|
9db66c79
|
2018-06-29T12:50:38
|
|
apply test: apply with non-conflicting changes
Ensure that we can apply to the working directory or the index when the
application target is modified, so long as there are not conflicting
changes to the items.
|
|
771bd81e
|
2018-06-29T12:40:16
|
|
apply tests: ensure apply failures leave index unmodified
|
|
5b66b667
|
2018-06-29T12:39:41
|
|
apply: when preimage file is missing, return EAPPLYFAIL
The preimage file being missing entirely is simply a case of an
application failure; return the correct error value for the caller.
|
|
e0224121
|
2018-06-29T12:09:02
|
|
apply: simplify checkout vs index application
Separate the concerns of applying via checkout and updating the
repository's index. This results in simpler functionality and allows us
to not build the temporary collection of paths in the index case.
|
|
9d81defa
|
2018-06-28T16:26:08
|
|
apply tests: GIT_APPLY_LOCATION_INDEX with parsed patches
|
|
702d4bec
|
2018-06-26T15:26:37
|
|
apply tests: use `git_iterator_foreach` for tests
Use the new `git_iterator_foreach` API to validate the workdir against
the expected workdir values instead of using the paired/multi iterator
comparison callback. This allows us to use the `git_iterator_foreach`
to validate the index as well, instead of assuming that the index and
HEAD must always match.
|
|
d54aa9ae
|
2018-06-26T15:25:30
|
|
iterator: introduce `git_iterator_foreach`
Introduce a `git_iterator_foreach` helper function which invokes a
callback on all files for a given iterator.
|
|
eef34e4e
|
2018-06-28T16:24:21
|
|
apply tests: GIT_APPLY_LOCATION_INDEX with generated patches
Test a simple patch application with `GIT_APPLY_LOCATION_INDEX`, which
emulates `git apply --cached`.
|
|
9c34c996
|
2018-06-25T17:03:14
|
|
apply: handle file additions
Don't attempt to read the postimage file during a file addition, simply
use an empty buffer as the postimage. Also, test that we can handle
file additions.
|
|
3b5378c5
|
2018-06-25T16:27:06
|
|
apply: handle file deletions
If the file was deleted in the postimage, do not attempt to update the
target. Instead, ignore it and simply allow it to stay removed in our
computed postimage. Also, test that we can handle file deletions.
|
|
2bd3cfea
|
2018-06-29T11:43:55
|
|
apply tests: modified wd items are ok when applying to index
When applying to the index (using `GIT_APPLY_LOCATION_INDEX`), ensure
that items modified in the working directory do not conflict with the
application.
|
|
c010c93b
|
2018-06-27T16:50:07
|
|
apply tests: move helpers into common area
|
|
af3287f8
|
2018-06-22T19:27:19
|
|
apply: test `git_apply` with a parsed patch
Ensure that we can apply a simple patch to the working directory when we
have parsed it from a patch file.
|
|
ff296b71
|
2018-03-19T19:50:52
|
|
apply: test `git_apply` application to a workdir
Introduce a standard test applying a diff to a working directory with no
complications.
|
|
35d525b0
|
2018-06-26T09:19:12
|
|
apply: test that failures don't dirty workdir
Ensure that when a patch application fails (due to a conflict in the
working directory, for example) that we do not half-apply the patch or
otherwise leave the working directory dirty.
This is rather obvious in our current apply implementation (we do a two
step process: one to create the post-image and one to check it out) but
this test is a safety net for future refactoring or improvements.
|
|
f83bbe0a
|
2018-03-19T19:50:45
|
|
apply: introduce `git_apply`
Introduce `git_apply`, which will take a `git_diff` and apply it to the
working directory (akin to `git apply`), the index (akin to `git apply
--cached`), or both (akin to `git apply --index`).
|
|
664cda6f
|
2018-03-19T20:10:38
|
|
apply: reimplement `git_apply_tree` with readers
The generic `git_reader` interface simplifies `git_apply_tree` somewhat.
