Commit e38ddc90bf2b77fce422014f2785a9124d21263f
2018-07-26T15:41:41
fuzzers: limit maximum pack object count By default, libgit2 allows up to 2^32 objects when downloading a packfile from a remote. For each of these objects, libgit2 will allocate up to two small structs, which in total adds up to quite a lot of memory. As a result, our fuzzers might run out of memory rather quick in case where they receive as input a packfile with such a huge count of objects. Limit the packfile object count to 10M objects. This is sufficiently big to still work with most largish repos (linux.git has around 6M objects as of now), but small enough to not cause the fuzzer to OOM.
diff --git a/fuzzers/download_refs_fuzzer.c b/fuzzers/download_refs_fuzzer.c
index fd10409..3807c09 100644
--- a/fuzzers/download_refs_fuzzer.c
+++ b/fuzzers/download_refs_fuzzer.c
@@ -174,6 +174,9 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
if (git_libgit2_init() < 0)
abort();
+ if (git_libgit2_opts(GIT_OPT_SET_PACK_MAX_OBJECTS, 10000000) < 0)
+ abort();
+
if (mkdtemp(tmp) != tmp)
abort();
diff --git a/fuzzers/packfile_fuzzer.c b/fuzzers/packfile_fuzzer.c
index e7708b9..a59d283 100644
--- a/fuzzers/packfile_fuzzer.c
+++ b/fuzzers/packfile_fuzzer.c
@@ -33,6 +33,10 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
fprintf(stderr, "Failed to initialize libgit2\n");
abort();
}
+ if (git_libgit2_opts(GIT_OPT_SET_PACK_MAX_OBJECTS, 10000000) < 0) {
+ fprintf(stderr, "Failed to limit maximum pack object count\n");
+ abort();
+ }
if (git_odb_new(&odb) < 0) {
fprintf(stderr, "Failed to create the odb\n");
abort();