libgit2
diff --git a/‎.github/workflows/main.yml
Lines changed: 14 additions & 0 deletions b/‎.github/workflows/main.yml
Lines changed: 14 additions & 0 deletions
diff --git a/‎fuzzers/CMakeLists.txt
Lines changed: 4 additions & 1 deletion b/‎fuzzers/CMakeLists.txt
Lines changed: 4 additions & 1 deletion
diff --git a/‎fuzzers/corpora/revparse/head
Lines changed: 1 addition & 0 deletions b/‎fuzzers/corpora/revparse/head
Lines changed: 1 addition & 0 deletions
diff --git a/‎fuzzers/corpora/revparse/revat
Lines changed: 1 addition & 0 deletions b/‎fuzzers/corpora/revparse/revat
Lines changed: 1 addition & 0 deletions
diff --git a/‎fuzzers/download_refs_fuzzer.c
Lines changed: 4 additions & 31 deletions b/‎fuzzers/download_refs_fuzzer.c
Lines changed: 4 additions & 31 deletions
diff --git a/‎fuzzers/fuzzer_utils.c
Lines changed: 51 additions & 0 deletions b/‎fuzzers/fuzzer_utils.c
Lines changed: 51 additions & 0 deletions
diff --git a/‎fuzzers/fuzzer_utils.h
Lines changed: 14 additions & 0 deletions b/‎fuzzers/fuzzer_utils.h
Lines changed: 14 additions & 0 deletions
diff --git a/‎fuzzers/revparse_fuzzer.c
Lines changed: 52 additions & 0 deletions b/‎fuzzers/revparse_fuzzer.c
Lines changed: 52 additions & 0 deletions
diff --git a/‎src/libgit2/revparse.c
Lines changed: 4 additions & 1 deletion b/‎src/libgit2/revparse.c
Lines changed: 4 additions & 1 deletion
diff --git a/‎src/libgit2/transports/smart_pkt.c
Lines changed: 2 additions & 1 deletion b/‎src/libgit2/transports/smart_pkt.c
Lines changed: 2 additions & 1 deletion
@@ -137,6 +137,20 @@ jobs:
             ASAN_SYMBOLIZER_PATH: /usr/bin/llvm-symbolizer-10
             UBSAN_OPTIONS: print_stacktrace=1
           os: ubuntu-latest
+        - name: "Sanitizer (Address)"
+          id: sanitizer-address
+          container:
+            name: noble
+          env:
+            CC: clang
+            CFLAGS: -fsanitize=address -ggdb -fsanitize-blacklist=/home/libgit2/source/script/sanitizers.supp -fno-optimize-sibling-calls -fno-omit-frame-pointer
+            CMAKE_OPTIONS: -DCMAKE_PREFIX_PATH=/usr/local -DUSE_HTTPS=mbedTLS -DUSE_SHA1=HTTPS -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_BUNDLED_ZLIB=ON -DUSE_SSH=ON
+            CMAKE_GENERATOR: Ninja
+            SKIP_SSH_TESTS: true
+            SKIP_NEGOTIATE_TESTS: true
+            ASAN_SYMBOLIZER_PATH: /usr/bin/llvm-symbolizer-10
+            UBSAN_OPTIONS: print_stacktrace=1
+          os: ubuntu-latest
         - name: "Sanitizer (UndefinedBehavior)"
           id: sanitizer-ub
           os: ubuntu-latest
 
@@ -12,10 +12,13 @@ foreach(fuzz_target_src ${SRC_FUZZERS})
 	string(REPLACE ".c" "" fuzz_target_name ${fuzz_target_src})
 	string(REPLACE "_fuzzer" "" fuzz_name ${fuzz_target_name})
 
-	set(${fuzz_target_name}_SOURCES ${fuzz_target_src} ${LIBGIT2_OBJECTS})
+	set(${fuzz_target_name}_SOURCES
+		${fuzz_target_src} "fuzzer_utils.c" ${LIBGIT2_OBJECTS})
+
 	if(USE_STANDALONE_FUZZERS)
 		list(APPEND ${fuzz_target_name}_SOURCES "standalone_driver.c")
 	endif()
+
 	add_executable(${fuzz_target_name} ${${fuzz_target_name}_SOURCES})
 	set_target_properties(${fuzz_target_name} PROPERTIES C_STANDARD 90)
 
 
@@ -0,0 +1 @@
+HEAD
@@ -0,0 +1 @@
+xxxxxxxxxxxxxxxx@
@@ -16,6 +16,7 @@
 #include "futils.h"
 
 #include "standalone_driver.h"
+#include "fuzzer_utils.h"
 
 #define UNUSED(x) (void)(x)
 
@@ -157,46 +158,18 @@ static int fuzzer_transport_cb(git_transport **out, git_remote *owner, void *par
 	return git_transport_smart(out, owner, &def);
 }
 
