vendor/libgit2-sys/libgit2/fuzzers/download_refs_fuzzer.c - toolchain/rustc - Git at Google

 /*
  * libgit2 raw packfile fuzz target.
  *
  * Copyright (C) the libgit2 contributors. All rights reserved.
  *
  * This file is part of libgit2, distributed under the GNU GPL v2 with
  * a Linking Exception. For full terms see the included COPYING file.
  */

 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>

 #include "git2.h"
 #include "git2/sys/transport.h"
 #include "futils.h"

 #define UNUSED(x) (void)(x)

 struct fuzzer_buffer {
 	const unsigned char *data;
 	size_t size;
 };

 struct fuzzer_stream {
 	git_smart_subtransport_stream base;
 	const unsigned char *readp;
 	const unsigned char *endp;
 };

 struct fuzzer_subtransport {
 	git_smart_subtransport base;
 	git_transport *owner;
 	struct fuzzer_buffer data;
 };

 static git_repository *repo;

 static int fuzzer_stream_read(git_smart_subtransport_stream *stream,
 	char *buffer,
 	size_t buf_size,
 	size_t *bytes_read)
 {
 	struct fuzzer_stream *fs = (struct fuzzer_stream *) stream;
 	size_t avail = fs->endp - fs->readp;

 	*bytes_read = (buf_size > avail) ? avail : buf_size;
 	memcpy(buffer, fs->readp, *bytes_read);
 	fs->readp += *bytes_read;

 	return 0;
 }

 static int fuzzer_stream_write(git_smart_subtransport_stream *stream,
 	  const char *buffer, size_t len)
 {
 	UNUSED(stream);
 	UNUSED(buffer);
 	UNUSED(len);
 	return 0;
 }

 static void fuzzer_stream_free(git_smart_subtransport_stream *stream)
 {
 	free(stream);
 }

 static int fuzzer_stream_new(
 	struct fuzzer_stream **out,
 	const struct fuzzer_buffer *data)
 {
 	struct fuzzer_stream *stream = malloc(sizeof(*stream));
 	if (!stream)
 		return -1;

 	stream->readp = data->data;
 	stream->endp = data->data + data->size;
 	stream->base.read = fuzzer_stream_read;
 	stream->base.write = fuzzer_stream_write;
 	stream->base.free = fuzzer_stream_free;

 	*out = stream;

 	return 0;
 }

 static int fuzzer_subtransport_action(
 	git_smart_subtransport_stream **out,
 	git_smart_subtransport *transport,
 	const char *url,
 	git_smart_service_t action)
 {
 	struct fuzzer_subtransport *ft = (struct fuzzer_subtransport *) transport;

 	UNUSED(url);
 	UNUSED(action);

 	return fuzzer_stream_new((struct fuzzer_stream **) out, &ft->data);
 }

 static int fuzzer_subtransport_close(git_smart_subtransport *transport)
 {
 	UNUSED(transport);
 	return 0;
 }

 static void fuzzer_subtransport_free(git_smart_subtransport *transport)
 {
 	free(transport);
 }

 static int fuzzer_subtransport_new(
 	struct fuzzer_subtransport **out,
 	git_transport *owner,
 	const struct fuzzer_buffer *data)
 {
 	struct fuzzer_subtransport *sub = malloc(sizeof(*sub));
 	if (!sub)
 		return -1;

 	sub->owner = owner;
 	sub->data.data = data->data;
 	sub->data.size = data->size;
 	sub->base.action = fuzzer_subtransport_action;
 	sub->base.close = fuzzer_subtransport_close;
 	sub->base.free = fuzzer_subtransport_free;

 	*out = sub;

 	return 0;
 }

 int fuzzer_subtransport_cb(
 	git_smart_subtransport **out,
 	git_transport *owner,
 	void *payload)
 {
 	struct fuzzer_buffer *buf = (struct fuzzer_buffer *) payload;
 	struct fuzzer_subtransport *sub;

 	if (fuzzer_subtransport_new(&sub, owner, buf) < 0)
 		return -1;

