1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
/*
* libgit2 multi-pack-index fuzzer target.
*
* Copyright (C) the libgit2 contributors. All rights reserved.
*
* This file is part of libgit2, distributed under the GNU GPL v2 with
* a Linking Exception. For full terms see the included COPYING file.
*/
#include <stdio.h>
#include "git2.h"
#include "buffer.h"
#include "common.h"
#include "futils.h"
#include "hash.h"
#include "midx.h"
int LLVMFuzzerInitialize(int *argc, char ***argv)
{
GIT_UNUSED(argc);
GIT_UNUSED(argv);
if (git_libgit2_init() < 0) {
fprintf(stderr, "Failed to initialize libgit2\n");
abort();
}
return 0;
}
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
git_midx_file idx = {{0}};
git_midx_entry e;
git_buf midx_buf = GIT_BUF_INIT;
git_oid oid = {{0}};
bool append_hash = false;
if (size < 4)
return 0;
/*
* If the first byte in the stream has the high bit set, append the
* SHA1 hash so that the packfile is somewhat valid.
*/
append_hash = *data & 0x80;
/* Keep a 4-byte alignment to avoid unaligned accesses. */
data += 4;
size -= 4;
if (append_hash) {
if (git_buf_init(&midx_buf, size + sizeof(oid)) < 0)
goto cleanup;
if (git_hash_buf(&oid, data, size) < 0) {
fprintf(stderr, "Failed to compute the SHA1 hash\n");
abort();
}
memcpy(midx_buf.ptr, data, size);
memcpy(midx_buf.ptr + size, &oid, sizeof(oid));
} else {
git_buf_attach_notowned(&midx_buf, (char *)data, size);
}
if (git_midx_parse(&idx, (const unsigned char *)git_buf_cstr(&midx_buf), git_buf_len(&midx_buf)) < 0)
goto cleanup;
/* Search for any oid, just to exercise that codepath. */
if (git_midx_entry_find(&e, &idx, &oid, GIT_OID_HEXSZ) < 0)
goto cleanup;
cleanup:
git_midx_close(&idx);
git_buf_dispose(&midx_buf);
return 0;
}
|