diff options
author | Augie Fackler <augie@google.com> | 2019-10-15 16:22:35 -0400 |
---|---|---|
committer | Augie Fackler <augie@google.com> | 2019-10-17 15:02:36 -0400 |
commit | 92e011a715e8935f2c64c410625dc6911b6e616c (patch) | |
tree | ba143126c47b465661e6b1bc2de587714754eac9 | |
parent | ef5a3851fdece852569ffebf3537883223744a7a (diff) | |
download | libgit2-92e011a715e8935f2c64c410625dc6911b6e616c.tar.gz |
fuzzers: add a new fuzzer for patch parsing
I was looking at this code anyway because the sr.ht people nerdsniped
me, and it gave me that "I should fuzz this" feeling. So have a fuzzer!
-rw-r--r-- | fuzzers/corpora/patch_parse/edit-file.diff | 13 | ||||
-rw-r--r-- | fuzzers/corpora/patch_parse/patch_fuzzer-patch.diff | 45 | ||||
-rw-r--r-- | fuzzers/patch_parse_fuzzer.c | 38 |
3 files changed, 96 insertions, 0 deletions
diff --git a/fuzzers/corpora/patch_parse/edit-file.diff b/fuzzers/corpora/patch_parse/edit-file.diff new file mode 100644 index 000000000..d9e783a7f --- /dev/null +++ b/fuzzers/corpora/patch_parse/edit-file.diff @@ -0,0 +1,13 @@ +diff --git a/fuzzers/patch_fuzzer.c b/fuzzers/patch_fuzzer.c +index 76186b6fb..f7ce73ac8 100644 +--- a/fuzzers/patch_fuzzer.c ++++ b/fuzzers/patch_fuzzer.c +@@ -32,7 +32,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) + git_patch* patch; + git_patch_options opts = {(uint32_t)data[0]}; + int status = git_patch_from_buffer(&patch, (const char*)data+1, size-1, &opts); +- if (status == 0 && patch) { ++ if (patch) { + git_patch_free(patch); + } + return 0; diff --git a/fuzzers/corpora/patch_parse/patch_fuzzer-patch.diff b/fuzzers/corpora/patch_parse/patch_fuzzer-patch.diff new file mode 100644 index 000000000..7c98d8ad4 --- /dev/null +++ b/fuzzers/corpora/patch_parse/patch_fuzzer-patch.diff @@ -0,0 +1,45 @@ +diff --git a/fuzzers/patch_fuzzer.c b/fuzzers/patch_fuzzer.c +new file mode 100644 +index 000000000..76186b6fb +--- /dev/null ++++ b/fuzzers/patch_fuzzer.c +@@ -0,0 +1,39 @@ ++/* ++ * libgit2 patch fuzzer target. ++ * ++ * Copyright (C) the libgit2 contributors. All rights reserved. ++ * ++ * This file is part of libgit2, distributed under the GNU GPL v2 with ++ * a Linking Exception. For full terms see the included COPYING file. ++ */ ++ ++#include "git2.h" ++#include "patch.h" ++#include "patch_parse.h" ++ ++#define UNUSED(x) (void)(x) ++ ++int LLVMFuzzerInitialize(int *argc, char ***argv) ++{ ++ UNUSED(argc); ++ UNUSED(argv); ++ ++ if (git_libgit2_init() < 0) ++ abort(); ++ ++ return 0; ++} ++ ++int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) ++{ ++ if (size < 1) { ++ return 0; ++ } ++ git_patch* patch; ++ git_patch_options opts = {(uint32_t)data[0]}; ++ int status = git_patch_from_buffer(&patch, (const char*)data+1, size-1, &opts); ++ if (status == 0 && patch) { ++ git_patch_free(patch); ++ } ++ return 0; ++} diff --git a/fuzzers/patch_parse_fuzzer.c b/fuzzers/patch_parse_fuzzer.c new file mode 100644 index 000000000..a9b02ad4d --- /dev/null +++ b/fuzzers/patch_parse_fuzzer.c @@ -0,0 +1,38 @@ +/* + * libgit2 patch parser fuzzer target. + * + * Copyright (C) the libgit2 contributors. All rights reserved. + * + * This file is part of libgit2, distributed under the GNU GPL v2 with + * a Linking Exception. For full terms see the included COPYING file. + */ + +#include "git2.h" +#include "patch.h" +#include "patch_parse.h" + +#define UNUSED(x) (void)(x) + +int LLVMFuzzerInitialize(int *argc, char ***argv) +{ + UNUSED(argc); + UNUSED(argv); + + if (git_libgit2_init() < 0) + abort(); + + return 0; +} + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + if (size) { + git_patch *patch = NULL; + git_patch_options opts = GIT_PATCH_OPTIONS_INIT; + opts.prefix_len = (uint32_t)data[0]; + git_patch_from_buffer(&patch, (const char *)data + 1, size - 1, + &opts); + git_patch_free(patch); + } + return 0; +} |