Add a new fuzz test for the commit graph and fix a buffer read-overflow
that it discovered. Additionally, fix the Makefile instructions for
building fuzzers.
Changes since V3:
* Improve portability of the new test functionality.
* Fix broken &&-chains in tests.
Changes since V2:
* Avoid pointer arithmetic overflow when checking the graph's chunk
count.
* Merge the corrupt_graph_and_verify and
corrupt_and_zero_graph_then_verify test functions.
Josh Steadmon (3):
commit-graph, fuzz: Add fuzzer for commit-graph
commit-graph: fix buffer read-overflow
Makefile: correct example fuzz build
.gitignore | 1 +
Makefile | 3 +-
commit-graph.c | 67 +++++++++++++++++++++++++++++------------
commit-graph.h | 3 ++
fuzz-commit-graph.c | 16 ++++++++++
t/t5318-commit-graph.sh | 16 ++++++++--
6 files changed, 83 insertions(+), 23 deletions(-)
create mode 100644 fuzz-commit-graph.c
Range-diff against v3:
1: 675d58ecea ! 1: 80b5662f30 commit-graph: fix buffer read-overflow
@@ -55,29 +55,26 @@
pos=$1
data="${2:-\0}"
grepstr=$3
-+ orig_size=$(stat --format=%s $objdir/info/commit-graph)
-+ zero_pos=${4:-${orig_size}}
++ orig_size=$(wc -c < $objdir/info/commit-graph) &&
++ zero_pos=${4:-${orig_size}} &&
cd "$TRASH_DIRECTORY/full" &&
test_when_finished mv commit-graph-backup $objdir/info/commit-graph &&
cp $objdir/info/commit-graph commit-graph-backup &&
printf "$data" | dd of="$objdir/info/commit-graph" bs=1 seek="$pos" conv=notrunc &&
-+ truncate --size=$zero_pos $objdir/info/commit-graph &&
-+ truncate --size=$orig_size $objdir/info/commit-graph &&
++ dd of="$objdir/info/commit-graph" bs=1 seek="$zero_pos" count=0 &&
++ dd if=/dev/zero of="$objdir/info/commit-graph" bs=1 seek="$zero_pos" count=$(($orig_size - $zero_pos)) &&
test_must_fail git commit-graph verify 2>test_err &&
- grep -v "^+" test_err >err
+- grep -v "^+" test_err >err
++ grep -v "^+" test_err >err &&
test_i18ngrep "$grepstr" err
}
-+
- test_expect_success 'detect bad signature' '
- corrupt_graph_and_verify 0 "\0" \
- "graph signature"
@@
"incorrect checksum"
'
+test_expect_success 'detect incorrect chunk count' '
-+ corrupt_graph_and_verify $GRAPH_BYTE_CHUNK_COUNT "\xff" \
++ corrupt_graph_and_verify $GRAPH_BYTE_CHUNK_COUNT "\377" \
+ "chunk lookup table entry missing" $GRAPH_CHUNK_LOOKUP_OFFSET
+'
+
2: 06a32bfe8b = 2: 21101b961a Makefile: correct example fuzz build
--
2.20.0.rc2.10.g21101b961a