-static void fuzzer_git_abort(const char *op)
-{
-	const git_error *err = git_error_last();
-	fprintf(stderr, "unexpected libgit error: %s: %s\n",
-		op, err ? err->message : "<none>");
-	abort();
-}
-
 int LLVMFuzzerInitialize(int *argc, char ***argv)
 {
-#if defined(_WIN32)
-	char tmpdir[MAX_PATH], path[MAX_PATH];
-
-	if (GetTempPath((DWORD)sizeof(tmpdir), tmpdir) == 0)
-		abort();
-
-	if (GetTempFileName(tmpdir, "lg2", 1, path) == 0)
-		abort();
-
-	if (git_futils_mkdir(path, 0700, 0) < 0)
-		abort();
-#else
-	char path[] = "/tmp/git2.XXXXXX";
-
-	if (mkdtemp(path) != path)
-		abort();
-#endif
+	UNUSED(argc);
+	UNUSED(argv);
 
 	if (git_libgit2_init() < 0)
 		abort();
 
 	if (git_libgit2_opts(GIT_OPT_SET_PACK_MAX_OBJECTS, 10000000) < 0)
 		abort();
 
-	UNUSED(argc);
-	UNUSED(argv);
-
-	if (git_repository_init(&repo, path, 1) < 0)
-		fuzzer_git_abort("git_repository_init");
-
+	repo = fuzzer_repo_init();
 	return 0;
 }
 
 
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) the libgit2 contributors. All rights reserved.
+ *
+ * This file is part of libgit2, distributed under the GNU GPL v2 with
+ * a Linking Exception. For full terms see the included COPYING file.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "git2.h"
+#include "futils.h"
+
+#include "fuzzer_utils.h"
+
+void fuzzer_git_abort(const char *op)
+{
+	const git_error *err = git_error_last();
+	fprintf(stderr, "unexpected libgit error: %s: %s\n",
+		op, err ? err->message : "<none>");
+	abort();
+}
+
+git_repository *fuzzer_repo_init(void)
+{
+	git_repository *repo;
+
+#if defined(_WIN32)
+	char tmpdir[MAX_PATH], path[MAX_PATH];
+
+	if (GetTempPath((DWORD)sizeof(tmpdir), tmpdir) == 0)
+		abort();
+
+	if (GetTempFileName(tmpdir, "lg2", 1, path) == 0)
+		abort();
+
+	if (git_futils_mkdir(path, 0700, 0) < 0)
+		abort();
+#else
+	char path[] = "/tmp/git2.XXXXXX";
+
+	if (mkdtemp(path) != path)
+		abort();
+#endif
+
+	if (git_repository_init(&repo, path, 1) < 0)
+		fuzzer_git_abort("git_repository_init");
+
+	return repo;
+}
@@ -0,0 +1,14 @@
+/*
+ * Copyright (C) the libgit2 contributors. All rights reserved.
+ *
+ * This file is part of libgit2, distributed under the GNU GPL v2 with
+ * a Linking Exception. For full terms see the included COPYING file.
+ */
+
+#ifndef INCLUDE_fuzzer_utils_h__
+#define INCLUDE_fuzzer_utils_h__
+
+extern void fuzzer_git_abort(const char *op);
+extern git_repository *fuzzer_repo_init(void);
+
+#endif
@@ -0,0 +1,52 @@
+/*
+ * libgit2 revparse fuzzer target.
+ *
+ * Copyright (C) the libgit2 contributors. All rights reserved.
+ *
+ * This file is part of libgit2, distributed under the GNU GPL v2 with
+ * a Linking Exception. For full terms see the included COPYING file.
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "git2.h"
+
+#include "standalone_driver.h"
+#include "fuzzer_utils.h"
+
+#define UNUSED(x) (void)(x)
+
+static git_repository *repo;
+
+int LLVMFuzzerInitialize(int *argc, char ***argv)
+{
+	UNUSED(argc);
+	UNUSED(argv);
+
+	if (git_libgit2_init() < 0)
+		abort();
+
+	if (git_libgit2_opts(GIT_OPT_SET_PACK_MAX_OBJECTS, 10000000) < 0)
+		abort();
+
+	repo = fuzzer_repo_init();
+	return 0;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	git_object *obj = NULL;
+	char *c;
+
+	if ((c = calloc(1, size + 1)) == NULL)
+		abort();
+
+	memcpy(c, data, size);
+
+	git_revparse_single(&obj, repo, c);
+	git_object_free(obj);
+	free(c);
+
+	return 0;
+}
@@ -701,6 +701,7 @@ static int revparse(
 	git_object *base_rev = NULL;
 
 	bool should_return_reference = true;
+	bool parsed = false;
 
 	GIT_ASSERT_ARG(object_out);
 	GIT_ASSERT_ARG(reference_out);
@@ -710,7 +711,7 @@ static int revparse(
 	*object_out = NULL;
 	*reference_out = NULL;
 
-	while (spec[pos]) {
+	while (!parsed && spec[pos]) {
 		switch (spec[pos]) {
 		case '^':
 			should_return_reference = false;
@@ -817,6 +818,8 @@ static int revparse(
 				break;
 			} else if (spec[pos+1] == '\0') {
 				spec = "HEAD";
+				identifier_len = 4;
+				parsed = true;
 				break;
 			}
 			/* fall through */
 
@@ -232,7 +232,8 @@ static int set_data(
 
 	GIT_ASSERT_ARG(data);
 
-	if ((caps = memchr(line, '\0', len)) != NULL) {
+	if ((caps = memchr(line, '\0', len)) != NULL &&
+	    len > (size_t)((caps - line) + 1)) {
 		caps++;
 
 		if (strncmp(caps, "object-format=", CONST_STRLEN("object-format=")) == 0)