Skip to content

G
git2
Commit 59328ed8 by Patrick Steinhardt
Options

fuzzers: rename "fuzz" directory to match our style 

Our layout uses names like "examples" or "tests" which is why the "fuzz"
directory doesn't really fit in here. Rename the directory to be called
"fuzzers" instead. Furthermore, we rename the fuzzer "fuzz_packfile_raw"
to "packfile_raw_fuzzer", which is also in line with the already
existing fuzzer at google/oss-fuzz.

While at it, rename the "packfile_raw" fuzzer to instead just be called
"packfile" fuzzer.
parent 60e610a2
Showing with 232 additions and 233 deletions
CMakeLists.txt
......@@ -312,7 +312,7 @@ IF(BUILD_FUZZERS)
MESSAGE(FATAL_ERROR "Cannot build the fuzzer targets and the tests together")
ENDIF()
ENDIF()
ADD_SUBDIRECTORY(fuzz)
ADD_SUBDIRECTORY(fuzzers)
ENDIF()
IF(CMAKE_VERSION VERSION_GREATER 3)
......
ci/test.sh
......@@ -190,9 +190,8 @@ if [ -z "$SKIP_FUZZERS" ]; then
echo "## Running fuzzers"
echo "##############################################################################"
for fuzzer in $(find ./fuzz/ -type f -executable); do
fuzzer_name=$(basename "${fuzzer}")
"${fuzzer}" "../fuzz/corpora/${fuzzer_name}" || die $?
for fuzzer in fuzzers/*_fuzzer; do
"${fuzzer}" "../fuzzers/corpora/$(basename "${fuzzer%_fuzzer}")" || die $?
done
fi
......
fuzz/fuzz_packfile_raw.c deleted 100644 → 0
/*
* libgit2 raw packfile fuzz target.
*
* Copyright (C) the libgit2 contributors. All rights reserved.
*
* This file is part of libgit2, distributed under the GNU GPL v2 with
* a Linking Exception. For full terms see the included COPYING file.
*/
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include "fileops.h"
#include "hash.h"
#include "git2.h"
#include "git2/sys/mempack.h"
static git_odb *odb = NULL;
static git_odb_backend *mempack = NULL;
/* Arbitrary object to seed the ODB. */
static const unsigned char base_obj[] = { 07, 076 };
static const unsigned int base_obj_len = 2;
int LLVMFuzzerInitialize(int *argc, char ***argv)
{
GIT_UNUSED(argc);
GIT_UNUSED(argv);
if (git_libgit2_init() < 0) {
fprintf(stderr, "Failed to initialize libgit2\n");
abort();
}
if (git_odb_new(&odb) < 0) {
fprintf(stderr, "Failed to create the odb\n");
abort();
}
if (git_mempack_new(&mempack) < 0) {
fprintf(stderr, "Failed to create the mempack\n");
abort();
}
if (git_odb_add_backend(odb, mempack, 999) < 0) {
fprintf(stderr, "Failed to add the mempack\n");
abort();
}
return 0;
}
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
git_indexer *indexer = NULL;
git_transfer_progress stats = {0, 0};
bool append_hash = false;
git_oid id;
char hash[GIT_OID_HEXSZ + 1] = {0};
char path[PATH_MAX];
if (size == 0)
return 0;
if (!odb || !mempack) {
fprintf(stderr, "Global state not initialized\n");
abort();
}
git_mempack_reset(mempack);
if (git_odb_write(&id, odb, base_obj, base_obj_len, GIT_OBJ_BLOB) < 0) {
fprintf(stderr, "Failed to add an object to the odb\n");
abort();
}
if (git_indexer_new(&indexer, ".", 0, odb, NULL, NULL) < 0) {
fprintf(stderr, "Failed to create the indexer: %s\n",
giterr_last()->message);
abort();
}
/*
* If the first byte in the stream has the high bit set, append the
* SHA1 hash so that the packfile is somewhat valid.
*/
append_hash = *data & 0x80;
++data;
--size;
if (git_indexer_append(indexer, data, size, &stats) < 0)
goto cleanup;
if (append_hash) {
git_oid oid;
if (git_hash_buf(&oid, data, size) < 0) {
fprintf(stderr, "Failed to compute the SHA1 hash\n");
abort();
}
if (git_indexer_append(indexer, &oid, sizeof(oid), &stats) < 0) {
goto cleanup;
}
}
if (git_indexer_commit(indexer, &stats) < 0)
goto cleanup;
/*
* We made it! We managed to produce a valid packfile.
