libFuzzer: Fix missing trailer crash#4432
Conversation
|
PTAL |
pks-t
left a comment
pks-t
left a comment
There was a problem hiding this comment.
Thanks a lot for this PR, it looks obviously correct. I'd just like a small change to the provided test case here.
On another note: at some point in time, I started fuzzing various parts of libgit2, as well. I thought about building the infrastructure required to submit it to the Google fuzzing project, but I hadn't enough time/other priorities, so I lost focus. Do you have any recipes which you can share from your fuzzing setup?
|
|
||
| cl_git_pass(git_indexer_new(&idx, ".", 0, NULL, NULL, NULL)); | ||
| cl_git_pass(git_indexer_append( | ||
| idx, missing_trailer_pack, missing_trailer_pack_len, &stats)); |
There was a problem hiding this comment.
I'd prefer if you used another pack where we already verify that we're able to parse it correctly and just trim the pack_len by 1. Like that, we make sure that we're really failing because of the damaged trailer and not because the pack itself is broken.
There was a problem hiding this comment.
Good idea, done! Had to change it to -20, because for some reason -1 wasn't enough to trigger the leak.
|
Re: fuzzing recipes, I was already in the process of cleaning them up to upload them in another PR, expect them soon! |
|
This PR now conflicts with the other indexer test you've added in the now-merged PR #4431. Could you please rebase? It would be nice if you could squash in the fixup commit for the test while at it. |
This change fixes an invalid memory access when the trailer is missing / corrupt. Found using libFuzzer.
lhchavez
force-pushed
the
fix-missing-trailer
branch
from
74c6d5a to
c8aaba2
Compare
|
Rebased+squashed. |
|
Thanks a lot! |
2 participants
This change fixes an invalid memory access when the trailer is missing /
corrupt.
Found using libFuzzer.