go-git
diff --git a/‎internal/revision/parser_test.go
Lines changed: 8 additions & 0 deletions b/‎internal/revision/parser_test.go
Lines changed: 8 additions & 0 deletions
diff --git a/‎internal/revision/scanner.go
Lines changed: 6 additions & 1 deletion b/‎internal/revision/scanner.go
Lines changed: 6 additions & 1 deletion
diff --git a/‎plumbing/format/packfile/delta_test.go
Lines changed: 6 additions & 6 deletions b/‎plumbing/format/packfile/delta_test.go
Lines changed: 6 additions & 6 deletions
diff --git a/‎plumbing/format/packfile/patch_delta.go
Lines changed: 19 additions & 2 deletions b/‎plumbing/format/packfile/patch_delta.go
Lines changed: 19 additions & 2 deletions
diff --git a/‎plumbing/format/packfile/patch_delta_test.go
Lines changed: 72 additions & 0 deletions b/‎plumbing/format/packfile/patch_delta_test.go
Lines changed: 72 additions & 0 deletions
diff --git a/‎plumbing/object/signature_test.go
Lines changed: 3 additions & 0 deletions b/‎plumbing/object/signature_test.go
Lines changed: 3 additions & 0 deletions
diff --git a/‎plumbing/protocol/packp/srvresp.go
Lines changed: 3 additions & 0 deletions b/‎plumbing/protocol/packp/srvresp.go
Lines changed: 3 additions & 0 deletions
diff --git a/‎plumbing/protocol/packp/uppackresp_test.go
Lines changed: 2 additions & 0 deletions b/‎plumbing/protocol/packp/uppackresp_test.go
Lines changed: 2 additions & 0 deletions
diff --git a/‎plumbing/transport/common_test.go
Lines changed: 5 additions & 0 deletions b/‎plumbing/transport/common_test.go
Lines changed: 5 additions & 0 deletions
@@ -400,6 +400,14 @@ func (s *ParserSuite) TestParseRefWithInvalidName(c *C) {
 }
 
 func FuzzParser(f *testing.F) {
+	f.Add("@{2016-12-16T21:42:47Z}")
+	f.Add("@~3")
+	f.Add("v0.99.8^{}")
+	f.Add("master:./README")
+	f.Add("HEAD^{/fix nasty bug}")
+	f.Add("HEAD^{/[A-")
+	f.Add(":/fix nasty bug")
+	f.Add(":/[A-")
 
 	f.Fuzz(func(t *testing.T, input string) {
 		parser := NewParser(bytes.NewBufferString(input))
 
@@ -43,6 +43,11 @@ func tokenizeExpression(ch rune, tokenType token, check runeCategoryValidator, r
 	return tokenType, string(data), nil
 }
 
+// maxRevisionLength holds the maximum length that will be parsed for a
+// revision. Git itself don't enforce a max length, but rather leans on
+// the OS to enforce it via its ARG_MAX.
+const maxRevisionLength = 128 * 1024 // 128kb
+
 var zeroRune = rune(0)
 
 // scanner represents a lexical scanner.
@@ -52,7 +57,7 @@ type scanner struct {
 
 // newScanner returns a new instance of scanner.
 func newScanner(r io.Reader) *scanner {
-	return &scanner{r: bufio.NewReader(r)}
+	return &scanner{r: bufio.NewReader(io.LimitReader(r, maxRevisionLength))}
 }
 
 // Scan extracts tokens and their strings counterpart
 
@@ -179,12 +179,12 @@ func (s *DeltaSuite) TestMaxCopySizeDeltaReader(c *C) {
 }
 
 func FuzzPatchDelta(f *testing.F) {
+	f.Add([]byte("some value"), []byte("\n\f\fsomenewvalue"))
+	f.Add([]byte("some value"), []byte("\n\x0e\x0evalue"))
+	f.Add([]byte("some value"), []byte("\n\x0e\x0eva"))
+	f.Add([]byte("some value"), []byte("\n\x80\x80\x80\x80\x80\x802\x7fvalue"))
 