 	*out = &sub->base;
 	return 0;
 }

 int fuzzer_transport_cb(git_transport **out, git_remote *owner, void *param)
 {
 	git_smart_subtransport_definition def = {
 		fuzzer_subtransport_cb,
 		1,
 		param
 	};
 	return git_transport_smart(out, owner, &def);
 }

 void fuzzer_git_abort(const char *op)
 {
 	const git_error *err = git_error_last();
 	fprintf(stderr, "unexpected libgit error: %s: %s\n",
 		op, err ? err->message : "<none>");
 	abort();
 }

 int LLVMFuzzerInitialize(int *argc, char ***argv)
 {
 #if defined(_WIN32)
 	char tmpdir[MAX_PATH], path[MAX_PATH];

 	if (GetTempPath((DWORD)sizeof(tmpdir), tmpdir) == 0)
 		abort();

 	if (GetTempFileName(tmpdir, "lg2", 1, path) == 0)
 		abort();

 	if (git_futils_mkdir(path, 0700, 0) < 0)
 		abort();
 #else
 	char path[] = "/tmp/git2.XXXXXX";

 	if (mkdtemp(path) != path)
 		abort();
 #endif

 	if (git_libgit2_init() < 0)
 		abort();

 	if (git_libgit2_opts(GIT_OPT_SET_PACK_MAX_OBJECTS, 10000000) < 0)
 		abort();

 	UNUSED(argc);
 	UNUSED(argv);

 	if (git_repository_init(&repo, path, 1) < 0)
 		fuzzer_git_abort("git_repository_init");

 	return 0;
 }

 int LLVMFuzzerTestOneInput(const unsigned char *data, size_t size)
 {
 	struct fuzzer_buffer buffer = { data, size };
 	git_remote_callbacks callbacks = GIT_REMOTE_CALLBACKS_INIT;
 	git_remote *remote;

 	if (git_remote_create_anonymous(&remote, repo, "fuzzer://remote-url") < 0)
 		fuzzer_git_abort("git_remote_create");

 	callbacks.transport = fuzzer_transport_cb;
 	callbacks.payload = &buffer;

 	if (git_remote_connect(remote, GIT_DIRECTION_FETCH,
 	    &callbacks, NULL, NULL) < 0)
 		goto out;

 	git_remote_download(remote, NULL, NULL);

     out:
 	git_remote_free(remote);

 	return 0;
 }
	/*
	* libgit2 raw packfile fuzz target.
	*
	* Copyright (C) the libgit2 contributors. All rights reserved.
	*
	* This file is part of libgit2, distributed under the GNU GPL v2 with
	* a Linking Exception. For full terms see the included COPYING file.
	*/

	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>

	#include "git2.h"
	#include "git2/sys/transport.h"
	#include "futils.h"

	#define UNUSED(x) (void)(x)

	struct fuzzer_buffer {
	const unsigned char *data;
	size_t size;
	};

	struct fuzzer_stream {
	git_smart_subtransport_stream base;
	const unsigned char *readp;
	const unsigned char *endp;
	};

	struct fuzzer_subtransport {
	git_smart_subtransport base;
	git_transport *owner;
	struct fuzzer_buffer data;
	};

	static git_repository *repo;

	static int fuzzer_stream_read(git_smart_subtransport_stream *stream,
	char *buffer,
	size_t buf_size,
	size_t *bytes_read)
	{
	struct fuzzer_stream fs = (struct fuzzer_stream ) stream;
	size_t avail = fs->endp - fs->readp;

	*bytes_read = (buf_size > avail) ? avail : buf_size;
	memcpy(buffer, fs->readp, *bytes_read);
	fs->readp += *bytes_read;

	return 0;
	}

	static int fuzzer_stream_write(git_smart_subtransport_stream *stream,
	const char *buffer, size_t len)
	{
	UNUSED(stream);
	UNUSED(buffer);
	UNUSED(len);
	return 0;
	}

	static void fuzzer_stream_free(git_smart_subtransport_stream *stream)
	{
	free(stream);
	}

	static int fuzzer_stream_new(
	struct fuzzer_stream **out,
	const struct fuzzer_buffer *data)
	{
	struct fuzzer_stream stream = malloc(sizeof(stream));
	if (!stream)
	return -1;

	stream->readp = data->data;
	stream->endp = data->data + data->size;
	stream->base.read = fuzzer_stream_read;
	stream->base.write = fuzzer_stream_write;
	stream->base.free = fuzzer_stream_free;

