diff --git a/projects/libgit2/Dockerfile b/projects/libgit2/Dockerfile index 368a202a4..eb75510a9 100644 --- a/projects/libgit2/Dockerfile +++ b/projects/libgit2/Dockerfile @@ -20,5 +20,4 @@ RUN apt-get update && apt-get install -y make autoconf automake libtool cmake RUN git clone --depth 1 https://github.com/libgit2/libgit2 libgit2 WORKDIR libgit2 -COPY download_refs_fuzzer.cc build.sh $SRC/ -COPY corpora $SRC/corpora +COPY build.sh $SRC/ diff --git a/projects/libgit2/build.sh b/projects/libgit2/build.sh index 7c5c6e8fd..b30bcee88 100755 --- a/projects/libgit2/build.sh +++ b/projects/libgit2/build.sh @@ -28,8 +28,14 @@ cmake .. -DCMAKE_INSTALL_PREFIX="$WORK" \ make -j$(nproc) make install -$CXX $CXXFLAGS -std=c++11 -I"$WORK/include" \ - /src/download_refs_fuzzer.cc -o $OUT/download_refs_fuzzer \ - -lFuzzingEngine "$WORK/lib/libgit2.a" +for fuzzer in ../fuzzers/*_fuzzer.c +do + fuzzer_name=$(basename "${fuzzer%.c}") -zip -j "$OUT/download_refs_fuzzer_seed_corpus.zip" $SRC/corpora/download_refs/* + $CC $CFLAGS -c -I"$WORK/include" "$fuzzer" -o "$WORK/$fuzzer_name.o" + $CXX $CXXFLAGS -std=c++11 -o "$OUT/$fuzzer_name" \ + -lFuzzingEngine "$WORK/$fuzzer_name.o" "$WORK/lib/libgit2.a" + + zip -j "$OUT/${fuzzer_name}_seed_corpus.zip" \ + ../fuzzers/corpora/${fuzzer_name%_fuzzer}/* +done diff --git a/projects/libgit2/corpora/download_refs/clone.dat b/projects/libgit2/corpora/download_refs/clone.dat deleted file mode 100644 index f3e56b06b..000000000 Binary files a/projects/libgit2/corpora/download_refs/clone.dat and /dev/null differ diff --git a/projects/libgit2/download_refs_fuzzer.cc b/projects/libgit2/download_refs_fuzzer.cc deleted file mode 100644 index 939e67f9a..000000000 --- a/projects/libgit2/download_refs_fuzzer.cc +++ /dev/null @@ -1,156 +0,0 @@ -#include -#include - -#include -#include -#include - -#include - -struct fuzz_buffer { - const uint8_t *data; - size_t size; -}; - -class fuzzer_stream { -public: - git_smart_subtransport_stream base; - fuzzer_stream(fuzz_buffer data) : readp(data.data), endp(data.data + data.size) { - base.read = fuzzer_stream::read; - base.write = fuzzer_stream::write; - base.free = fuzzer_stream::free; - } - - int do_read(char *buffer, size_t buf_size, size_t *bytes_read) { - size_t avail = endp - readp; - *bytes_read = std::min(buf_size, avail); - memcpy(buffer, readp, *bytes_read); - readp += *bytes_read; - return 0; - } - - static int read(git_smart_subtransport_stream *stream, - char *buffer, - size_t buf_size, - size_t *bytes_read) { - fuzzer_stream *fs = reinterpret_cast(stream); - return fs->do_read(buffer, buf_size, bytes_read); - } - - static int write(git_smart_subtransport_stream *stream, - const char *buffer, - size_t len) { - return 0; - } - - static void free(git_smart_subtransport_stream *stream) { - fuzzer_stream *fs = reinterpret_cast(stream); - delete fs; - } -private: - const uint8_t *readp; - const uint8_t *endp; -}; - -class fuzzer_subtransport { -public: - git_smart_subtransport base; - fuzzer_subtransport(git_transport *owner, fuzz_buffer data) : owner(owner), data(data) { - base.action = fuzzer_subtransport::action; - base.close = fuzzer_subtransport::close; - base.free = fuzzer_subtransport::free; - } - - int do_action(git_smart_subtransport_stream **out, - git_smart_subtransport *transport, - const char *url, - git_smart_service_t action) { - fuzzer_stream *stream = new fuzzer_stream(this->data); - *out = &stream->base; - return 0; - } - - static int action(git_smart_subtransport_stream **out, - git_smart_subtransport *transport, - const char *url, - git_smart_service_t action) { - fuzzer_subtransport *ft = reinterpret_cast(transport); - return ft->do_action(out, transport, url, action); - } - - static int close(git_smart_subtransport *transport) { - return 0; - } - - static void free(git_smart_subtransport *transport) { - fuzzer_subtransport *ft = reinterpret_cast(transport); - delete ft; - } - -private: - git_transport *owner; - fuzz_buffer data; -}; - -int fuzzer_subtransport_cb(git_smart_subtransport **out, - git_transport* owner, - void* param) { - fuzz_buffer *buf = static_cast(param); - fuzzer_subtransport *sub = new fuzzer_subtransport(owner, *buf); - - *out = &sub->base; - return 0; -} - -int create_fuzzer_transport(git_transport **out, git_remote *owner, void *param) { - git_smart_subtransport_definition fuzzer_subtransport {fuzzer_subtransport_cb, 1, param}; - return git_transport_smart(out, owner, &fuzzer_subtransport); -} - -void fuzzer_git_abort(const char *op) { - const git_error *err = giterr_last(); - fprintf(stderr, "unexpected libgit error: %s: %s\n", - op, err ? err->message : ""); - abort(); -} - - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - static git_repository *repo = nullptr; - if (repo == nullptr) { - git_libgit2_init(); - char tmp[] = "/tmp/git2.XXXXXX"; - if (mkdtemp(tmp) != tmp) { - abort(); - } - int err = git_repository_init(&repo, tmp, true); - if (err != 0) { - fuzzer_git_abort("git_repository_init"); - } - } - - int err; - git_remote *remote; - err = git_remote_create_anonymous(&remote, repo, "fuzzer://remote-url"); - if (err != 0) { - fuzzer_git_abort("git_remote_create"); - } - - - fuzz_buffer buffer = {data, size}; - git_remote_callbacks callbacks = GIT_REMOTE_CALLBACKS_INIT; - callbacks.transport = create_fuzzer_transport; - callbacks.payload = &buffer; - - err = git_remote_connect(remote, GIT_DIRECTION_FETCH, &callbacks, nullptr, nullptr); - if (err != 0) { - goto out; - } - - git_remote_download(remote, nullptr, nullptr); - - out: - git_remote_free(remote); - - return 0; -}