[PATCH v6 0/3] Add commit-graph fuzzer and fix buffer overflow

From: Josh Steadmon <steadmon@google.com>
To: git@vger.kernel.org
Cc: gitster@pobox.com, stolee@gmail.com, avarab@gmail.com,
	peff@peff.net, szeder.dev@gmail.com
Subject: [PATCH v6 0/3] Add commit-graph fuzzer and fix buffer overflow
Date: Tue, 15 Jan 2019 14:25:49 -0800	[thread overview]
Message-ID: <cover.1547590928.git.steadmon@google.com> (raw)
In-Reply-To: <cover.1544048946.git.steadmon@google.com>

Add a new fuzz test for the commit graph and fix a buffer read-overflow
that it discovered. Additionally, fix the Makefile instructions for
building fuzzers.

Changes since V5:
  * Conform to commit message standards for the 1st patch in the series.
  * Clarify commit message for the 3rd patch in the series.

Changes since V4:
  * Ensure that corrupt_graph_and_verify() in t5318 changes to the
    proper directory before accessing any files.

Changes since V3:
  * Improve portability of the new test functionality.
  * Fix broken &&-chains in tests.

Changes since V2:
  * Avoid pointer arithmetic overflow when checking the graph's chunk
    count.
  * Merge the corrupt_graph_and_verify and
    corrupt_and_zero_graph_then_verify test functions.

Josh Steadmon (3):
  commit-graph, fuzz: Add fuzzer for commit-graph
  commit-graph: fix buffer read-overflow
  Makefile: correct example fuzz build

 .gitignore              |  1 +
 Makefile                |  3 +-
 commit-graph.c          | 67 +++++++++++++++++++++++++++++------------
 commit-graph.h          |  3 ++
 fuzz-commit-graph.c     | 16 ++++++++++
 t/t5318-commit-graph.sh | 16 ++++++++--
 6 files changed, 83 insertions(+), 23 deletions(-)
 create mode 100644 fuzz-commit-graph.c

Range-diff against v5:
1:  0b57ecbe1b ! 1:  c4ec3fc3fc commit-graph, fuzz: Add fuzzer for commit-graph
    @@ -2,11 +2,11 @@

         commit-graph, fuzz: Add fuzzer for commit-graph

    -    Breaks load_commit_graph_one() into a new function,
    -    parse_commit_graph(). The latter function operates on arbitrary buffers,
    -    which makes it suitable as a fuzzing target. Since parse_commit_graph()
    -    is only called by load_commit_graph_one() (and the fuzzer described
    -    below), we omit error messages that would be duplicated by the caller.
    +    Break load_commit_graph_one() into a new function, parse_commit_graph().
    +    The latter function operates on arbitrary buffers, which makes it
    +    suitable as a fuzzing target. Since parse_commit_graph() is only called
    +    by load_commit_graph_one() (and the fuzzer described below), we omit
    +    error messages that would be duplicated by the caller.

         Adds fuzz-commit-graph.c, which provides a fuzzing entry point
         compatible with libFuzzer (and possibly other fuzzing engines).
2:  a3b5d33c4b = 2:  d7b137650f commit-graph: fix buffer read-overflow
3:  350ea5f7c9 ! 3:  c06e0667fa Makefile: correct example fuzz build
    @@ -2,6 +2,15 @@

         Makefile: correct example fuzz build

    +    The comment explaining how to build the fuzzers was broken in
    +    927c77e7d4d ("Makefile: use FUZZ_CXXFLAGS for linking fuzzers",
    +    2018-11-14).
    +
    +    When building fuzzers, all .c files must be compiled with coverage
    +    tracing enabled. This is not possible when using only FUZZ_CXXFLAGS, as
    +    that flag is only applied to the fuzzers themselves. Switching back to
    +    CFLAGS fixes the issue.
    +

      diff --git a/Makefile b/Makefile
-- 
2.20.1.97.g81188d93c3-goog