrong here, but the code comment
explicitly calls out this behavior:
// If match failed, flush first line of buffered data and
// recheck buffered data for a new match until we find one or run
// out of buffer.
so i'm not quite sure i understand the intended logic here. when would
you ever want to drop an input line that doesn't have a '-' or '+'
line in the hunk?
More information about the Toybox
mailing list