Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bugs and found by fuzzing #856

Closed
0x34d opened this issue Oct 1, 2023 · 0 comments
Closed

Bugs and found by fuzzing #856

0x34d opened this issue Oct 1, 2023 · 0 comments
Labels
bug Something isn't working good first issue Good for newcomers help wanted Extra attention is needed

Comments

@0x34d
Copy link
Contributor

0x34d commented Oct 1, 2023

PR: #855

1 Panic

file : plumbing/protocol/packp/uppackresp_test.go

func TestDecoder(t *testing.T) {

	req := NewUploadPackRequest()
	res := NewUploadPackResponse(req)
	defer res.Close()

	res.Decode(io.NopCloser(bytes.NewReader([]byte("000600"))))
}

Run: go test -fuzz=TestDecoder $(pwd)/plumbing/protocol/packp

Backtraces:

go test -fuzz=TestDecoder				/home/0x34d/project/go-git/plumbing/protocol/packp
OK: 164 passed
--- FAIL: TestDecoder (0.00s)
panic: runtime error: slice bounds out of range [:3] with capacity 2 [recovered]
	panic: runtime error: slice bounds out of range [:3] with capacity 2

goroutine 192 [running]:
testing.tRunner.func1.2({0x7c0f00, 0xc0001e8720})
	/usr/lib/golang/src/testing/testing.go:1526 +0x24e
testing.tRunner.func1()
	/usr/lib/golang/src/testing/testing.go:1529 +0x39f
panic({0x7c0f00, 0xc0001e8720})
	/usr/lib/golang/src/runtime/panic.go:884 +0x213
github.com/go-git/go-git/v5/plumbing/protocol/packp.(*ServerResponse).decodeLine(0xc00022b600?, {0xc00028507e, 0x2, 0x2})
	/home/0x34d/project/go-git/plumbing/protocol/packp/srvresp.go:104 +0x2d1
github.com/go-git/go-git/v5/plumbing/protocol/packp.(*ServerResponse).Decode(0x40df2a?, 0xc00025d740, 0x0)
	/home/0x34d/project/go-git/plumbing/protocol/packp/srvresp.go:29 +0xd1
github.com/go-git/go-git/v5/plumbing/protocol/packp.(*UploadPackResponse).Decode(0xc00025d6e0, {0x8394d0?, 0xc0002af4d0})
	/home/0x34d/project/go-git/plumbing/protocol/packp/uppackresp.go:63 +0x337
github.com/go-git/go-git/v5/plumbing/protocol/packp.TestDecoder(0xc0002553b0?)
	/home/0x34d/project/go-git/plumbing/protocol/packp/uppackresp_test.go:150 +0x2fe
testing.tRunner(0xc000102d00, 0x7ed020)
	/usr/lib/golang/src/testing/testing.go:1576 +0x10b
created by testing.(*T).Run
	/usr/lib/golang/src/testing/testing.go:1629 +0x3ea
exit status 2
FAIL	github.com/go-git/go-git/v5/plumbing/protocol/packp	0.013s
make: *** [Makefile:57: fuzzbug] Error 1

2 CPU Spike and Memory hogging

file: plumbing/format/packfile/delta_test.go

func TestPatchDelta(t *testing.T) {

	input := []byte("00000000000000000000000000000000 \xf1\xf1\xf1\xf10\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1")

	input_0 := input[:len(input)/2]
	input_1 := input[len(input)/2:]

	PatchDelta(input_0, input_1)
}

Run: go test -fuzz=TestPatchDelta $(pwd)/plumbing/format/packfile

Log: see the htop
@pjbgf pjbgf added bug Something isn't working good first issue Good for newcomers help wanted Extra attention is needed labels Oct 1, 2023
@pjbgf pjbgf mentioned this issue Oct 7, 2023
Merged
@0x34d 0x34d closed this as completed Nov 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working good first issue Good for newcomers help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pjbgf @0x34d