Reimplement `git_apply_tree` with them.
|
|
d7090ee4
|
2018-06-28T17:26:24
|
|
apply tests: ensure we can add and remove files from the index
Add a test that adds a new file, and another that removes a file when
applying using `GIT_APPLY_LOCATION_INDEX` to ensure that they work.
|
|
c3077ea0
|
2018-06-25T21:24:49
|
|
apply: return a specific exit code on failure
Return `GIT_EAPPLYFAIL` on patch application failure so that users can
determine that patch application failed due to a malformed/conflicting
patch by looking at the error code.
|
|
d73043a2
|
2018-03-19T20:10:31
|
|
reader: a generic way to read files from repos
Similar to the `git_iterator` interface, the `git_reader` interface will
allow us to read file contents from an arbitrary repository-backed data
source (trees, index, or working directory).
|
|
973bf0c8
|
2018-06-25T20:49:22
|
|
apply: test a patch can be applied even with a modified index
Ensure that we can apply a patch to the working directory, even to files
that are modified in the index (as long as the working directory
contents match the preimage - such that the working directory is
unmodified from HEAD).
|
|
20f8a6db
|
2018-06-28T17:26:21
|
|
apply: remove deleted paths from index
We update the index with the new_file side of the delta, but we need to
explicitly remove the old_file path in the case where an item was
deleted or renamed.
|
|
553395dc
|
2018-06-25T20:21:01
|
|
apply: test that the index is not modified
Ensure that by default, when using GIT_APPLY_LOCATION_WORKDIR, that
patch application does not update the index, only the working directory.
|
|
0eb63b9f
|
2018-06-25T19:50:35
|
|
apply tests: separate common patch hunks
Move the commonly-used patch hunks into a single constant location.
This allows us to avoid re-declaring them in each test, and allows
us to compose them to build a larger patch file that includes all
the hunks.
|
|
02b1083a
|
2018-01-28T23:25:07
|
|
apply: introduce `git_apply_tree`
Introduce `git_apply_tree`, which will apply a `git_diff` to a given
`git_tree`, allowing an in-memory patch application for a repository.
|
|
2b12dcf6
|
2018-03-19T19:45:11
|
|
iterator: optionally hash filesystem iterators
Optionally hash the contents of files encountered in the filesystem or
working directory iterators. This is not expected to be used in
production code paths, but may allow us to simplify some test contexts.
For working directory iterators, apply filters as appropriate, since we
have the context able to do it.
|
|
b5ae83bf
|
2018-10-31T08:47:10
|
|
Merge pull request #4860 from tiennou/ci/macos-leaks
CI: Fix macOS leak detection
|
|
8c49b3bf
|
2018-10-30T22:32:57
|
|
tests: use CLAR_AT_EXIT to check for leaks on macOS
|
|
0e69485e
|
2018-10-23T20:34:47
|
|
clar: provide a way to run some shell before exiting
|
|
79558009
|
2018-10-26T15:40:16
|
|
Merge pull request #4800 from libgit2/ethomson/badgification
README: more CI status badges
|
|
b7174dde
|
2018-10-26T14:59:50
|
|
Merge pull request #4867 from libgit2/ethomson/ci
ci: Fix some minor issues
|
|
f195c385
|
2018-10-26T14:10:13
|
|
nightly: the path to yaml templates is relative
Don't prefix the path to the yaml templates - the nightly template
itself is already in the `azure-pipelines` directory. Instead, just
use the relative path.
|
|
f22521ef
|
2018-10-26T12:31:39
|
|
ci: fail if requested test name is not found (unix)
POSIX: the CMakeLists.txt configures the test names; when we query
ctest for the test command-line to run, fail if the tests are not
found.
|
|
05c51bb6
|
2018-10-26T06:35:57
|
|
ci: fail if requested test name is not found (win32)
Win32: The CMakeLists.txt configures the test names; when we query
ctest for the test command-line to run, fail if the tests are not
found.
|
|
623647af
|
2018-10-26T12:33:59
|
|
Merge pull request #4864 from pks-t/pks/object-parse-fixes
Object parse fixes
|
|
814389d4
|
2018-10-25T23:40:19
|
|
Merge pull request #4862 from libgit2/ethomson/win_ci
Windows CI: fail build on test failure
|
|
cd248c70
|
2018-10-25T23:25:09
|
|
Merge pull request #4863 from libgit2/ethomson/ci_nightly
ci: run all the jobs during nightly builds
|
|
be5a2ae2
|
2018-10-25T23:19:42
|
|
ci: run all the jobs during nightly builds
Instead of running the oddball builds, run all the builds (the ones
that we always run during PR validation and CI) during a nightly
build for increased coverage.
|
|
0e26717a
|
2018-10-25T14:26:28
|
|
ci: fail on test failures
PowerShell can _read_ top-level variables in functions, but cannot _update_
top-level variables in functions unless they're explicitly prefixed with
`$global`.
|
|
7655b2d8
|
2018-10-19T10:29:19
|
|
commit: fix reading out of bounds when parsing encoding
The commit message encoding is currently being parsed by the
`git__prefixcmp` function. As this function does not accept a buffer
length, it will happily skip over a buffer's end if it is not `NUL`
terminated.
Fix the issue by using `git__prefixncmp` instead. Add a test that
verifies that we are unable to parse the encoding field if it's cut off
by the supplied buffer length.
|
|
c2e3d8ef
|
2018-10-25T12:01:18
|
|
tests: add tests that exercise commit parsing
We currently do not have any test suites dedicated to parsing commits
from their raw representations. Add one based on `git_object__from_raw`
to be able to test special cases more easily.
|
|
ee11d47e
|
2018-10-19T09:47:50
|
|
tag: fix out of bounds read when searching for tag message
When parsing tags, we skip all unknown fields that appear before the tag
message. This skipping is done by using a plain `strstr(buffer, "\n\n")`
to search for the two newlines that separate tag fields from tag
message. As it is not possible to supply a buffer length to `strstr`,
this call may skip over the buffer's end and thus result in an out of
bounds read. As `strstr` may return a pointer that is out of bounds, the
following computation of `buffer_end - buffer` will overflow and result
in an allocation of an invalid length.
Fix the issue by using `git__memmem` instead. Add a test that verifies
parsing the tag fails not due to the allocation failure but due to the
tag having no message.
|
|
4c738e56
|
2018-10-19T09:44:14
|
|
tests: add tests that exercise tag parsing
While the tests in object::tag::read exercises reading and parsing valid
tags from the ODB, they barely try to verify that the parser fails in a
sane way when parsing invalid tags. Create a new test suite
object::tag::parse that directly exercise the parser by using
`git_object__from_raw` and add various tests for valid and invalid tags.
|
|
83e8a6b3
|
2018-10-18T16:08:46
|
|
util: provide `git__memmem` function
Unfortunately, neither the `memmem` nor the `strnstr` functions are part
of any C standard but are merely extensions of C that are implemented by
e.g. glibc. Thus, there is no standardized way to search for a string in
a block of memory with a limited size, and using `strstr` is to be
considered unsafe in case where the buffer has not been sanitized. In
fact, there are some uses of `strstr` in exactly that unsafe way in our
codebase.
Provide a new function `git__memmem` that implements the `memmem`
semantics. That is in a given haystack of `n` bytes, search for the
occurrence of a byte sequence of `m` bytes and return a pointer to the
first occurrence. The implementation chosen is the "Not So Naive"
algorithm from [1]. It was chosen as the implementation is comparably
simple while still being reasonably efficient in most cases.
Preprocessing happens in constant time and space, searching has a time
complexity of O(n*m) with a slightly sub-linear average case.
[1]: http://www-igm.univ-mlv.fr/~lecroq/string/
|
|
bea65980
|
2018-10-25T11:21:14
|
|
Merge pull request #4851 from pks-t/pks/strtol-removal
strtol removal
|
|
11945461
|
2018-10-25T11:17:52
|
|
Merge pull request #4854 from libgit2/ethomson/buf_oom_test
buf::oom tests: use custom allocator for oom failures
|
|
fa274f7f
|
2018-10-23T22:34:45
|
|
ci: redirect the malloc debugging output to /dev/null
|
|
2e34efaa
|
2018-10-21T13:10:06
|
|
buf::oom tests: use custom allocator for oom failures
Create a custom allocator for the `buf::oom` tests that will fail with
out-of-memory errors in predictable ways. We were previously trying to
guess the way that various allocators on various platforms would fail
in a way such that `malloc`/`realloc` would return `NULL` (instead of
aborting the application, or appearing suspicious to various
instrumentation or static code analysis tools like valgrind.)
Introduce a fake `malloc` and `realloc` that will return `NULL` on
allocations requesting more than 100 bytes. Otherwise, we proxy to the
default allocator. (It's important to use the _default_ allocator, not
just call `malloc`, since the default allocator on Windows CI builds may
be the debugging C runtime allocators which would not be compatible with
a standard `malloc`.)
|
|
305e801a
|
2018-10-21T09:52:32
|
|
util: allow callers to reset custom allocators
Provide a utility to reset custom allocators back to their default.
This is particularly useful for testing.
|
|
671b2446
|
2018-10-21T12:50:46
|
|
Merge pull request #4804 from libgit2/ethomson/qemu-build
ci: arm docker builds
|
|
7c557169
|
2018-10-21T10:34:38
|
|
ci: use trusty-amd64 for openssl and mbedtls
We don't need two separate docker images for OpenSSL and mbedTLS.
They've been combined into a single image `trusty-amd64` that supports
both.
|
|
415a8ae9
|
2018-09-13T13:27:07
|
|
tests: don't run buf::oom on 32-bit systems
On a 32-bit Linux systems, the value large enough to make malloc
guarantee a failure is also large enough that valgrind considers it
"fishy". Skip this test on those systems entirely.
|
|
9cc4ba5c
|
2018-09-13T16:12:41
|
|
valgrind: extend the suppressions file
Newer dependencies means newer places to leak!
|
|
d82800e8
|
2018-10-21T09:31:42
|
|
ci: use bionic for non-amd64 builds
Use Bionic so that we have a modern libssh2 (for communicating with
GitHub). We've ported fixes to our Trusty-based amd64 images, but
maintaining patches for multiple platforms is heinous.
|
|
b244ea79
|
2018-10-21T09:24:08
|
|
ci: introduce nightly x86 linux builds
|
|
f195395a
|
2018-10-21T09:16:35
|
|
ci: bind specifically to localhost for proxy
Bind the proxy specifically to 127.0.0.1 instead of all addresses. This
is not strictly necessary for operations, but having a potentially open
proxy on a network is not a good idea.
|
|
0e521abd
|
2018-10-21T09:15:24
|
|
ci: introduce nightly arm docker builds
Use multiarch arm32 and arm64 docker images to run Xenial-based images
for those platforms. We can support all the tests on ARM32 and 64
_except_ the proxy-based tests. Our proxy on ARM seems regrettably
unstable, either due to some shoddy dependencies (with native code?)
or the JREs themselves.
Run these platforms as part of our nightly builds; do not run them
during pull request or CI validation.
|
|
28f05585
|
2018-10-21T09:20:10
|
|
ci: reorganize naming for consistency
|
|
4ec597dc
|
2018-10-21T09:12:43
|
|
ci: move configuration yaml to its own directory
As the number of each grow, separate the CI build scripts from
the YAML definitions.
|
|
7c791f3d
|
2018-10-20T20:25:51
|
|
Merge pull request #4852 from libgit2/ethomson/unc_paths
Win32 path canonicalization refactoring
|
|
6cc14ae3
|
2018-10-20T20:22:04
|
|
Merge pull request #4840 from libgit2/cmn/validity-tree-from-unowned-index
Check object existence when creating a tree from an index
|
|
a2f9f94b
|
2018-10-20T20:18:04
|
|
Merge branch 'issue-4203'
|
|
32b81661
|
2018-10-20T20:16:32
|
|
merge: don't leak the index during reloads
|
|
c79e6081
|
2018-10-20T19:08:16
|
|
checkout: fix test fixture missing objects
The testrepo test fixture has an index file that's damaged, missing an
object. The index previously had an entry of `src/index.c` with id
3161df8cbf3a006b4ef85be6497a0ea6bde98541, but that object was missing in
the repository. This commit adds an object to the repository and
updates the index to use that existing blob.
Similarly, the index has an entry for `readme` with an id of
97328ac7e3bd0bcd3900cb3e7a624d71dd0df888. This can be restored from
other test repositories.
With these fixed, now the write tree from index tests can pass since they
validate object existence.
|
|
2ad07ad5
|
2018-10-20T18:14:25
|
|
Merge pull request #4841 from tiennou/ci/ninja-build
Ninja build
|
|
f77e6cc7
|
2018-10-19T17:10:01
|
|
ci: make the Ubuntu/OpenSSL build explicit
|
|
6a67e42d
|
2018-10-08T19:33:27
|
|
ci: use Ninja on macOS
|
|
0fccf017
|
2018-10-19T15:48:46
|
|
Merge pull request #4853 from libgit2/cmn/not-opaque
docs: fix transparent/opaque confusion in the conventions file
|
|
69cd4141
|
2018-10-19T16:30:43
|
|
docs: fix transparent/opaque confusion in the conventions file
|
|
0a4284b1
|
2018-10-19T14:54:13
|
|
Merge pull request #4819 from libgit2/cmn/config-nonewline
Configuration variables can appear on the same line as the section header
|
|
ea19efc1
|
2018-10-18T15:08:56
|
|
util: fix out of bounds read in error message
When an integer that is parsed with `git__strntol32` is too big to fit
into an int32, we will generate an error message that includes the
actual string that failed to parse. This does not acknowledge the fact
that the string may either not be NUL terminated or alternative include
additional characters after the number that is to be parsed. We may thus
end up printing characters into the buffer that aren't the number or,
worse, read out of bounds.
Fix the issue by utilizing the `endptr` that was set by
`git__strntol64`. This pointer is guaranteed to be set to the first
character following the number, and we can thus use it to compute the
width of the number that shall be printed. Create a test to verify that
we correctly truncate the number.
|
|
a34f5b0d
|
2018-10-18T08:57:27
|
|
win32: refactor `git_win32_path_remove_namespace`
Update `git_win32_path_remove_namespace` to disambiguate the prefix
being removed versus the prefix being added. Now we remove the
"namespace", and (may) add a "prefix" in its place. Eg, we remove the
`\\?\` namespace. We remove the `\\?\UNC\` namespace, and replace it
with the `\\` prefix. This aids readability somewhat.
Additionally, use pointer arithmetic instead of offsets, which seems to
also help readability.
|
|
16fd9ba9
|
2018-10-17T11:34:38
|
|
win32: more tests for `git_win32_remove_path`
|
|
b2e85f98
|
2018-10-17T08:48:43
|
|
win32: rename `git_win32__canonicalize_path`
The internal API `git_win32__canonicalize_path` is far, far too easily
confused with the internal API `git_win32_path_canonicalize`. The
former removes the namespace prefix from a path (eg, given
`\\?\C:\Temp\foo`, it returns `C:\Temp\foo`, and given
`\\?\UNC\server\share`, it returns `\\server\share`). As such, rename
it to `git_win32_path_remove_namespace`.
`git_win32_path_canonicalize` remains unchanged.
|
|
b09c1c7b
|
2018-10-18T14:37:55
|
|
util: avoid signed integer overflows in `git__strntol64`
While `git__strntol64` tries to detect integer overflows when doing the
necessary arithmetics to come up with the final result, it does the
detection only after the fact. This check thus relies on undefined
behavior of signed integer overflows. Fix this by instead checking
up-front whether the multiplications or additions will overflow.
Note that a detected overflow will not cause us to abort parsing the
current sequence of digits. In the case of an overflow, previous
behavior was to still set up the end pointer correctly to point to the
first character immediately after the currently parsed number. We do not
want to change this now as code may rely on the end pointer being set up
correctly even if the parsed number is too big to be represented as
64 bit integer.
|
|
39087ab8
|
2018-10-18T12:11:33
|
|
tests: core::strtol: test for some more edge-cases
Some edge cases were currently completely untested, e.g. parsing numbers
greater than INT64_{MIN,MAX}, truncating buffers by length and invalid
characters. Add tests to verify that the system under test performs as
expected.
|
|
8d7fa88a
|
2018-10-18T12:04:07
|
|
util: remove `git__strtol32`
The function `git__strtol32` can easily be misused when untrusted data
is passed to it that may not have been sanitized with trailing `NUL`
bytes. As all usages of this function have now been removed, we can
remove this function altogether to avoid future misuse of it.
|
|
2613fbb2
|
2018-10-18T11:58:14
|
|
global: replace remaining use of `git__strtol32`
Replace remaining uses of the `git__strtol32` function. While these uses
are all safe as the strings were either sanitized or from a trusted
source, we want to remove `git__strtol32` altogether to avoid future
misuse.
|
|
21652ee9
|
2018-10-18T11:43:30
|
|
tree-cache: avoid out-of-bound reads when parsing trees
We use the `git__strtol32` function to parse the child and entry count
of treecaches from the index, which do not accept a buffer length. As
the buffer that is being passed in is untrusted data and may thus be
malformed and may not contain a terminating `NUL` byte, we can overrun
the buffer and thus perform an out-of-bounds read.
Fix the issue by uzing `git__strntol32` instead.
|
|
68deb2cc
|
2018-10-18T11:37:10
|
|
util: remove unsafe `git__strtol64` function
The function `git__strtol64` does not take a maximum buffer length as
parameter. This has led to some unsafe usages of this function, and as
such we may consider it as being unsafe to use. As we have now
eradicated all usages of this function, let's remove it completely to
avoid future misuse.
|
|
1a2efd10
|
2018-10-18T11:35:08
|
|
config: remove last instance of `git__strntol64`
When parsing integers from configuration values, we use `git__strtol64`.
This is fine to do, as we always sanitize values and can thus be sure
that they'll have a terminating `NUL` byte. But as this is the last
call-site of `git__strtol64`, let's just pass in the length explicitly
by calling `strlen` on the value to be able to remove `git__strtol64`
altogether.
|
|
3db9aa6f
|
2018-10-18T11:32:48
|
|
signature: avoid out-of-bounds reads when parsing signature dates
We use `git__strtol64` and `git__strtol32` to parse the trailing commit
or author date and timezone of signatures. As signatures are usually
part of a commit or tag object and thus essentially untrusted data, the
buffer may be misformatted and may not be `NUL` terminated. This may
lead to an out-of-bounds read.
Fix the issue by using `git__strntol64` and `git__strntol32` instead.
|
|
600ceadd
|
2018-10-18T11:29:06
|
|
index: avoid out-of-bounds read when reading reuc entry stage
We use `git__strtol64` to parse file modes of the index entries, which
does not limit the parsed buffer length. As the index can be essentially
treated as "untrusted" in that the data stems from the file system, it
may be misformatted and may not contain terminating `NUL` bytes. This
may lead to out-of-bounds reads when trying to parse index entries with
such malformatted modes.
Fix the issue by using `git__strntol64` instead.
|
|
1a3fa1f5
|
2018-10-18T11:25:59
|
|
commit_list: avoid use of strtol64 without length limit
When quick-parsing a commit, we use `git__strtol64` to parse the
commit's time. The buffer that's passed to `commit_quick_parse` is the
raw data of an ODB object, though, whose data may not be properly
formatted and also does not have to be `NUL` terminated. This may lead
to out-of-bound reads.
Use `git__strntol64` to avoid this problem.
|
|
f010b66b
|
2018-10-17T14:33:47
|
|
Merge pull request #4849 from libgit2/cmn/expose-gitfile-check
path: export the dotgit-checking functions
|
|
5be63f6d
|
2018-10-17T10:01:22
|
|
Merge pull request #4850 from libgit2/ethomson/libssh2_not_libssh
cmake: correct comment from libssh to libssh2
|
|
b160a64f
|
2018-10-17T09:38:30
|
|
cmake: correct comment from libssh to libssh2
We use libssh2. We do not use libssh. Make sure to disambiguate them
correctly.
|
|
7615794c
|
2018-10-15T18:08:13
|
|
Merge pull request #4845 from pks-t/pks/object-fuzzer
Object parsing fuzzer
|
|
9b6e4081
|
2018-10-15T17:08:38
|
|
Merge commit 'afd10f0' (Follow 308 redirects)
|
|
05e54e00
|
2018-10-15T13:54:17
|
|
path: export the dotgit-checking functions
These checks are preformed by libgit2 on checkout, but they're also useful for
performing checks in applications which do not involve checkout.
Expose them under `sys/` as it's still fairly in the weeds even for this
library.
|
|
1d718fa5
|
2018-09-28T11:55:34
|
|
config: variables might appear on the same line as a section header
While rare and a machine would typically not generate such a configuration file,
it is nevertheless valid to write
[foo "bar"] baz = true
and we need to deal with that instead of assuming everything is on its own line.
|
|
1cbc9604
|
2018-09-28T10:57:50
|
|
config: add failing test for no newline after section header
|
|
afd10f0b
|
2018-10-13T09:31:20
|
|
Follow 308 redirects (as used by GitLab)
|
|
814e7acb
|
2018-10-12T12:38:06
|
|
Merge pull request #4842 from nelhage/fuzz-config-memory
config: Port config_file_fuzzer to the new in-memory backend.
|
|
463c21e2
|
2018-10-11T13:27:06
|
|
Apply code review feedback
|
|
a1d5fd06
|
2018-10-11T12:46:11
|
|
fuzzers: add object parsing fuzzer
Add a simple fuzzer that exercises our object parser code. The fuzzer
is quite trivial in that it simply passes the input data directly to
`git_object__from_raw` for each of the four object types.
|
|
6562cdda
|
2018-10-11T12:43:08
|
|
object: properly propagate errors on parsing failures
When failing to parse a raw object fromits data, we free the
partially parsed object but then fail to propagate the error to the
caller. This may lead callers to operate on objects with invalid memory,
which will sooner or later cause the program to segfault.
Fix the issue by passing up the error code returned by `parse_raw`.
|
|
6956a954
|
2018-10-11T12:26:44
|
|
fuzzers: initialize libgit2 in standalone driver
The standalone driver for libgit2's fuzzing targets makes use of
functions from libgit2 itself. While this is totally fine to do, we need
to make sure to always have libgit2 initialized via `git_libgit2_init`
before we call out to any of these. While this happens in most cases as
we call `LLVMFuzzerInitialize`, which is provided by our fuzzers and
which right now always calls `git_libgit2_init`, one exception to this
rule is our error path when not enough arguments have been given. In
this case, we will call `git_vector_free_deep` without libgit2 having
been initialized. As we did not set up our allocation functions in that
case, this will lead to a segmentation fault.
Fix the issue by always initializing and shutting down libgit2 in the
standalone driver. Note that we cannot let this replace the
initialization in `LLVMFuzzerInitialize`, as it is required when using
the "real" fuzzers by LLVM without our standalone driver. It's no
problem to call the initialization and deinitialization functions
multiple times, though.
|
|
416aafd1
|
2018-10-09T02:33:03
|
|
fuzzers: Port config_file_fuzzer to the new in-memory backend
|
|
2d449a11
|
2018-10-09T02:42:14
|
|
config: Refactor `git_config_backend_from_string` to take a length
|