Re: [PATCH] fuzz: add fuzzer for config parsing

[Junio C Hamano <gitster@pobox.com>]

"Brian Tracy via GitGitGadget" <gitgitgadget@gmail.com> writes:

> diff --git a/Makefile b/Makefile
> index 4e255c81f22..aa6c852548c 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -760,6 +760,7 @@ FUZZ_OBJS += oss-fuzz/fuzz-commit-graph.o
>  FUZZ_OBJS += oss-fuzz/fuzz-date.o
>  FUZZ_OBJS += oss-fuzz/fuzz-pack-headers.o
>  FUZZ_OBJS += oss-fuzz/fuzz-pack-idx.o
> +FUZZ_OBJS += oss-fuzz/fuzz-config.o

Keep the similar things alphabetically ordered, i.e. "config" comes
after "commit-graph" before "date".

> -for fuzzer in commit-graph date pack-headers pack-idx ; do
> +for fuzzer in commit-graph date pack-headers pack-idx config ; do

Ditto.

> diff --git a/oss-fuzz/.gitignore b/oss-fuzz/.gitignore
> index 5b954088254..892fb09a95d 100644
> --- a/oss-fuzz/.gitignore
> +++ b/oss-fuzz/.gitignore
> @@ -2,3 +2,4 @@ fuzz-commit-graph
>  fuzz-date
>  fuzz-pack-headers
>  fuzz-pack-idx
> +fuzz-config

Ditto.

> diff --git a/oss-fuzz/fuzz-config.c b/oss-fuzz/fuzz-config.c
> new file mode 100644
> index 00000000000..5a1b39aa1e7
> --- /dev/null
> +++ b/oss-fuzz/fuzz-config.c
> @@ -0,0 +1,32 @@
> +#include "git-compat-util.h"
> +#include "config.h"
> +
> +#include <stdio.h>
> +#include <string.h>

You shouldn't have to include system header files yourself.

"git-compat-util.h" is there exactly for insulating yor code from
details such as which system headers in what order need to be
included and which CPP feature macros need to be defined before
their inclusion, and including it as the first header file should
be sufficient.

> +
> +int LLVMFuzzerTestOneInput(const uint8_t *, size_t);
> +static int config_parser_callback(const char *, const char *,
> +					const struct config_context *, void *);
> +
> +static int config_parser_callback(const char *key, const char *value,
> +					const struct config_context *ctx UNUSED,
> +					void *data UNUSED)
> +{
> +	/* Visit every byte of memory we are given to make sure the parser
> +	 * gave it to us appropriately. Ensure a return of 0 to indicate
> +	 * success so the parsing continues. */

	/*
         * Our multi-line comments are formatted with
	 * the slash-asterisk at the beginning and
	 * the asterisk-slash at the end on their
	 * own lines.
	 */

> +	int c = strlen(key);

Isn't the type of return value from strlen() size_t?  It should be
available by inclusing "git-compat-util.h" to you for free.

> +	if (value)
> +		c += strlen(value);
> +	return c < 0;

Is there a reason why this is not "return 0"?  Is it to fool a
clever compiler optimization that knows that omitting calls to
git_config_from_mem() is safe if its callback function does not have
externally observable side effects and always succeeds?

> +}
> +
> +int LLVMFuzzerTestOneInput(const uint8_t *data, const size_t size)
> +{
> +	struct config_options config_opts = { 0 };

We still honor -Wdecl-after-statement and leave a blank line between
the decl and the first statement here.

> +	config_opts.error_action = CONFIG_ERROR_SILENT;
> +	git_config_from_mem(config_parser_callback, CONFIG_ORIGIN_BLOB,
> +				"fuzztest-config", (const char *)data, size, NULL,
> +				CONFIG_SCOPE_UNKNOWN, &config_opts);
> +	return 0;
> +}
>
> base-commit: 945115026aa63df4ab849ab14a04da31623abece

Thanks.