Skip to content

Attempt 2 - Fix Missing Git Executable Causing ClusterFuzz Crash #1909

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Apr 27, 2024
Merged

Attempt 2 - Fix Missing Git Executable Causing ClusterFuzz Crash #1909

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Attempt 2 - Fix Missing Git Executable Causing ClusterFuzz Crash 
This is a second attempt at #1906 and should resolve:
- #1905
- google/oss-fuzz#10600

PR #1906 had the right idea but wrong implementation, and the differences between
the ClusterFuzz image that it was supposed to fix and the OSS-Fuzz image where
the fix was tested led to the issue not being fully resolved.

The root cause of the issue is the same: A Git executable is not globally
available in the ClusterFuzz container environment where OSS-Fuzz executes
fuzz tests.

 #1906 attempted to fix the issue by bundling the Git binary and using
GitPython's `git.refresh(<full-path-to-git-executable>)` method to set it
inside the `TestOneInput` function of the test harness.

However, GitPython attempts to set the binary at import time via its `__init__`
hook, and crashes the test if no executable is found during the import.

This issue is fixed here by setting the environment variable that GitPython
looks in before importing it, so it's available for the import. This was tested
by setting the `$PATH` to an empty string inside the test files, which
reproduced the crash, then adding the changes introduced here with `$PATH` still
empty, which avoided the crash indicating that the bundled Git executable is
working as expected.
  • Loading branch information
@DaveLak
DaveLak committed Apr 26, 2024
commit dac3535d3dc4aaff9bd98a6ea70f46b132537694
8 changes: 4 additions & 4 deletions fuzzing/fuzz-targets/fuzz_config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,15 +23,15 @@
import os
from configparser import MissingSectionHeaderError, ParsingError

if getattr(sys, "frozen", False) and hasattr(sys, "_MEIPASS"):
path_to_bundled_git_binary = os.path.abspath(os.path.join(os.path.dirname(__file__), "git"))
os.environ["GIT_PYTHON_GIT_EXECUTABLE"] = path_to_bundled_git_binary

with atheris.instrument_imports():
import git


def TestOneInput(data):
if getattr(sys, "frozen", False) and hasattr(sys, "_MEIPASS"):
path_to_bundled_git_binary = os.path.abspath(os.path.join(os.path.dirname(__file__), "git"))
git.refresh(path_to_bundled_git_binary)

sio = io.BytesIO(data)
sio.name = "/tmp/fuzzconfig.config"
git_config = git.GitConfigParser(sio)
Expand Down
8 changes: 4 additions & 4 deletions fuzzing/fuzz-targets/fuzz_tree.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,15 +23,15 @@
import os
import shutil

if getattr(sys, "frozen", False) and hasattr(sys, "_MEIPASS"):
path_to_bundled_git_binary = os.path.abspath(os.path.join(os.path.dirname(__file__), "git"))
os.environ["GIT_PYTHON_GIT_EXECUTABLE"] = path_to_bundled_git_binary

with atheris.instrument_imports():
import git


def TestOneInput(data):
if getattr(sys, "frozen", False) and hasattr(sys, "_MEIPASS"):
path_to_bundled_git_binary = os.path.abspath(os.path.join(os.path.dirname(__file__), "git"))
git.refresh(path_to_bundled_git_binary)

fdp = atheris.FuzzedDataProvider(data)
git_dir = "/tmp/.git"
head_file = os.path.join(git_dir, "HEAD")
Expand Down
Loading