diff options
| author | Patrick Steinhardt <ps@pks.im> | 2018-08-24 09:29:32 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-08-24 09:29:32 +0200 |
| commit | 0036993b99967f9d159d42966dd4260909fad779 (patch) | |
| tree | 7db181f620588923fa111452fda0a5c30624a1c2 | |
| parent | 296cb5e69520fe228cc22d266468bd2adf0f6c1e (diff) | |
| parent | f556dea6e2ed885154dc29f6cef0b045e3d662c0 (diff) | |
| download | libgit2-0036993b99967f9d159d42966dd4260909fad779.tar.gz | |
Merge pull request #4752 from nelhage/fuzz-config
Add a fuzzer for config files
| -rw-r--r-- | fuzzers/config_file_fuzzer.c | 75 | ||||
| -rw-r--r-- | fuzzers/corpora/config_file/git2.dat | 11 |
2 files changed, 86 insertions, 0 deletions
diff --git a/fuzzers/config_file_fuzzer.c b/fuzzers/config_file_fuzzer.c new file mode 100644 index 000000000..30a47bf2e --- /dev/null +++ b/fuzzers/config_file_fuzzer.c @@ -0,0 +1,75 @@ +/* + * libgit2 config file parser fuzz target. + * + * Copyright (C) the libgit2 contributors. All rights reserved. + * + * This file is part of libgit2, distributed under the GNU GPL v2 with + * a Linking Exception. For full terms see the included COPYING file. + */ + +#include <git2.h> + +#include <stdlib.h> +#include <stdio.h> +#include <unistd.h> +#include <limits.h> +#include <errno.h> + +#define UNUSED(x) (void)(x) + +int foreach_cb(const git_config_entry *entry, void *payload) +{ + UNUSED(entry); + UNUSED(payload); + + return 0; +} + +static char path[] = "/tmp/git.XXXXXX"; +static int fd = -1; + +int LLVMFuzzerInitialize(int *argc, char ***argv) +{ + UNUSED(argc); + UNUSED(argv); + + if (git_libgit2_init() < 0) + abort(); + fd = mkstemp(path); + if (fd < 0) { + abort(); + } + + return 0; +} + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + git_config *cfg = NULL; + int err = 0; + size_t total = 0; + + if (ftruncate(fd, 0) !=0 ) { + abort(); + } + if (lseek(fd, 0, SEEK_SET) != 0) { + abort(); + } + + while (total < size) { + ssize_t written = write(fd, data, size); + if (written < 0 && errno != EINTR) + abort(); + if (written < 0) + continue; + total += written; + } + + err = git_config_open_ondisk(&cfg, path); + if (err == 0) { + git_config_foreach(cfg, foreach_cb, NULL); + git_config_free(cfg); + } + + return 0; +} diff --git a/fuzzers/corpora/config_file/git2.dat b/fuzzers/corpora/config_file/git2.dat new file mode 100644 index 000000000..e5561545f --- /dev/null +++ b/fuzzers/corpora/config_file/git2.dat @@ -0,0 +1,11 @@ +[core] + repositoryformatversion = 0 + filemode = true + bare = false + logallrefupdates = true +[remote "origin"] + url = git@github.com:libgit2/libgit2 + fetch = +refs/heads/*:refs/remotes/origin/* +[branch "master"] + remote = origin + merge = refs/heads/master |