diff options
| -rw-r--r-- | projects/libgit2/Dockerfile | 3 | ||||
| -rwxr-xr-x | projects/libgit2/build.sh | 14 | ||||
| -rw-r--r-- | projects/libgit2/corpora/download_refs/clone.dat | bin | 632 -> 0 bytes | |||
| -rw-r--r-- | projects/libgit2/download_refs_fuzzer.cc | 156 |
4 files changed, 11 insertions, 162 deletions
diff --git a/projects/libgit2/Dockerfile b/projects/libgit2/Dockerfile index 368a202a..eb75510a 100644 --- a/projects/libgit2/Dockerfile +++ b/projects/libgit2/Dockerfile @@ -20,5 +20,4 @@ RUN apt-get update && apt-get install -y make autoconf automake libtool cmake RUN git clone --depth 1 https://github.com/libgit2/libgit2 libgit2 WORKDIR libgit2 -COPY download_refs_fuzzer.cc build.sh $SRC/ -COPY corpora $SRC/corpora +COPY build.sh $SRC/ diff --git a/projects/libgit2/build.sh b/projects/libgit2/build.sh index 7c5c6e8f..b30bcee8 100755 --- a/projects/libgit2/build.sh +++ b/projects/libgit2/build.sh @@ -28,8 +28,14 @@ cmake .. -DCMAKE_INSTALL_PREFIX="$WORK" \ make -j$(nproc) make install -$CXX $CXXFLAGS -std=c++11 -I"$WORK/include" \ - /src/download_refs_fuzzer.cc -o $OUT/download_refs_fuzzer \ - -lFuzzingEngine "$WORK/lib/libgit2.a" +for fuzzer in ../fuzzers/*_fuzzer.c +do + fuzzer_name=$(basename "${fuzzer%.c}") -zip -j "$OUT/download_refs_fuzzer_seed_corpus.zip" $SRC/corpora/download_refs/* + $CC $CFLAGS -c -I"$WORK/include" "$fuzzer" -o "$WORK/$fuzzer_name.o" + $CXX $CXXFLAGS -std=c++11 -o "$OUT/$fuzzer_name" \ + -lFuzzingEngine "$WORK/$fuzzer_name.o" "$WORK/lib/libgit2.a" + + zip -j "$OUT/${fuzzer_name}_seed_corpus.zip" \ + ../fuzzers/corpora/${fuzzer_name%_fuzzer}/* +done diff --git a/projects/libgit2/corpora/download_refs/clone.dat b/projects/libgit2/corpora/download_refs/clone.dat Binary files differdeleted file mode 100644 index f3e56b06..00000000 --- a/projects/libgit2/corpora/download_refs/clone.dat +++ /dev/null diff --git a/projects/libgit2/download_refs_fuzzer.cc b/projects/libgit2/download_refs_fuzzer.cc deleted file mode 100644 index 939e67f9..00000000 --- a/projects/libgit2/download_refs_fuzzer.cc +++ /dev/null @@ -1,156 +0,0 @@ -#include <git2.h> -#include <git2/sys/transport.h> - -#include <cstring> -#include <cstdlib> -#include <sys/stat.h> - -#include <string> - -struct fuzz_buffer { - const uint8_t *data; - size_t size; -}; - -class fuzzer_stream { -public: - git_smart_subtransport_stream base; - fuzzer_stream(fuzz_buffer data) : readp(data.data), endp(data.data + data.size) { - base.read = fuzzer_stream::read; - base.write = fuzzer_stream::write; - base.free = fuzzer_stream::free; - } - - int do_read(char *buffer, size_t buf_size, size_t *bytes_read) { - size_t avail = endp - readp; - *bytes_read = std::min(buf_size, avail); - memcpy(buffer, readp, *bytes_read); - readp += *bytes_read; - return 0; - } - - static int read(git_smart_subtransport_stream *stream, - char *buffer, - size_t buf_size, - size_t *bytes_read) { - fuzzer_stream *fs = reinterpret_cast<fuzzer_stream*>(stream); - return fs->do_read(buffer, buf_size, bytes_read); - } - - static int write(git_smart_subtransport_stream *stream, - const char *buffer, - size_t len) { - return 0; - } - - static void free(git_smart_subtransport_stream *stream) { - fuzzer_stream *fs = reinterpret_cast<fuzzer_stream*>(stream); - delete fs; - } -private: - const uint8_t *readp; - const uint8_t *endp; -}; - -class fuzzer_subtransport { -public: - git_smart_subtransport base; - fuzzer_subtransport(git_transport *owner, fuzz_buffer data) : owner(owner), data(data) { - base.action = fuzzer_subtransport::action; - base.close = fuzzer_subtransport::close; - base.free = fuzzer_subtransport::free; - } - - int do_action(git_smart_subtransport_stream **out, - git_smart_subtransport *transport, - const char *url, - git_smart_service_t action) { - fuzzer_stream *stream = new fuzzer_stream(this->data); - *out = &stream->base; - return 0; - } - - static int action(git_smart_subtransport_stream **out, - git_smart_subtransport *transport, - const char *url, - git_smart_service_t action) { - fuzzer_subtransport *ft = reinterpret_cast<fuzzer_subtransport*>(transport); - return ft->do_action(out, transport, url, action); - } - - static int close(git_smart_subtransport *transport) { - return 0; - } - - static void free(git_smart_subtransport *transport) { - fuzzer_subtransport *ft = reinterpret_cast<fuzzer_subtransport*>(transport); - delete ft; - } - -private: - git_transport *owner; - fuzz_buffer data; -}; - -int fuzzer_subtransport_cb(git_smart_subtransport **out, - git_transport* owner, - void* param) { - fuzz_buffer *buf = static_cast<fuzz_buffer*>(param); - fuzzer_subtransport *sub = new fuzzer_subtransport(owner, *buf); - - *out = &sub->base; - return 0; -} - -int create_fuzzer_transport(git_transport **out, git_remote *owner, void *param) { - git_smart_subtransport_definition fuzzer_subtransport {fuzzer_subtransport_cb, 1, param}; - return git_transport_smart(out, owner, &fuzzer_subtransport); -} - -void fuzzer_git_abort(const char *op) { - const git_error *err = giterr_last(); - fprintf(stderr, "unexpected libgit error: %s: %s\n", - op, err ? err->message : "<none>"); - abort(); -} - - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - static git_repository *repo = nullptr; - if (repo == nullptr) { - git_libgit2_init(); - char tmp[] = "/tmp/git2.XXXXXX"; - if (mkdtemp(tmp) != tmp) { - abort(); - } - int err = git_repository_init(&repo, tmp, true); - if (err != 0) { - fuzzer_git_abort("git_repository_init"); - } - } - - int err; - git_remote *remote; - err = git_remote_create_anonymous(&remote, repo, "fuzzer://remote-url"); - if (err != 0) { - fuzzer_git_abort("git_remote_create"); - } - - - fuzz_buffer buffer = {data, size}; - git_remote_callbacks callbacks = GIT_REMOTE_CALLBACKS_INIT; - callbacks.transport = create_fuzzer_transport; - callbacks.payload = &buffer; - - err = git_remote_connect(remote, GIT_DIRECTION_FETCH, &callbacks, nullptr, nullptr); - if (err != 0) { - goto out; - } - - git_remote_download(remote, nullptr, nullptr); - - out: - git_remote_free(remote); - - return 0; -} |