Our file utils functions all have a "futils" prefix, e.g.
`git_futils_touch`. One would thus naturally guess that their
definitions and implementation would live in files "futils.h" and
"futils.c", respectively, but in fact they live in "fileops.h".
Rename the files to match expectations.
There's multiple headers included in our fuzzers that aren't required at
all. Furthermore, some of them are not available on Win32, causing
builds to fail. Remove them to fix this.
The `snprintf` function does not exist on Win32, it only has
`_snprintf_s` available. Let's just avoid any cross-platform hassle and
use our own `git_buf` functionality instead.
Use `p_unlink` instead of `unlink` to remove the generated packfiles in
our packfile fuzzer. Like this, we do not have to worry about using
proper includes that are known on all platforms, especially Win32.
The `printf` formatters in our standalone fuzzing driver are currently
using the "%m" specifier, which is a GNU extension that prints the error
message for the error code in `errno`. As we're using libgit2 functions
in both cases anyway, let's just use `git_error_last` instead to make
this valid on all platforms.
The `mkdtemp` function is not available on Windows, so our download_refs
fuzzer will fail to compile on Windows. Provide an alternative
implementation to fix it.
Use the system includes (defined by libgit2) as the fuzzer includes.
The fuzzers link against internal libgit2 API and therefore need to have
the full include path that libgit2 uses.
Add a simple fuzzer that exercises our object parser code. The fuzzer
is quite trivial in that it simply passes the input data directly to
`git_object__from_raw` for each of the four object types.
The standalone driver for libgit2's fuzzing targets makes use of
functions from libgit2 itself. While this is totally fine to do, we need
to make sure to always have libgit2 initialized via `git_libgit2_init`
before we call out to any of these. While this happens in most cases as
we call `LLVMFuzzerInitialize`, which is provided by our fuzzers and
which right now always calls `git_libgit2_init`, one exception to this
rule is our error path when not enough arguments have been given. In
this case, we will call `git_vector_free_deep` without libgit2 having
been initialized. As we did not set up our allocation functions in that
case, this will lead to a segmentation fault.
Fix the issue by always initializing and shutting down libgit2 in the
standalone driver. Note that we cannot let this replace the
initialization in `LLVMFuzzerInitialize`, as it is required when using
the "real" fuzzers by LLVM without our standalone driver. It's no
problem to call the initialization and deinitialization functions
multiple times, though.
By default, libgit2 allows up to 2^32 objects when downloading a
packfile from a remote. For each of these objects, libgit2 will allocate
up to two small structs, which in total adds up to quite a lot of
memory. As a result, our fuzzers might run out of memory rather quick in
case where they receive as input a packfile with such a huge count of
objects.
Limit the packfile object count to 10M objects. This is sufficiently big
to still work with most largish repos (linux.git has around 6M objects
as of now), but small enough to not cause the fuzzer to OOM.
This is a direct copy of the code from google/oss-fuzz, written by
Nelson Elhage (@nelhage). Note that due to the ".cc" ending, the file
will not yet be picked up by the build system. This is intended, as
currently that file is partly written in C++, requiring a conversion to
C.
The packfile_raw fuzzer is using some internal APIs from libgit2, which
makes it hard to compile it as part of the oss-fuzz project. As oss-fuzz
requires us to link against the C++ FuzzingEngine library, we cannot use
"-DBUILD_FUZZERS=ON" directly but instead have to first compile an
object from our fuzzers and then link against the C++ library. Compiling
the fuzzer objects thus requires an external invocation of CC, and we
certainly don't want to do further black magic by adding libgit2's
private source directory to the header include path.
To fix the issue, convert the code to not use any internal APIs. Besides
some headers which we have to add now, this also requires us to change
to the hashing function of the ODB. Note that this will change the
hashing result, as we have previously not prepended the object header to
the data that is to be hashed. But this shouldn't matter in practice, as
we don't care for the hash value anyway.
Right now, users are being instrucded to add the
"-DCMAKE_EXE_LINKER_FLAGS=-fsanitize=fuzzer" flag when they want to
build our fuzzers. This is error-prone and user unfriendly. Instead,
just add the flag to our fuzzers' build instructions so that it happens
automatically. Adjust the README accordingly.
Our layout uses names like "examples" or "tests" which is why the "fuzz"
directory doesn't really fit in here. Rename the directory to be called
"fuzzers" instead. Furthermore, we rename the fuzzer "fuzz_packfile_raw"
to "packfile_raw_fuzzer", which is also in line with the already
existing fuzzer at google/oss-fuzz.
While at it, rename the "packfile_raw" fuzzer to instead just be called
"packfile" fuzzer.
