fuzzers


Log

Author Commit Date CI Message
Nelson Elhage 463c21e2 2018-10-11T13:27:06 Apply code review feedback
Nelson Elhage 416aafd1 2018-10-09T02:33:03 fuzzers: Port config_file_fuzzer to the new in-memory backend
Edward Thomson 6d6bec0c 2018-08-26T11:52:21 fuzzer: update for indexer changes
Nelson Elhage f556dea6 2018-08-16T15:10:51 Add a proper write loop
Nelson Elhage b8d4578a 2018-08-14T04:01:30 Add a copyright header.
Nelson Elhage 298f5df6 2018-08-14T04:01:04 Further review comments, fix the build
Nelson Elhage 8189642d 2018-08-14T03:55:58 Reformat
Nelson Elhage bcfa762b 2018-08-05T03:14:56 Add a config file to the corpus
Nelson Elhage 1a8e22e8 2018-07-22T23:48:53 Add a config file fuzzer
Patrick Steinhardt e38ddc90 2018-07-26T15:41:41 fuzzers: limit maximum pack object count By default, libgit2 allows up to 2^32 objects when downloading a packfile from a remote. For each of these objects, libgit2 will allocate up to two small structs, which in total adds up to quite a lot of memory. As a result, our fuzzers might run out of memory rather quick in case where they receive as input a packfile with such a huge count of objects. Limit the packfile object count to 10M objects. This is sufficiently big to still work with most largish repos (linux.git has around 6M objects as of now), but small enough to not cause the fuzzer to OOM.
Patrick Steinhardt 5db64e2f 2018-07-19T14:52:02 fuzzers: convert download_refs fuzzer to C Convert the "download_refs" fuzzer from C++ to C. Rename the source file to have it be picked up by our build system.
Patrick Steinhardt 730c0edb 2018-07-19T14:21:35 fuzzers: import download_refs fuzzer from oss-fuzz This is a direct copy of the code from google/oss-fuzz, written by Nelson Elhage (@nelhage). Note that due to the ".cc" ending, the file will not yet be picked up by the build system. This is intended, as currently that file is partly written in C++, requiring a conversion to C.
Patrick Steinhardt de53972f 2018-07-20T11:07:47 fuzzers: avoid use of libgit2 internals in packfile_raw The packfile_raw fuzzer is using some internal APIs from libgit2, which makes it hard to compile it as part of the oss-fuzz project. As oss-fuzz requires us to link against the C++ FuzzingEngine library, we cannot use "-DBUILD_FUZZERS=ON" directly but instead have to first compile an object from our fuzzers and then link against the C++ library. Compiling the fuzzer objects thus requires an external invocation of CC, and we certainly don't want to do further black magic by adding libgit2's private source directory to the header include path. To fix the issue, convert the code to not use any internal APIs. Besides some headers which we have to add now, this also requires us to change to the hashing function of the ODB. Note that this will change the hashing result, as we have previously not prepended the object header to the data that is to be hashed. But this shouldn't matter in practice, as we don't care for the hash value anyway.
Patrick Steinhardt bf3382d5 2018-07-19T15:22:18 cmake: remove need to add "-fsanitize=fuzzer" flag for fuzzers Right now, users are being instrucded to add the "-DCMAKE_EXE_LINKER_FLAGS=-fsanitize=fuzzer" flag when they want to build our fuzzers. This is error-prone and user unfriendly. Instead, just add the flag to our fuzzers' build instructions so that it happens automatically. Adjust the README accordingly.
Patrick Steinhardt 07cf8b38 2018-07-20T09:03:10 cmake: use C90 standard for our fuzzing targets Like all our other internal code, we want to force the use of C90 for our fuzzers. Do so by setting the "C_STANDARD" property of our fuzzing targets.
Patrick Steinhardt ad087303 2018-07-20T14:20:07 fuzzers: move readme to docs/fuzzing.md
Patrick Steinhardt 59328ed8 2018-07-19T13:29:46 fuzzers: rename "fuzz" directory to match our style Our layout uses names like "examples" or "tests" which is why the "fuzz" directory doesn't really fit in here. Rename the directory to be called "fuzzers" instead. Furthermore, we rename the fuzzer "fuzz_packfile_raw" to "packfile_raw_fuzzer", which is also in line with the already existing fuzzer at google/oss-fuzz. While at it, rename the "packfile_raw" fuzzer to instead just be called "packfile" fuzzer.