-	f.Fuzz(func(t *testing.T, input []byte) {
-
-		input_0 := input[:len(input)/2]
-		input_1 := input[len(input)/2:]
-
-		PatchDelta(input_0, input_1)
+	f.Fuzz(func(t *testing.T, input1, input2 []byte) {
+		PatchDelta(input1, input2)
 	})
 }
@@ -26,6 +26,13 @@ var (
 const (
 	payload      = 0x7f // 0111 1111
 	continuation = 0x80 // 1000 0000
+
+	// maxPatchPreemptionSize defines what is the max size of bytes to be
+	// premptively made available for a patch operation.
+	maxPatchPreemptionSize uint = 65536
+
+	// minDeltaSize defines the smallest size for a delta.
+	minDeltaSize = 4
 )
 
 type offset struct {
@@ -86,9 +93,13 @@ func ApplyDelta(target, base plumbing.EncodedObject, delta []byte) (err error) {
 }
 
 // PatchDelta returns the result of applying the modification deltas in delta to src.
+// An error will be returned if delta is corrupted (ErrInvalidDelta) or an action command
 // is not copy from source or copy from delta (ErrDeltaCmd).
 func PatchDelta(src, delta []byte) ([]byte, error) {
+	if len(src) == 0 || len(delta) < minDeltaSize {
+		return nil, ErrInvalidDelta
+	}
+
 	b := &bytes.Buffer{}
 	if err := patchDelta(b, src, delta); err != nil {
 		return nil, err
@@ -239,7 +250,9 @@ func patchDelta(dst *bytes.Buffer, src, delta []byte) error {
 	remainingTargetSz := targetSz
 
 	var cmd byte
-	dst.Grow(int(targetSz))
+
+	growSz := min(targetSz, maxPatchPreemptionSize)
+	dst.Grow(int(growSz))
 	for {
 		if len(delta) == 0 {
 			return ErrInvalidDelta
@@ -403,6 +416,10 @@ func patchDeltaWriter(dst io.Writer, base io.ReaderAt, delta io.Reader,
 // This must be called twice on the delta data buffer, first to get the
 // expected source buffer size, and again to get the target buffer size.
 func decodeLEB128(input []byte) (uint, []byte) {
+	if len(input) == 0 {
+		return 0, input
+	}
+
 	var num, sz uint
 	var b byte
 	for {
 
@@ -0,0 +1,72 @@
+package packfile
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestDecodeLEB128(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name     string
+		input    []byte
+		want     uint
+		wantRest []byte
+	}{
+		{
+			name:     "single byte, small number",
+			input:    []byte{0x01, 0xFF},
+			want:     1,
+			wantRest: []byte{0xFF},
+		},
+		{
+			name:     "single byte, max value without continuation",
+			input:    []byte{0x7F, 0xFF},
+			want:     127,
+			wantRest: []byte{0xFF},
+		},
+		{
+			name:     "two bytes",
+			input:    []byte{0x80, 0x01, 0xFF},
+			want:     128,
+			wantRest: []byte{0xFF},
+		},
+		{
+			name:     "two bytes, larger number",
+			input:    []byte{0xFF, 0x01, 0xFF},
+			want:     255,
+			wantRest: []byte{0xFF},
+		},
+		{
+			name:     "three bytes",
+			input:    []byte{0x80, 0x80, 0x01, 0xFF},
+			want:     16384,
+			wantRest: []byte{0xFF},
+		},
+		{
+			name:     "empty remaining bytes",
+			input:    []byte{0x01},
+			want:     1,
+			wantRest: []byte{},
+		},
+		{
+			name:     "empty input",
+			input:    []byte{},
+			want:     0,
+			wantRest: []byte{},
+		},
+	}
+
+	for _, tc := range tests {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			gotNum, gotRest := decodeLEB128(tc.input)
+			assert.Equal(t, tc.want, gotNum, "decoded number mismatch")
+			assert.Equal(t, tc.wantRest, gotRest, "remaining bytes mismatch")
+		})
+	}
+}
@@ -193,6 +193,9 @@ signed tag`),
 }
 
 func FuzzParseSignedBytes(f *testing.F) {
+	f.Add([]byte(openPGPSignatureFormat[0]))
+	f.Add([]byte(x509SignatureFormat[0]))
+	f.Add([]byte(sshSignatureFormat[0]))
 
 	f.Fuzz(func(t *testing.T, input []byte) {
 		parseSignedBytes(input)
 