	*out = stream;

	return 0;
	}

	static int fuzzer_subtransport_action(
	git_smart_subtransport_stream **out,
	git_smart_subtransport *transport,
	const char *url,
	git_smart_service_t action)
	{
	struct fuzzer_subtransport ft = (struct fuzzer_subtransport ) transport;

	UNUSED(url);
	UNUSED(action);

	return fuzzer_stream_new((struct fuzzer_stream **) out, &ft->data);
	}

	static int fuzzer_subtransport_close(git_smart_subtransport *transport)
	{
	UNUSED(transport);
	return 0;
	}

	static void fuzzer_subtransport_free(git_smart_subtransport *transport)
	{
	free(transport);
	}

	static int fuzzer_subtransport_new(
	struct fuzzer_subtransport **out,
	git_transport *owner,
	const struct fuzzer_buffer *data)
	{
	struct fuzzer_subtransport sub = malloc(sizeof(sub));
	if (!sub)
	return -1;

	sub->owner = owner;
	sub->data.data = data->data;
	sub->data.size = data->size;
	sub->base.action = fuzzer_subtransport_action;
	sub->base.close = fuzzer_subtransport_close;
	sub->base.free = fuzzer_subtransport_free;

	*out = sub;

	return 0;
	}

	int fuzzer_subtransport_cb(
	git_smart_subtransport **out,
	git_transport *owner,
	void *payload)
	{
	struct fuzzer_buffer buf = (struct fuzzer_buffer ) payload;
	struct fuzzer_subtransport *sub;

	if (fuzzer_subtransport_new(&sub, owner, buf) < 0)
	return -1;

	*out = &sub->base;
	return 0;
	}

	int fuzzer_transport_cb(git_transport *out, git_remote owner, void *param)
	{
	git_smart_subtransport_definition def = {
	fuzzer_subtransport_cb,
	1,
	param
	};
	return git_transport_smart(out, owner, &def);
	}

	void fuzzer_git_abort(const char *op)
	{
	const git_error *err = git_error_last();
	fprintf(stderr, "unexpected libgit error: %s: %s\n",
	op, err ? err->message : "<none>");
	abort();
	}

	int LLVMFuzzerInitialize(int argc, char **argv)
	{
	#if defined(_WIN32)
	char tmpdir[MAX_PATH], path[MAX_PATH];

	if (GetTempPath((DWORD)sizeof(tmpdir), tmpdir) == 0)
	abort();

	if (GetTempFileName(tmpdir, "lg2", 1, path) == 0)
	abort();

	if (git_futils_mkdir(path, 0700, 0) < 0)
	abort();
	#else
	char path[] = "/tmp/git2.XXXXXX";

	if (mkdtemp(path) != path)
	abort();
	#endif

	if (git_libgit2_init() < 0)
	abort();

	if (git_libgit2_opts(GIT_OPT_SET_PACK_MAX_OBJECTS, 10000000) < 0)
	abort();

	UNUSED(argc);
	UNUSED(argv);

	if (git_repository_init(&repo, path, 1) < 0)
	fuzzer_git_abort("git_repository_init");

	return 0;
	}

	int LLVMFuzzerTestOneInput(const unsigned char *data, size_t size)
	{
	struct fuzzer_buffer buffer = { data, size };
	git_remote_callbacks callbacks = GIT_REMOTE_CALLBACKS_INIT;
	git_remote *remote;

	if (git_remote_create_anonymous(&remote, repo, "fuzzer://remote-url") < 0)
	fuzzer_git_abort("git_remote_create");

	callbacks.transport = fuzzer_transport_cb;
	callbacks.payload = &buffer;

	if (git_remote_connect(remote, GIT_DIRECTION_FETCH,
	&callbacks, NULL, NULL) < 0)
	goto out;

	git_remote_download(remote, NULL, NULL);

	out:
	git_remote_free(remote);

	return 0;
	}