fuzzers: add a new fuzzer for patch parsing I was looking at this code anyway because the sr.ht people nerdsniped me, and it gave me that "I should fuzz this" feeling. So have a fuzzer!
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114
diff --git a/fuzzers/corpora/patch_parse/edit-file.diff b/fuzzers/corpora/patch_parse/edit-file.diff
new file mode 100644
index 0000000..d9e783a
--- /dev/null
+++ b/fuzzers/corpora/patch_parse/edit-file.diff
@@ -0,0 +1,13 @@
+diff --git a/fuzzers/patch_fuzzer.c b/fuzzers/patch_fuzzer.c
+index 76186b6fb..f7ce73ac8 100644
+--- a/fuzzers/patch_fuzzer.c
++++ b/fuzzers/patch_fuzzer.c
+@@ -32,7 +32,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+ git_patch* patch;
+ git_patch_options opts = {(uint32_t)data[0]};
+ int status = git_patch_from_buffer(&patch, (const char*)data+1, size-1, &opts);
+- if (status == 0 && patch) {
++ if (patch) {
+ git_patch_free(patch);
+ }
+ return 0;
diff --git a/fuzzers/corpora/patch_parse/patch_fuzzer-patch.diff b/fuzzers/corpora/patch_parse/patch_fuzzer-patch.diff
new file mode 100644
index 0000000..7c98d8a
--- /dev/null
+++ b/fuzzers/corpora/patch_parse/patch_fuzzer-patch.diff
@@ -0,0 +1,45 @@
+diff --git a/fuzzers/patch_fuzzer.c b/fuzzers/patch_fuzzer.c
+new file mode 100644
+index 000000000..76186b6fb
+--- /dev/null
++++ b/fuzzers/patch_fuzzer.c
+@@ -0,0 +1,39 @@
++/*
++ * libgit2 patch fuzzer target.
++ *
++ * Copyright (C) the libgit2 contributors. All rights reserved.
++ *
++ * This file is part of libgit2, distributed under the GNU GPL v2 with
++ * a Linking Exception. For full terms see the included COPYING file.
++ */
++
++#include "git2.h"
++#include "patch.h"
++#include "patch_parse.h"
++
++#define UNUSED(x) (void)(x)
++
++int LLVMFuzzerInitialize(int *argc, char ***argv)
++{
++ UNUSED(argc);
++ UNUSED(argv);
++
++ if (git_libgit2_init() < 0)
++ abort();
++
++ return 0;
++}
++
++int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
++{
++ if (size < 1) {
++ return 0;
++ }
++ git_patch* patch;
++ git_patch_options opts = {(uint32_t)data[0]};
++ int status = git_patch_from_buffer(&patch, (const char*)data+1, size-1, &opts);
++ if (status == 0 && patch) {
++ git_patch_free(patch);
++ }
++ return 0;
++}
diff --git a/fuzzers/patch_parse_fuzzer.c b/fuzzers/patch_parse_fuzzer.c
new file mode 100644
index 0000000..a9b02ad
--- /dev/null
+++ b/fuzzers/patch_parse_fuzzer.c
@@ -0,0 +1,38 @@
+/*
+ * libgit2 patch parser fuzzer target.
+ *
+ * Copyright (C) the libgit2 contributors. All rights reserved.
+ *
+ * This file is part of libgit2, distributed under the GNU GPL v2 with
+ * a Linking Exception. For full terms see the included COPYING file.
+ */
+
+#include "git2.h"
+#include "patch.h"
+#include "patch_parse.h"
+
+#define UNUSED(x) (void)(x)
+
+int LLVMFuzzerInitialize(int *argc, char ***argv)
+{
+ UNUSED(argc);
+ UNUSED(argv);
+
+ if (git_libgit2_init() < 0)
+ abort();
+
+ return 0;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ if (size) {
+ git_patch *patch = NULL;
+ git_patch_options opts = GIT_PATCH_OPTIONS_INIT;
+ opts.prefix_len = (uint32_t)data[0];
+ git_patch_from_buffer(&patch, (const char *)data + 1, size - 1,
+ &opts);
+ git_patch_free(patch);
+ }
+ return 0;
+}