Add a new fuzz test for the commit graph and fix a buffer read-overflow
that it discovered. Additionally, fix the Makefile instructions for
building fuzzers.
Changes since V5:
* Conform to commit message standards for the 1st patch in the series.
* Clarify commit message for the 3rd patch in the series.
Changes since V4:
* Ensure that corrupt_graph_and_verify() in t5318 changes to the
proper directory before accessing any files.
Changes since V3:
* Improve portability of the new test functionality.
* Fix broken &&-chains in tests.
Changes since V2:
* Avoid pointer arithmetic overflow when checking the graph's chunk
count.
* Merge the corrupt_graph_and_verify and
corrupt_and_zero_graph_then_verify test functions.
Josh Steadmon (3):
commit-graph, fuzz: Add fuzzer for commit-graph
commit-graph: fix buffer read-overflow
Makefile: correct example fuzz build
.gitignore | 1 +
Makefile | 3 +-
commit-graph.c | 67 +++++++++++++++++++++++++++++------------
commit-graph.h | 3 ++
fuzz-commit-graph.c | 16 ++++++++++
t/t5318-commit-graph.sh | 16 ++++++++--
6 files changed, 83 insertions(+), 23 deletions(-)
create mode 100644 fuzz-commit-graph.c
Range-diff against v5:
1: 0b57ecbe1b ! 1: c4ec3fc3fc commit-graph, fuzz: Add fuzzer for commit-graph
@@ -2,11 +2,11 @@
commit-graph, fuzz: Add fuzzer for commit-graph
- Breaks load_commit_graph_one() into a new function,
- parse_commit_graph(). The latter function operates on arbitrary
buffers,
- which makes it suitable as a fuzzing target. Since parse_commit_graph()
- is only called by load_commit_graph_one() (and the fuzzer described
- below), we omit error messages that would be duplicated by the caller.
+ Break load_commit_graph_one() into a new function,
parse_commit_graph().
+ The latter function operates on arbitrary buffers, which makes it
+ suitable as a fuzzing target. Since parse_commit_graph() is only called
+ by load_commit_graph_one() (and the fuzzer described below), we omit
+ error messages that would be duplicated by the caller.
Adds fuzz-commit-graph.c, which provides a fuzzing entry point
compatible with libFuzzer (and possibly other fuzzing engines).
2: a3b5d33c4b = 2: d7b137650f commit-graph: fix buffer read-overflow
3: 350ea5f7c9 ! 3: c06e0667fa Makefile: correct example fuzz build
@@ -2,6 +2,15 @@
Makefile: correct example fuzz build
+ The comment explaining how to build the fuzzers was broken in
+ 927c77e7d4d ("Makefile: use FUZZ_CXXFLAGS for linking fuzzers",
+ 2018-11-14).
+
+ When building fuzzers, all .c files must be compiled with coverage
+ tracing enabled. This is not possible when using only FUZZ_CXXFLAGS, as
+ that flag is only applied to the fuzzers themselves. Switching back to
+ CFLAGS fixes the issue.
+
diff --git a/Makefile b/Makefile
--
2.20.1.97.g81188d93c3-goog
