From 400caed3e0f93093d98619524184bf44937470c8 Mon Sep 17 00:00:00 2001 From: lhchavez Date: Wed, 6 Dec 2017 03:22:58 +0000 Subject: libFuzzer: Fix a git_packfile_stream leak This change ensures that the git_packfile_stream object in git_indexer_append() does not leak when the stream has errors. Found using libFuzzer. --- tests/pack/indexer.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'tests') diff --git a/tests/pack/indexer.c b/tests/pack/indexer.c index c73d3974e..a28ee3e07 100644 --- a/tests/pack/indexer.c +++ b/tests/pack/indexer.c @@ -40,6 +40,17 @@ static const unsigned char thin_pack[] = { }; static const unsigned int thin_pack_len = 78; +/* + * Packfile that causes the packfile stream to open in a way in which it leaks + * the stream reader. + */ +static const unsigned char leaky_pack[] = { + 0x50, 0x41, 0x43, 0x4b, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, + 0xf4, 0xbd, 0x51, 0x51, 0x51, 0x51, 0x51, 0x72, 0x65, 0x41, 0x4b, 0x63, + 0x5f, 0x64, 0x65, 0x70, 0x74, 0x68, 0xbd, 0x41, 0x4b +}; +static const unsigned int leaky_pack_len = 33; + static const unsigned char base_obj[] = { 07, 076 }; static const unsigned int base_obj_len = 2; @@ -60,6 +71,22 @@ void test_pack_indexer__out_of_order(void) git_indexer_free(idx); } +void test_pack_indexer__leaky(void) +{ + git_indexer *idx = 0; + git_transfer_progress stats = { 0 }; + + cl_git_pass(git_indexer_new(&idx, ".", 0, NULL, NULL, NULL)); + cl_git_pass(git_indexer_append( + idx, leaky_pack, leaky_pack_len, &stats)); + cl_git_fail(git_indexer_commit(idx, &stats)); + + cl_assert(giterr_last() != NULL); + cl_assert_equal_i(giterr_last()->klass, GITERR_INDEXER); + + git_indexer_free(idx); +} + void test_pack_indexer__fix_thin(void) { git_indexer *idx = NULL; -- cgit v1.2.1