fuzzers: add a new fuzzer for patch parsing

I was looking at this code anyway because the sr.ht people nerdsniped me, and it gave me that "I should fuzz this" feeling. So have a fuzzer!
2026-01-25 02:56:17 +00:00 · 2019-10-15 16:22:35 -04:00
parent ef5a3851fd
commit 92e011a715
3 changed files with 96 additions and 0 deletions
--- a/fuzzers/corpora/patch_parse/edit-file.diff
+++ b/fuzzers/corpora/patch_parse/edit-file.diff
@@ -0,0 +1,13 @@
+diff --git a/fuzzers/patch_fuzzer.c b/fuzzers/patch_fuzzer.c
+index 76186b6fb..f7ce73ac8 100644
+--- a/fuzzers/patch_fuzzer.c
+++ b/fuzzers/patch_fuzzer.c
+@@ -32,7 +32,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+         git_patch* patch;
+         git_patch_options opts = {(uint32_t)data[0]};
+         int status = git_patch_from_buffer(&patch, (const char*)data+1, size-1, &opts);
+-        if (status == 0 && patch) {
+        if (patch) {
+                 git_patch_free(patch);
+         }
+         return 0;
--- a/fuzzers/corpora/patch_parse/patch_fuzzer-patch.diff
+++ b/fuzzers/corpora/patch_parse/patch_fuzzer-patch.diff
@@ -0,0 +1,45 @@
+diff --git a/fuzzers/patch_fuzzer.c b/fuzzers/patch_fuzzer.c
+new file mode 100644
+index 000000000..76186b6fb
+--- /dev/null
+++ b/fuzzers/patch_fuzzer.c
+@@ -0,0 +1,39 @@
+/*
+ * libgit2 patch fuzzer target.
+ *
+ * Copyright (C) the libgit2 contributors. All rights reserved.
+ *
+ * This file is part of libgit2, distributed under the GNU GPL v2 with
+ * a Linking Exception. For full terms see the included COPYING file.
+ */
+
+#include "git2.h"
+#include "patch.h"
+#include "patch_parse.h"
+
+#define UNUSED(x) (void)(x)
+
+int LLVMFuzzerInitialize(int *argc, char ***argv)
+{
+        UNUSED(argc);
+        UNUSED(argv);
+
+        if (git_libgit2_init() < 0)
+                abort();
+
+        return 0;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+        if (size < 1) {
+                return 0;
+        }
+        git_patch* patch;
+        git_patch_options opts = {(uint32_t)data[0]};
+        int status = git_patch_from_buffer(&patch, (const char*)data+1, size-1, &opts);
+        if (status == 0 && patch) {
+                git_patch_free(patch);
+        }
+        return 0;
+}
--- a/fuzzers/patch_parse_fuzzer.c
+++ b/fuzzers/patch_parse_fuzzer.c
@@ -0,0 +1,38 @@
+/*
+ * libgit2 patch parser fuzzer target.
+ *
+ * Copyright (C) the libgit2 contributors. All rights reserved.
+ *
+ * This file is part of libgit2, distributed under the GNU GPL v2 with
+ * a Linking Exception. For full terms see the included COPYING file.
+ */
+
+#include "git2.h"
+#include "patch.h"
+#include "patch_parse.h"
+
+#define UNUSED(x) (void)(x)
+
+int LLVMFuzzerInitialize(int *argc, char ***argv)
+{
+	UNUSED(argc);
+	UNUSED(argv);
+
+	if (git_libgit2_init() < 0)
+		abort();
+
+	return 0;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	if (size) {
+		git_patch *patch = NULL;
+		git_patch_options opts = GIT_PATCH_OPTIONS_INIT;
+		opts.prefix_len = (uint32_t)data[0];
+		git_patch_from_buffer(&patch, (const char *)data + 1, size - 1,
+		                      &opts);
+		git_patch_free(patch);
+	}
+	return 0;
+}