Skip to content

Navigation Menu

Sign in

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit f4b95cf

Browse filesBrowse files
DaveLakDaveLak
committed
Fix Fuzzer Crash in ClusterFuzz Due to Missing Git Executable
A Git executable is not globally available in the ClusterFuzz container environment where OSS-Fuzz executes fuzz tests, causing an error in the fuzz harnesses when GitPython attempts to initialize, crashing the tests before they can run. To avoid this issue, we bundle the `git` binary that is available in the OSS-Fuzz build container with the fuzz harness via Pyinstaller's `--add-binary` flag in `build.sh` and use GitPython's `git.refresh(<full-path-to-git-executable>)` method inside a Pyinstaller runtime check to initialize GitPython with the bundled Git executable when running from the bundled application. In all other execution environments, we assume a `git` executable is available globally. Fixes: - #1905 - google/oss-fuzz#10600
1 parent bc7bd22 commit f4b95cf
Copy full SHA for f4b95cf

File tree

3 files changed

+15
-7
lines changed
Filter options

3 files changed

+15
-7
lines changed

‎fuzzing/fuzz-targets/fuzz_config.py

Copy file name to clipboardExpand all lines: fuzzing/fuzz-targets/fuzz_config.py
+7-2Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,16 +20,21 @@
2020
import atheris
2121
import sys
2222
import io
23+
import os
2324
from configparser import MissingSectionHeaderError, ParsingError
2425

2526
with atheris.instrument_imports():
26-
from git import GitConfigParser
27+
import git
2728

2829

2930
def TestOneInput(data):
31+
if getattr(sys, "frozen", False) and hasattr(sys, "_MEIPASS"):
32+
path_to_bundled_git_binary = os.path.abspath(os.path.join(os.path.dirname(__file__), "git"))
33+
git.refresh(path_to_bundled_git_binary)
34+
3035
sio = io.BytesIO(data)
3136
sio.name = "/tmp/fuzzconfig.config"
32-
git_config = GitConfigParser(sio)
37+
git_config = git.GitConfigParser(sio)
3338
try:
3439
git_config.read()
3540
except (MissingSectionHeaderError, ParsingError, UnicodeDecodeError):

‎fuzzing/fuzz-targets/fuzz_tree.py

Copy file name to clipboardExpand all lines: fuzzing/fuzz-targets/fuzz_tree.py
+7-4Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -24,11 +24,14 @@
2424
import shutil
2525

2626
with atheris.instrument_imports():
27-
from git.objects import Tree
28-
from git.repo import Repo
27+
import git
2928

3029

3130
def TestOneInput(data):
31+
if getattr(sys, "frozen", False) and hasattr(sys, "_MEIPASS"):
32+
path_to_bundled_git_binary = os.path.abspath(os.path.join(os.path.dirname(__file__), "git"))
33+
git.refresh(path_to_bundled_git_binary)
34+
3235
fdp = atheris.FuzzedDataProvider(data)
3336
git_dir = "/tmp/.git"
3437
head_file = os.path.join(git_dir, "HEAD")
@@ -46,9 +49,9 @@ def TestOneInput(data):
4649
os.mkdir(common_dir)
4750
os.mkdir(objects_dir)
4851

49-
_repo = Repo("/tmp/")
52+
_repo = git.Repo("/tmp/")
5053

51-
fuzz_tree = Tree(_repo, Tree.NULL_BIN_SHA, 0, "")
54+
fuzz_tree = git.Tree(_repo, git.Tree.NULL_BIN_SHA, 0, "")
5255
try:
5356
fuzz_tree._deserialize(io.BytesIO(data))
5457
except IndexError:

‎fuzzing/oss-fuzz-scripts/build.sh

Copy file name to clipboardExpand all lines: fuzzing/oss-fuzz-scripts/build.sh
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ find "$SEED_DATA_DIR" \( -name '*_seed_corpus.zip' -o -name '*.options' -o -name
1414

1515
# Build fuzzers in $OUT.
1616
find "$SRC/gitpython/fuzzing" -name 'fuzz_*.py' -print0 | while IFS= read -r -d '' fuzz_harness; do
17-
compile_python_fuzzer "$fuzz_harness"
17+
compile_python_fuzzer "$fuzz_harness" --add-binary="$(command -v git):."
1818

1919
common_base_dictionary_filename="$SEED_DATA_DIR/__base.dict"
2020
if [[ -r "$common_base_dictionary_filename" ]]; then

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.