Commit e38ddc90 by Patrick Steinhardt

fuzzers: limit maximum pack object count

By default, libgit2 allows up to 2^32 objects when downloading a
packfile from a remote. For each of these objects, libgit2 will allocate
up to two small structs, which in total adds up to quite a lot of
memory. As a result, our fuzzers might run out of memory rather quick in
case where they receive as input a packfile with such a huge count of
objects.

Limit the packfile object count to 10M objects. This is sufficiently big
to still work with most largish repos (linux.git has around 6M objects
as of now), but small enough to not cause the fuzzer to OOM.
parent 5db64e2f
...@@ -174,6 +174,9 @@ int LLVMFuzzerInitialize(int *argc, char ***argv) ...@@ -174,6 +174,9 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
if (git_libgit2_init() < 0) if (git_libgit2_init() < 0)
abort(); abort();
if (git_libgit2_opts(GIT_OPT_SET_PACK_MAX_OBJECTS, 10000000) < 0)
abort();
if (mkdtemp(tmp) != tmp) if (mkdtemp(tmp) != tmp)
abort(); abort();
......
...@@ -33,6 +33,10 @@ int LLVMFuzzerInitialize(int *argc, char ***argv) ...@@ -33,6 +33,10 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
fprintf(stderr, "Failed to initialize libgit2\n"); fprintf(stderr, "Failed to initialize libgit2\n");
abort(); abort();
} }
if (git_libgit2_opts(GIT_OPT_SET_PACK_MAX_OBJECTS, 10000000) < 0) {
fprintf(stderr, "Failed to limit maximum pack object count\n");
abort();
}
if (git_odb_new(&odb) < 0) { if (git_odb_new(&odb) < 0) {
fprintf(stderr, "Failed to create the odb\n"); fprintf(stderr, "Failed to create the odb\n");
abort(); abort();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment