kernel
/
git
mirror of https://git.kernel.org/pub/scm/git/git.git
1
0
Fork 0
Code Releases Activity
Browse Source

fuzz: add fuzz testing for packfile indices. 

Breaks the majority of check_packed_git_idx() into a separate function,
load_idx(). The latter function operates on arbitrary buffers, which
makes it suitable as a fuzzing test target.

Signed-off-by: Josh Steadmon <steadmon@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
maint
Josh Steadmon 6 years ago committed by Junio C Hamano
parent
5e47215080
commit
1127a98cce
5 changed files with 53 additions and 19 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      .gitignore
  2. 1
      Makefile
  3. 13
      fuzz-pack-idx.c
  4. 44
      packfile.c
  5. 13
      packfile.h

1
.gitignore vendored
Unescape View File

@ -1,5 +1,6 @@
/fuzz_corpora /fuzz_corpora
/fuzz-pack-headers /fuzz-pack-headers
/fuzz-pack-idx
/GIT-BUILD-OPTIONS /GIT-BUILD-OPTIONS
/GIT-CFLAGS /GIT-CFLAGS
/GIT-LDFLAGS /GIT-LDFLAGS

1
Makefile
Unescape View File

@ -685,6 +685,7 @@ SCRIPTS = $(SCRIPT_SH_INS) \
ETAGS_TARGET = TAGS ETAGS_TARGET = TAGS


FUZZ_OBJS += fuzz-pack-headers.o FUZZ_OBJS += fuzz-pack-headers.o
FUZZ_OBJS += fuzz-pack-idx.o


# Always build fuzz objects even if not testing, to prevent bit-rot. # Always build fuzz objects even if not testing, to prevent bit-rot.
all:: $(FUZZ_OBJS) all:: $(FUZZ_OBJS)

13
fuzz-pack-idx.c
Unescape View File

@ -0,0 +1,13 @@
#include "object-store.h"
#include "packfile.h"

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
struct packed_git p;

load_idx("fuzz-input", GIT_SHA1_RAWSZ, (void *)data, size, &p);

return 0;
}

44
packfile.c
Unescape View File

@ -80,10 +80,8 @@ void pack_report(void)
static int check_packed_git_idx(const char *path, struct packed_git *p) static int check_packed_git_idx(const char *path, struct packed_git *p)
{ {
void *idx_map; void *idx_map;
struct pack_idx_header *hdr;
size_t idx_size; size_t idx_size;
uint32_t version, nr, i, *index; int fd = git_open(path), ret;
int fd = git_open(path);
struct stat st; struct stat st;
const unsigned int hashsz = the_hash_algo->rawsz; const unsigned int hashsz = the_hash_algo->rawsz;


@ -101,16 +99,32 @@ static int check_packed_git_idx(const char *path, struct packed_git *p)
idx_map = xmmap(NULL, idx_size, PROT_READ, MAP_PRIVATE, fd, 0); idx_map = xmmap(NULL, idx_size, PROT_READ, MAP_PRIVATE, fd, 0);
close(fd); close(fd);


hdr = idx_map; ret = load_idx(path, hashsz, idx_map, idx_size, p);

if (ret)
munmap(idx_map, idx_size);

return ret;
}

int load_idx(const char *path, const unsigned int hashsz, void *idx_map,
size_t idx_size, struct packed_git *p)
{
struct pack_idx_header *hdr = idx_map;
uint32_t version, nr, i, *index;

if (idx_size < 4 * 256 + hashsz + hashsz)
return error("index file %s is too small", path);
if (idx_map == NULL)
return error("empty data");

if (hdr->idx_signature == htonl(PACK_IDX_SIGNATURE)) { if (hdr->idx_signature == htonl(PACK_IDX_SIGNATURE)) {
version = ntohl(hdr->idx_version); version = ntohl(hdr->idx_version);
if (version < 2 || version > 2) { if (version < 2 || version > 2)
munmap(idx_map, idx_size);
return error("index file %s is version %"PRIu32 return error("index file %s is version %"PRIu32
" and is not supported by this binary" " and is not supported by this binary"
" (try upgrading GIT to a newer version)", " (try upgrading GIT to a newer version)",
path, version); path, version);
}
} else } else
version = 1; version = 1;


@ -120,10 +134,8 @@ static int check_packed_git_idx(const char *path, struct packed_git *p)
index += 2; /* skip index header */ index += 2; /* skip index header */
for (i = 0; i < 256; i++) { for (i = 0; i < 256; i++) {
uint32_t n = ntohl(index[i]); uint32_t n = ntohl(index[i]);
if (n < nr) { if (n < nr)
munmap(idx_map, idx_size);
return error("non-monotonic index %s", path); return error("non-monotonic index %s", path);
}
nr = n; nr = n;
} }


@ -135,10 +147,8 @@ static int check_packed_git_idx(const char *path, struct packed_git *p)
* - hash of the packfile * - hash of the packfile
* - file checksum * - file checksum
*/ */
if (idx_size != 4*256 + nr * (hashsz + 4) + hashsz + hashsz) { if (idx_size != 4 * 256 + nr * (hashsz + 4) + hashsz + hashsz)
munmap(idx_map, idx_size);
return error("wrong index v1 file size in %s", path); return error("wrong index v1 file size in %s", path);
}
} else if (version == 2) { } else if (version == 2) {
/* /*
* Minimum size: * Minimum size:
@ -157,20 +167,16 @@ static int check_packed_git_idx(const char *path, struct packed_git *p)
unsigned long max_size = min_size; unsigned long max_size = min_size;
if (nr) if (nr)
max_size += (nr - 1)*8; max_size += (nr - 1)*8;
if (idx_size < min_size || idx_size > max_size) { if (idx_size < min_size || idx_size > max_size)
munmap(idx_map, idx_size);
return error("wrong index v2 file size in %s", path); return error("wrong index v2 file size in %s", path);
}
if (idx_size != min_size && if (idx_size != min_size &&
/* /*
* make sure we can deal with large pack offsets. * make sure we can deal with large pack offsets.
* 31-bit signed offset won't be enough, neither * 31-bit signed offset won't be enough, neither
* 32-bit unsigned one will be. * 32-bit unsigned one will be.
*/ */
(sizeof(off_t) <= 4)) { (sizeof(off_t) <= 4))
munmap(idx_map, idx_size);
return error("pack too large for current definition of off_t in %s", path); return error("pack too large for current definition of off_t in %s", path);
}
} }


p->index_version = version; p->index_version = version;

13
packfile.h
Unescape View File

@ -164,4 +164,17 @@ extern int has_pack_index(const unsigned char *sha1);
*/ */
extern int is_promisor_object(const struct object_id *oid); extern int is_promisor_object(const struct object_id *oid);


/*
* Expose a function for fuzz testing.
*
* load_idx() parses a block of memory as a packfile index and puts the results
* into a struct packed_git.
*
* This function should not be used directly. It is exposed here only so that we
* have a convenient entry-point for fuzz testing. For real uses, you should
* probably use open_pack_index() or parse_pack_index() instead.
*/
extern int load_idx(const char *path, const unsigned int hashsz, void *idx_map,
size_t idx_size, struct packed_git *p);

#endif #endif

Write Preview
Loading…
Cancel
Save