Commit 92e011a715e8935f2c64c410625dc6911b6e616c

Augie Fackler 2019-10-15T16:22:35

fuzzers: add a new fuzzer for patch parsing I was looking at this code anyway because the sr.ht people nerdsniped me, and it gave me that "I should fuzz this" feeling. So have a fuzzer!

diff --git a/fuzzers/corpora/patch_parse/edit-file.diff b/fuzzers/corpora/patch_parse/edit-file.diff
new file mode 100644
index 0000000..d9e783a
--- /dev/null
+++ b/fuzzers/corpora/patch_parse/edit-file.diff
@@ -0,0 +1,13 @@
+diff --git a/fuzzers/patch_fuzzer.c b/fuzzers/patch_fuzzer.c
+index 76186b6fb..f7ce73ac8 100644
+--- a/fuzzers/patch_fuzzer.c
++++ b/fuzzers/patch_fuzzer.c
+@@ -32,7 +32,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+         git_patch* patch;
+         git_patch_options opts = {(uint32_t)data[0]};
+         int status = git_patch_from_buffer(&patch, (const char*)data+1, size-1, &opts);
+-        if (status == 0 && patch) {
++        if (patch) {
+                 git_patch_free(patch);
+         }
+         return 0;
diff --git a/fuzzers/corpora/patch_parse/patch_fuzzer-patch.diff b/fuzzers/corpora/patch_parse/patch_fuzzer-patch.diff
new file mode 100644
index 0000000..7c98d8a
--- /dev/null
+++ b/fuzzers/corpora/patch_parse/patch_fuzzer-patch.diff
@@ -0,0 +1,45 @@
+diff --git a/fuzzers/patch_fuzzer.c b/fuzzers/patch_fuzzer.c
+new file mode 100644
+index 000000000..76186b6fb
+--- /dev/null
++++ b/fuzzers/patch_fuzzer.c
+@@ -0,0 +1,39 @@
++/*
++ * libgit2 patch fuzzer target.
++ *
++ * Copyright (C) the libgit2 contributors. All rights reserved.
++ *
++ * This file is part of libgit2, distributed under the GNU GPL v2 with
++ * a Linking Exception. For full terms see the included COPYING file.
++ */
++
++#include "git2.h"
++#include "patch.h"
++#include "patch_parse.h"
++
++#define UNUSED(x) (void)(x)
++
++int LLVMFuzzerInitialize(int *argc, char ***argv)
++{
++        UNUSED(argc);
++        UNUSED(argv);
++
++        if (git_libgit2_init() < 0)
++                abort();
++
++        return 0;
++}
++
++int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
++{
++        if (size < 1) {
++                return 0;
++        }
++        git_patch* patch;
++        git_patch_options opts = {(uint32_t)data[0]};
++        int status = git_patch_from_buffer(&patch, (const char*)data+1, size-1, &opts);
++        if (status == 0 && patch) {
++                git_patch_free(patch);
++        }
++        return 0;
++}
diff --git a/fuzzers/patch_parse_fuzzer.c b/fuzzers/patch_parse_fuzzer.c
new file mode 100644
index 0000000..a9b02ad
--- /dev/null
+++ b/fuzzers/patch_parse_fuzzer.c
@@ -0,0 +1,38 @@
+/*
+ * libgit2 patch parser fuzzer target.
+ *
+ * Copyright (C) the libgit2 contributors. All rights reserved.
+ *
+ * This file is part of libgit2, distributed under the GNU GPL v2 with
+ * a Linking Exception. For full terms see the included COPYING file.
+ */
+
+#include "git2.h"
+#include "patch.h"
+#include "patch_parse.h"
+
+#define UNUSED(x) (void)(x)
+
+int LLVMFuzzerInitialize(int *argc, char ***argv)
+{
+	UNUSED(argc);
+	UNUSED(argv);
+
+	if (git_libgit2_init() < 0)
+		abort();
+
+	return 0;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	if (size) {
+		git_patch *patch = NULL;
+		git_patch_options opts = GIT_PATCH_OPTIONS_INIT;
+		opts.prefix_len = (uint32_t)data[0];
+		git_patch_from_buffer(&patch, (const char *)data + 1, size - 1,
+		                      &opts);
+		git_patch_free(patch);
+	}
+	return 0;
+}