Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork947
Fix Fuzzer Crash in ClusterFuzz Due to Missing Git Executable#1906
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
Byron merged 1 commit intogitpython-developers:mainfromDaveLak:fuzzing-fix-missing-git-in-clusterfuzzApr 23, 2024
Merged
Fix Fuzzer Crash in ClusterFuzz Due to Missing Git Executable#1906
Byron merged 1 commit intogitpython-developers:mainfromDaveLak:fuzzing-fix-missing-git-in-clusterfuzzApr 23, 2024
Uh oh!
There was an error while loading.Please reload this page.
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
A Git executable is not globally available in the ClusterFuzz containerenvironment where OSS-Fuzz executes fuzz tests, causing an error in the fuzzharnesses when GitPython attempts to initialize, crashing the tests before theycan run.To avoid this issue, we bundle the `git` binary that is available in the OSS-Fuzzbuild container with the fuzz harness via Pyinstaller's `--add-binary` flag in`build.sh` and use GitPython's `git.refresh(<full-path-to-git-executable>)`method inside a Pyinstaller runtime check to initialize GitPython with thebundled Git executable when running from the bundled application.In all other execution environments, we assume a `git` executable is availableglobally.Fixes:-gitpython-developers#1905-google/oss-fuzz#10600
1 task
Byron approved these changesApr 23, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Thanks a lot for the fix!
I wonder how this could ever work on OSS-fuzz.
Different images everywhere 🫣 |
DaveLak added a commit to DaveLak/GitPython that referenced this pull requestApr 26, 2024
This is a second attempt atgitpython-developers#1906 and should resolve:-gitpython-developers#1905-google/oss-fuzz#10600PRgitpython-developers#1906 had the right idea but wrong implementation, and the differences betweenthe ClusterFuzz image that it was supposed to fix and the OSS-Fuzz image wherethe fix was tested led to the issue not being fully resolved.The root cause of the issue is the same: A Git executable is not globallyavailable in the ClusterFuzz container environment where OSS-Fuzz executesfuzz tests.gitpython-developers#1906 attempted to fix the issue by bundling the Git binary and usingGitPython's `git.refresh(<full-path-to-git-executable>)` method to set itinside the `TestOneInput` function of the test harness.However, GitPython attempts to set the binary at import time via its `__init__`hook, and crashes the test if no executable is found during the import.This issue is fixed here by setting the environment variable that GitPythonlooks in before importing it, so it's available for the import. This was testedby setting the `$PATH` to an empty string inside the test files, whichreproduced the crash, then adding the changes introduced here with `$PATH` stillempty, which avoided the crash indicating that the bundled Git executable isworking as expected.
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Labels
None yet
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
A Git executable is not globally available in the ClusterFuzz container
environment where OSS-Fuzz executes fuzz tests, causing an error in the fuzz
harnesses when GitPython attempts to initialize, crashing the tests before they
can run.
To avoid this issue, we bundle the
gitbinary that is available in the OSS-Fuzzbuild container with the fuzz harness via Pyinstaller's
--add-binaryflag inbuild.shand use GitPython'sgit.refresh(<full-path-to-git-executable>)method inside a Pyinstaller runtime check to initialize GitPython with the
bundled Git executable when running from the bundled application.
In all other execution environments, we assume a
gitexecutable is availableglobally.
Fixes: