|
e38ddc90
|
2018-07-26T15:41:41
|
|
fuzzers: limit maximum pack object count
By default, libgit2 allows up to 2^32 objects when downloading a
packfile from a remote. For each of these objects, libgit2 will allocate
up to two small structs, which in total adds up to quite a lot of
memory. As a result, our fuzzers might run out of memory rather quick in
case where they receive as input a packfile with such a huge count of
objects.
Limit the packfile object count to 10M objects. This is sufficiently big
to still work with most largish repos (linux.git has around 6M objects
as of now), but small enough to not cause the fuzzer to OOM.
|
|
5db64e2f
|
2018-07-19T14:52:02
|
|
fuzzers: convert download_refs fuzzer to C
Convert the "download_refs" fuzzer from C++ to C. Rename the source file
to have it be picked up by our build system.
|
|
de53972f
|
2018-07-20T11:07:47
|
|
fuzzers: avoid use of libgit2 internals in packfile_raw
The packfile_raw fuzzer is using some internal APIs from libgit2, which
makes it hard to compile it as part of the oss-fuzz project. As oss-fuzz
requires us to link against the C++ FuzzingEngine library, we cannot use
"-DBUILD_FUZZERS=ON" directly but instead have to first compile an
object from our fuzzers and then link against the C++ library. Compiling
the fuzzer objects thus requires an external invocation of CC, and we
certainly don't want to do further black magic by adding libgit2's
private source directory to the header include path.
To fix the issue, convert the code to not use any internal APIs. Besides
some headers which we have to add now, this also requires us to change
to the hashing function of the ODB. Note that this will change the
hashing result, as we have previously not prepended the object header to
the data that is to be hashed. But this shouldn't matter in practice, as
we don't care for the hash value anyway.
|
|
07cf8b38
|
2018-07-20T09:03:10
|
|
cmake: use C90 standard for our fuzzing targets
Like all our other internal code, we want to force the use of C90 for
our fuzzers. Do so by setting the "C_STANDARD" property of our fuzzing
targets.
|
|
ad087303
|
2018-07-20T14:20:07
|
|
fuzzers: move readme to docs/fuzzing.md
|
|
59328ed8
|
2018-07-19T13:29:46
|
|
fuzzers: rename "fuzz" directory to match our style
Our layout uses names like "examples" or "tests" which is why the "fuzz"
directory doesn't really fit in here. Rename the directory to be called
"fuzzers" instead. Furthermore, we rename the fuzzer "fuzz_packfile_raw"
to "packfile_raw_fuzzer", which is also in line with the already
existing fuzzer at google/oss-fuzz.
While at it, rename the "packfile_raw" fuzzer to instead just be called
"packfile" fuzzer.
|
|
730c0edb
|
2018-07-19T14:21:35
|
|
fuzzers: import download_refs fuzzer from oss-fuzz
This is a direct copy of the code from google/oss-fuzz, written by
Nelson Elhage (@nelhage). Note that due to the ".cc" ending, the file
will not yet be picked up by the build system. This is intended, as
currently that file is partly written in C++, requiring a conversion to
C.
|
|
bf3382d5
|
2018-07-19T15:22:18
|
|
cmake: remove need to add "-fsanitize=fuzzer" flag for fuzzers
Right now, users are being instrucded to add the
"-DCMAKE_EXE_LINKER_FLAGS=-fsanitize=fuzzer" flag when they want to
build our fuzzers. This is error-prone and user unfriendly. Instead,
just add the flag to our fuzzers' build instructions so that it happens
automatically. Adjust the README accordingly.
|