@@ -120,6 +120,9 @@ func (r *ServerResponse) decodeACKLine(line []byte) error {
 	}
 
 	sp := bytes.Index(line, []byte(" "))
+	if sp+41 > len(line) {
+		return fmt.Errorf("malformed ACK %q", line)
+	}
 	h := plumbing.NewHash(string(line[sp+1 : sp+41]))
 	r.ACKs = append(r.ACKs, h)
 	return nil
 
@@ -131,6 +131,8 @@ func (s *UploadPackResponseSuite) TestEncodeMultiACK(c *C) {
 }
 
 func FuzzDecoder(f *testing.F) {
+	f.Add([]byte("0045ACK 5dc01c595e6c6ec9ccda4f6f69c131c0dd945f81\n"))
+	f.Add([]byte("003aACK5dc01c595e6c6ec9ccda4f6f69c131c0dd945f82 \n0008NAK\n0"))
 
 	f.Fuzz(func(t *testing.T, input []byte) {
 		req := NewUploadPackRequest()
 
@@ -235,6 +235,11 @@ func (s *SuiteCommon) TestNewEndpointIPv6(c *C) {
 }
 
 func FuzzNewEndpoint(f *testing.F) {
+	f.Add("http://127.0.0.1:8080/foo.git")
+	f.Add("http://[::1]:8080/foo.git")
+	f.Add("file:///foo.git")
+	f.Add("ssh://git@github.com/user/repository.git")
+	f.Add("git@github.com:user/repository.git")
 
 	f.Fuzz(func(t *testing.T, input string) {
 		NewEndpoint(input)
Original file line number	Diff line number	Diff line change
@@ -193,6 +193,9 @@ signed tag`),
`193`	`193`	`}`
`194`	`194`
195	`195`	`func FuzzParseSignedBytes(f *testing.F) {`
	`196`	`+ f.Add([]byte(openPGPSignatureFormat[0]))`
	`197`	`+ f.Add([]byte(x509SignatureFormat[0]))`
	`198`	`+ f.Add([]byte(sshSignatureFormat[0]))`
`196`	`199`
`197`	`200`	`f.Fuzz(func(t *testing.T, input []byte) {`
`198`	`201`	`parseSignedBytes(input)`
Original file line number	Diff line number	Diff line change
`@@ -120,6 +120,9 @@ func (r *ServerResponse) decodeACKLine(line []byte) error {`
`120`	`120`	`}`
`121`	`121`
`122`	`122`	`sp := bytes.Index(line, []byte(" "))`
	`123`	`+ if sp+41 > len(line) {`
	`124`	`+ return fmt.Errorf("malformed ACK %q", line)`
	`125`	`+ }`
`123`	`126`	`h := plumbing.NewHash(string(line[sp+1 : sp+41]))`
`124`	`127`	`r.ACKs = append(r.ACKs, h)`
`125`	`128`	`return nil`
Original file line number	Diff line number	Diff line change
`@@ -131,6 +131,8 @@ func (s UploadPackResponseSuite) TestEncodeMultiACK(c C) {`
`131`	`131`	`}`
`132`	`132`
`133`	`133`	`func FuzzDecoder(f *testing.F) {`
	`134`	`+ f.Add([]byte("0045ACK 5dc01c595e6c6ec9ccda4f6f69c131c0dd945f81\n"))`
	`135`	`+ f.Add([]byte("003aACK5dc01c595e6c6ec9ccda4f6f69c131c0dd945f82 \n0008NAK\n0"))`
`134`	`136`
`135`	`137`	`f.Fuzz(func(t *testing.T, input []byte) {`
`136`	`138`	`req := NewUploadPackRequest()`