diff options
Diffstat (limited to 'oss-fuzz')
| -rw-r--r-- | oss-fuzz/.gitignore | 1 | ||||
| -rw-r--r-- | oss-fuzz/dummy-cmd-main.c | 14 | ||||
| -rw-r--r-- | oss-fuzz/fuzz-commit-graph.c | 6 | ||||
| -rw-r--r-- | oss-fuzz/fuzz-config.c | 33 | ||||
| -rw-r--r-- | oss-fuzz/fuzz-date.c | 6 |
5 files changed, 56 insertions, 4 deletions
diff --git a/oss-fuzz/.gitignore b/oss-fuzz/.gitignore index 5b95408825..a877c11f42 100644 --- a/oss-fuzz/.gitignore +++ b/oss-fuzz/.gitignore @@ -1,4 +1,5 @@ fuzz-commit-graph +fuzz-config fuzz-date fuzz-pack-headers fuzz-pack-idx diff --git a/oss-fuzz/dummy-cmd-main.c b/oss-fuzz/dummy-cmd-main.c new file mode 100644 index 0000000000..071cb231ba --- /dev/null +++ b/oss-fuzz/dummy-cmd-main.c @@ -0,0 +1,14 @@ +#include "git-compat-util.h" + +/* + * When linking the fuzzers, we link against common-main.o to pick up some + * symbols. However, even though we ignore common-main:main(), we still need to + * provide all the symbols it references. In the fuzzers' case, we need to + * provide a dummy cmd_main() for the linker to be happy. It will never be + * executed. + */ + +int cmd_main(int argc, const char **argv) { + BUG("We should not execute cmd_main() from a fuzz target"); + return 1; +} diff --git a/oss-fuzz/fuzz-commit-graph.c b/oss-fuzz/fuzz-commit-graph.c index 325c0b991a..fbb77fec19 100644 --- a/oss-fuzz/fuzz-commit-graph.c +++ b/oss-fuzz/fuzz-commit-graph.c @@ -1,3 +1,5 @@ +#define USE_THE_REPOSITORY_VARIABLE + #include "git-compat-util.h" #include "commit-graph.h" #include "repository.h" @@ -11,13 +13,15 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { struct commit_graph *g; - initialize_the_repository(); + initialize_repository(the_repository); + /* * Initialize the_repository with commit-graph settings that would * normally be read from the repository's gitdir. We want to avoid * touching the disk to keep the individual fuzz-test cases as fast as * possible. */ + repo_set_hash_algo(the_repository, GIT_HASH_SHA1); the_repository->settings.commit_graph_generation_version = 2; the_repository->settings.commit_graph_changed_paths_version = 1; g = parse_commit_graph(&the_repository->settings, (void *)data, size); diff --git a/oss-fuzz/fuzz-config.c b/oss-fuzz/fuzz-config.c new file mode 100644 index 0000000000..94027f5b97 --- /dev/null +++ b/oss-fuzz/fuzz-config.c @@ -0,0 +1,33 @@ +#include "git-compat-util.h" +#include "config.h" + +int LLVMFuzzerTestOneInput(const uint8_t *, size_t); +static int config_parser_callback(const char *, const char *, + const struct config_context *, void *); + +static int config_parser_callback(const char *key, const char *value, + const struct config_context *ctx UNUSED, + void *data UNUSED) +{ + /* + * Visit every byte of memory we are given to make sure the parser + * gave it to us appropriately. We need to unconditionally return 0, + * but we also want to prevent the strlen from being optimized away. + */ + size_t c = strlen(key); + + if (value) + c += strlen(value); + return c == SIZE_MAX; +} + +int LLVMFuzzerTestOneInput(const uint8_t *data, const size_t size) +{ + struct config_options config_opts = { 0 }; + + config_opts.error_action = CONFIG_ERROR_SILENT; + git_config_from_mem(config_parser_callback, CONFIG_ORIGIN_BLOB, + "fuzztest-config", (const char *)data, size, NULL, + CONFIG_SCOPE_UNKNOWN, &config_opts); + return 0; +} diff --git a/oss-fuzz/fuzz-date.c b/oss-fuzz/fuzz-date.c index 036378b946..9619dae40e 100644 --- a/oss-fuzz/fuzz-date.c +++ b/oss-fuzz/fuzz-date.c @@ -11,7 +11,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) int16_t tz; timestamp_t ts; enum date_mode_type dmtype; - struct date_mode *dm; + struct date_mode dm; if (size <= 4) /* @@ -40,10 +40,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) free(str); dm = date_mode_from_type(dmtype); - dm->local = local; + dm.local = local; show_date(ts, (int)tz, dm); - date_mode_release(dm); + date_mode_release(&dm); return 0; } |