[PATCH v4 0/3] Add commit-graph fuzzer and fix buffer overflow

[Josh Steadmon]

Add a new fuzz test for the commit graph and fix a buffer read-overflow
that it discovered. Additionally, fix the Makefile instructions for
building fuzzers.

Changes since V3:
  * Improve portability of the new test functionality.
  * Fix broken &&-chains in tests.

Changes since V2:
  * Avoid pointer arithmetic overflow when checking the graph's chunk
    count.
  * Merge the corrupt_graph_and_verify and
    corrupt_and_zero_graph_then_verify test functions.

Josh Steadmon (3):
  commit-graph, fuzz: Add fuzzer for commit-graph
  commit-graph: fix buffer read-overflow
  Makefile: correct example fuzz build

 .gitignore              |  1 +
 Makefile                |  3 +-
 commit-graph.c          | 67 +++++++++++++++++++++++++++++------------
 commit-graph.h          |  3 ++
 fuzz-commit-graph.c     | 16 ++++++++++
 t/t5318-commit-graph.sh | 16 ++++++++--
 6 files changed, 83 insertions(+), 23 deletions(-)
 create mode 100644 fuzz-commit-graph.c

Range-diff against v3:
1:  675d58ecea ! 1:  80b5662f30 commit-graph: fix buffer read-overflow
    @@ -55,29 +55,26 @@
        pos=$1
        data="${2:-\0}"
        grepstr=$3
    -+  orig_size=$(stat --format=%s $objdir/info/commit-graph)
    -+  zero_pos=${4:-${orig_size}}
    ++  orig_size=$(wc -c < $objdir/info/commit-graph) &&
    ++  zero_pos=${4:-${orig_size}} &&
        cd "$TRASH_DIRECTORY/full" &&
        test_when_finished mv commit-graph-backup $objdir/info/commit-graph &&
        cp $objdir/info/commit-graph commit-graph-backup &&
        printf "$data" | dd of="$objdir/info/commit-graph" bs=1 seek="$pos" 
conv=notrunc &&
    -+  truncate --size=$zero_pos $objdir/info/commit-graph &&
    -+  truncate --size=$orig_size $objdir/info/commit-graph &&
    ++  dd of="$objdir/info/commit-graph" bs=1 seek="$zero_pos" count=0 &&
    ++  dd if=/dev/zero of="$objdir/info/commit-graph" bs=1 seek="$zero_pos" 
count=$(($orig_size - $zero_pos)) &&
        test_must_fail git commit-graph verify 2>test_err &&
    -   grep -v "^+" test_err >err
    +-  grep -v "^+" test_err >err
    ++  grep -v "^+" test_err >err &&
        test_i18ngrep "$grepstr" err
      }
      
    -+
    - test_expect_success 'detect bad signature' '
    -   corrupt_graph_and_verify 0 "\0" \
    -           "graph signature"
     @@
                "incorrect checksum"
      '
      
     +test_expect_success 'detect incorrect chunk count' '
    -+  corrupt_graph_and_verify $GRAPH_BYTE_CHUNK_COUNT "\xff" \
    ++  corrupt_graph_and_verify $GRAPH_BYTE_CHUNK_COUNT "\377" \
     +          "chunk lookup table entry missing" $GRAPH_CHUNK_LOOKUP_OFFSET
     +'
     +
2:  06a32bfe8b = 2:  21101b961a Makefile: correct example fuzz build
-- 
2.20.0.rc2.10.g21101b961a