Skip to content

Bugs and found by fuzzing  #856

New issue
New issue
Closed
Closed
Bugs and found by fuzzing #856
Labels
bugSomething isn't workinggood first issueGood for newcomershelp wantedExtra attention is needed
@0x34d

Description

@0x34d
0x34d
opened on Oct 1, 2023

PR: #855

1 Panic

file : plumbing/protocol/packp/uppackresp_test.go

func TestDecoder(t *testing.T) {

	req := NewUploadPackRequest()
	res := NewUploadPackResponse(req)
	defer res.Close()

	res.Decode(io.NopCloser(bytes.NewReader([]byte("000600"))))
}

Run: go test -fuzz=TestDecoder $(pwd)/plumbing/protocol/packp

Backtraces:

go test -fuzz=TestDecoder				/home/0x34d/project/go-git/plumbing/protocol/packp
OK: 164 passed
--- FAIL: TestDecoder (0.00s)
panic: runtime error: slice bounds out of range [:3] with capacity 2 [recovered]
	panic: runtime error: slice bounds out of range [:3] with capacity 2

goroutine 192 [running]:
testing.tRunner.func1.2({0x7c0f00, 0xc0001e8720})
	/usr/lib/golang/src/testing/testing.go:1526 +0x24e
testing.tRunner.func1()
	/usr/lib/golang/src/testing/testing.go:1529 +0x39f
panic({0x7c0f00, 0xc0001e8720})
	/usr/lib/golang/src/runtime/panic.go:884 +0x213
github.com/go-git/go-git/v5/plumbing/protocol/packp.(*ServerResponse).decodeLine(0xc00022b600?, {0xc00028507e, 0x2, 0x2})
	/home/0x34d/project/go-git/plumbing/protocol/packp/srvresp.go:104 +0x2d1
github.com/go-git/go-git/v5/plumbing/protocol/packp.(*ServerResponse).Decode(0x40df2a?, 0xc00025d740, 0x0)
	/home/0x34d/project/go-git/plumbing/protocol/packp/srvresp.go:29 +0xd1
github.com/go-git/go-git/v5/plumbing/protocol/packp.(*UploadPackResponse).Decode(0xc00025d6e0, {0x8394d0?, 0xc0002af4d0})
	/home/0x34d/project/go-git/plumbing/protocol/packp/uppackresp.go:63 +0x337
github.com/go-git/go-git/v5/plumbing/protocol/packp.TestDecoder(0xc0002553b0?)
	/home/0x34d/project/go-git/plumbing/protocol/packp/uppackresp_test.go:150 +0x2fe
testing.tRunner(0xc000102d00, 0x7ed020)
	/usr/lib/golang/src/testing/testing.go:1576 +0x10b
created by testing.(*T).Run
	/usr/lib/golang/src/testing/testing.go:1629 +0x3ea
exit status 2
FAIL	github.com/go-git/go-git/v5/plumbing/protocol/packp	0.013s
make: *** [Makefile:57: fuzzbug] Error 1

2 CPU Spike and Memory hogging

file: plumbing/format/packfile/delta_test.go

func TestPatchDelta(t *testing.T) {

	input := []byte("00000000000000000000000000000000 \xf1\xf1\xf1\xf10\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1\xf1")

	input_0 := input[:len(input)/2]
	input_1 := input[len(input)/2:]

	PatchDelta(input_0, input_1)
}

Run: go test -fuzz=TestPatchDelta $(pwd)/plumbing/format/packfile

Log: see the htop

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workinggood first issueGood for newcomershelp wantedExtra attention is needed

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions