1. 30 Aug, 2018 1 commit
    • docs: clarify and include licenses of dependencies · 2e0f926e
      While our contribution guide tries to make clear the licenses that apply
      to libgit2, it does not make clear that different licenses apply to our
      bundled dependencies. Make this clear by listing each dependency
      together with the licenses that they are governed by. Furthermore,
      bundle the complete license texts next to the code they apply to.
      Patrick Steinhardt committed
  2. 19 Aug, 2018 3 commits
  3. 17 Aug, 2018 1 commit
  4. 16 Aug, 2018 4 commits
  5. 14 Aug, 2018 4 commits
  6. 09 Aug, 2018 4 commits
  7. 06 Aug, 2018 8 commits
  8. 05 Aug, 2018 5 commits
  9. 04 Aug, 2018 1 commit
    • parse: Do not initialize the content in context to NULL · d1bfe614
      String operations in libgit2 are supposed to never receive `NULL`, e.g.
      they are not `NULL`-save. In the case of `git__linenlen()`, invocation
      with `NULL` leads to undefined behavior.
      
      In a `git_parse_ctx` however, the `content` field used in these
      operations was initialized to `NULL` if the `git_parse_ctx_init()` was
      called with `NULL` for `content` or `0` for `content_len`. For the
      latter case, the initialization function even contained some logic for
      initializing `content` with `NULL`.
      
      This commit mitigates triggering undefined behavior by rewriting the
      logic. Now `content` is always initialized to a non-null buffer. Instead
      of a null buffer, an empty string is used for denoting an empty buffer.
      Julian Ganz committed
  10. 03 Aug, 2018 9 commits
    • ci: fix location of fuzzer corpora on VSTS · 835d6043
      When using VSTS-based builds, we are in a different location than when
      doing Travis builds. Due to this, the relative path to our fuzzer
      corpora does not work on VSTS. Fix it by using `${SOURCE_DIR}` instead.
      Patrick Steinhardt committed
    • fuzzers: limit maximum pack object count · e38ddc90
      By default, libgit2 allows up to 2^32 objects when downloading a
      packfile from a remote. For each of these objects, libgit2 will allocate
      up to two small structs, which in total adds up to quite a lot of
      memory. As a result, our fuzzers might run out of memory rather quick in
      case where they receive as input a packfile with such a huge count of
      objects.
      
      Limit the packfile object count to 10M objects. This is sufficiently big
      to still work with most largish repos (linux.git has around 6M objects
      as of now), but small enough to not cause the fuzzer to OOM.
      Patrick Steinhardt committed
    • fuzzers: convert download_refs fuzzer to C · 5db64e2f
      Convert the "download_refs" fuzzer from C++ to C. Rename the source file
      to have it be picked up by our build system.
      Patrick Steinhardt committed
    • fuzzers: import download_refs fuzzer from oss-fuzz · 730c0edb
      This is a direct copy of the code from google/oss-fuzz, written by
      Nelson Elhage (@nelhage). Note that due to the ".cc" ending, the file
      will not yet be picked up by the build system. This is intended, as
      currently that file is partly written in C++, requiring a conversion to
      C.
      Patrick Steinhardt committed
    • fuzzers: avoid use of libgit2 internals in packfile_raw · de53972f
      The packfile_raw fuzzer is using some internal APIs from libgit2, which
      makes it hard to compile it as part of the oss-fuzz project. As oss-fuzz
      requires us to link against the C++ FuzzingEngine library, we cannot use
      "-DBUILD_FUZZERS=ON" directly but instead have to first compile an
      object from our fuzzers and then link against the C++ library. Compiling
      the fuzzer objects thus requires an external invocation of CC, and we
      certainly don't want to do further black magic by adding libgit2's
      private source directory to the header include path.
      
      To fix the issue, convert the code to not use any internal APIs. Besides
      some headers which we have to add now, this also requires us to change
      to the hashing function of the ODB. Note that this will change the
      hashing result, as we have previously not prepended the object header to
      the data that is to be hashed. But this shouldn't matter in practice, as
      we don't care for the hash value anyway.
      Patrick Steinhardt committed
    • cmake: remove USE_SANITIZER and USE_COVERAGE options · 12804c46
      Both the USE_SANITIZER and USE_COVERAGE options are convenience options
      that turn on a set of CFLAGS. Despite our own set of CFLAGS required to
      build libgit2, we have no real business to mess with them, though, as
      they can easily be passed in by the user via specifying the CFLAGS
      environment variable. The reasoning behind not providing them is that as
      soon as we start adding those for some usecases, users might ask for
      other sets of CFLAGS catering to their specific need in another usecase.
      Thus, we do not want to support them here.
      Patrick Steinhardt committed
    • cmake: remove need to add "-fsanitize=fuzzer" flag for fuzzers · bf3382d5
      Right now, users are being instrucded to add the
      "-DCMAKE_EXE_LINKER_FLAGS=-fsanitize=fuzzer" flag when they want to
      build our fuzzers. This is error-prone and user unfriendly. Instead,
      just add the flag to our fuzzers' build instructions so that it happens
      automatically. Adjust the README accordingly.
      Patrick Steinhardt committed