* Let's clean it up.
*/
git_oid_fmt(hash, git_indexer_hash(indexer));
printf("Generated packfile %s\n", hash);
snprintf(path, sizeof(path), "pack-%s.idx", hash);
unlink(path);
snprintf(path, sizeof(path), "pack-%s.pack", hash);
unlink(path);
cleanup:
git_mempack_reset(mempack);
git_indexer_free(indexer);
return 0;
}
fuzz/standalone_driver.c deleted 100644 → 0
/*
* Copyright (C) the libgit2 contributors. All rights reserved.
*
* This file is part of libgit2, distributed under the GNU GPL v2 with
* a Linking Exception. For full terms see the included COPYING file.
*/
#include <assert.h>
#include <dirent.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include "fileops.h"
#include "path.h"
extern int LLVMFuzzerTestOneInput(const unsigned char *data, size_t size);
extern int LLVMFuzzerInitialize(int *argc, char ***argv);
static int run_one_file(const char *filename)
{
git_buf buf = GIT_BUF_INIT;
int error = 0;
if (git_futils_readbuffer(&buf, filename) < 0) {
fprintf(stderr, "Failed to read %s: %m\n", filename);
error = -1;
goto exit;
}
LLVMFuzzerTestOneInput((const unsigned char *)buf.ptr, buf.size);
exit:
git_buf_dispose(&buf);
return error;
}
int main(int argc, char **argv)
{
git_vector corpus_files = GIT_VECTOR_INIT;
char *filename = NULL;
unsigned i = 0;
int error = 0;
if (argc != 2) {
fprintf(stderr, "Usage: %s <corpus directory>\n", argv[0]);
error = -1;
goto exit;
}
fprintf(stderr, "Running %s against %s\n", argv[0], argv[1]);
LLVMFuzzerInitialize(&argc, &argv);
if (git_path_dirload(&corpus_files, argv[1], 0, 0x0) < 0) {
fprintf(stderr, "Failed to scan corpus directory: %m\n");
error = -1;
goto exit;
}
git_vector_foreach(&corpus_files, i, filename) {
fprintf(stderr, "\tRunning %s...\n", filename);
if (run_one_file(filename) < 0) {
error = -1;
goto exit;
}
}
fprintf(stderr, "Done %d runs\n", i);
exit:
git_vector_free_deep(&corpus_files);
return error;
}
fuzz/CMakeLists.txt fuzzers/CMakeLists.txt
LINK_DIRECTORIES(${LIBGIT2_LIBDIRS})
INCLUDE_DIRECTORIES(${LIBGIT2_INCLUDES})
FILE(GLOB SRC_FUZZ RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} fuzz_*.c)
FILE(GLOB SRC_FUZZ RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} *_fuzzer.c)
FOREACH(fuzz_target_src ${SRC_FUZZ})
STRING(REPLACE ".c" "" fuzz_target_name ${fuzz_target_src})
SET(${fuzz_target_name}_SOURCES ${fuzz_target_src} ${LIBGIT2_OBJECTS})
......
fuzzers/packfile_fuzzer.c 0 → 100644
/*
* libgit2 packfile fuzzer target.
*
* Copyright (C) the libgit2 contributors. All rights reserved.
*
* This file is part of libgit2, distributed under the GNU GPL v2 with
* a Linking Exception. For full terms see the included COPYING file.
*/
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include "fileops.h"
#include "hash.h"
#include "git2.h"
#include "git2/sys/mempack.h"
static git_odb *odb = NULL;
static git_odb_backend *mempack = NULL;
/* Arbitrary object to seed the ODB. */
static const unsigned char base_obj[] = { 07, 076 };
static const unsigned int base_obj_len = 2;
int LLVMFuzzerInitialize(int *argc, char ***argv)
{
GIT_UNUSED(argc);
GIT_UNUSED(argv);
if (git_libgit2_init() < 0) {
fprintf(stderr, "Failed to initialize libgit2\n");
abort();
}
if (git_odb_new(&odb) < 0) {
fprintf(stderr, "Failed to create the odb\n");
abort();
}
if (git_mempack_new(&mempack) < 0) {
fprintf(stderr, "Failed to create the mempack\n");
abort();
}
if (git_odb_add_backend(odb, mempack, 999) < 0) {
fprintf(stderr, "Failed to add the mempack\n");
abort();
}
return 0;
}
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
git_indexer *indexer = NULL;
git_transfer_progress stats = {0, 0};
bool append_hash = false;
git_oid id;
char hash[GIT_OID_HEXSZ + 1] = {0};
char path[PATH_MAX];
if (size == 0)
return 0;
if (!odb || !mempack) {
fprintf(stderr, "Global state not initialized\n");
abort();
}
git_mempack_reset(mempack);
if (git_odb_write(&id, odb, base_obj, base_obj_len, GIT_OBJ_BLOB) < 0) {
fprintf(stderr, "Failed to add an object to the odb\n");
abort();
}
if (git_indexer_new(&indexer, ".", 0, odb, NULL, NULL) < 0) {
fprintf(stderr, "Failed to create the indexer: %s\n",
giterr_last()->message);
abort();
}
/*
* If the first byte in the stream has the high bit set, append the
* SHA1 hash so that the packfile is somewhat valid.
*/
append_hash = *data & 0x80;
++data;
--size;
if (git_indexer_append(indexer, data, size, &stats) < 0)
goto cleanup;
if (append_hash) {
git_oid oid;
if (git_hash_buf(&oid, data, size) < 0) {
fprintf(stderr, "Failed to compute the SHA1 hash\n");
abort();
}
if (git_indexer_append(indexer, &oid, sizeof(oid), &stats) < 0) {
goto cleanup;
}
}
if (git_indexer_commit(indexer, &stats) < 0)
goto cleanup;
/*
* We made it! We managed to produce a valid packfile.
* Let's clean it up.
*/
git_oid_fmt(hash, git_indexer_hash(indexer));
printf("Generated packfile %s\n", hash);
snprintf(path, sizeof(path), "pack-%s.idx", hash);
unlink(path);
snprintf(path, sizeof(path), "pack-%s.pack", hash);
unlink(path);
cleanup:
git_mempack_reset(mempack);
git_indexer_free(indexer);
return 0;
}
fuzzers/standalone_driver.c 0 → 100644
/*
* Copyright (C) the libgit2 contributors. All rights reserved.
*
* This file is part of libgit2, distributed under the GNU GPL v2 with
* a Linking Exception. For full terms see the included COPYING file.
*/
#include <assert.h>
#include <dirent.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include "fileops.h"
#include "path.h"
extern int LLVMFuzzerTestOneInput(const unsigned char *data, size_t size);
extern int LLVMFuzzerInitialize(int *argc, char ***argv);
static int run_one_file(const char *filename)
{
git_buf buf = GIT_BUF_INIT;
int error = 0;
if (git_futils_readbuffer(&buf, filename) < 0) {
fprintf(stderr, "Failed to read %s: %m\n", filename);
error = -1;
goto exit;
}
LLVMFuzzerTestOneInput((const unsigned char *)buf.ptr, buf.size);
exit:
git_buf_dispose(&buf);
return error;
}
int main(int argc, char **argv)
{
git_vector corpus_files = GIT_VECTOR_INIT;
char *filename = NULL;
unsigned i = 0;
int error = 0;
if (argc != 2) {
fprintf(stderr, "Usage: %s <corpus directory>\n", argv[0]);
error = -1;
goto exit;
}
fprintf(stderr, "Running %s against %s\n", argv[0], argv[1]);
LLVMFuzzerInitialize(&argc, &argv);
if (git_path_dirload(&corpus_files, argv[1], 0, 0x0) < 0) {
fprintf(stderr, "Failed to scan corpus directory: %m\n");
error = -1;
goto exit;
}
git_vector_foreach(&corpus_files, i, filename) {
fprintf(stderr, "\tRunning %s...\n", filename);
if (run_one_file(filename) < 0) {
error = -1;
goto exit;
}
}
fprintf(stderr, "Done %d runs\n", i);
exit:
git_vector_free_deep(&corpus_files);
return error;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment