The original fuzzer makes some assumptions on specific properties.
Namely that Deserialise->Serialise->Deserialise was completely
symmetrical. However support for some parts of the API only includes
Serialising, so to fix this I've added the reverse/inverse fuzzer, which
improves code coverage substantially.
Signed-off-by: Nathaniel Brough <nathaniel.brough@gmail.com>
Hermes's testsuite marks some tests in test262, flow, esprima and
mjsunit as tests not to run for one reason or another (e.g. unsupported
features, etc). This commit removes those tests from the seed corpus by
removing the tests explicit marked to be skipped in the `SKIP_LIST` and
`PERMANENT_SKIP_LIST` in `hermes/utils/testsuite/testsuite_skiplist.py`,
removing tests in mjsunit that use v8 runtime functions, and excludes
tests that have keywords from `UNSUPPORTED_FEATURES` and
`PERMANENT_UNSUPPORTED_FEATURES` in
`hermes/utils/testsuite/testsuite_skiplist.py` in the file contents or
in the path name.
1. Don't use trace-loads as it is not fully supported in LLVM and breaks
many projects (see
9383870160)
2. Use -Wl for link time options so they aren't unnecessarily used (also
fixes meson based projects).
The issue in #8915 is that the environment no longer has a leftover
`python3` binary in `/bin/python3`. This uncovers a bug in the `upb` and
`jwt-verify-lib` Dockerfiles where `python2` was installed (or no Python
was installed).
The issue seems to show up on Bazel projects only due to the way Bazel
executes commands: it uses `env -` to run them in a clear environment,
meaning that even `$PATH` is altered. Before bc02fd0 the issues in the
Dockerfiles were hidden by the fact that the environment contained
multiple versions of Python and one happened to be matched by this
search path.
This fixes#8915, reverting #8914 and #8909 tweaks to #8915. I did not
do a similar thing for #8930 as maybe that can be fixed by changing the
base python image?
Tested: Tested that I can build the `upb` fuzzers with this change.
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
Since libfuzzer, honggfuzz and AFL mutate at the byte level, mutating on
bytes in JS comments likely won't cause any meaningful crashes, so this
commit removes JS comments from files before we include them in the seed
corpus
Previously, fastmath was the default option, and the build script
created a fuzzer without fastmath.
Some time ago, wolfSSL changed this so that no fastmath is the default
option, and this PR creates a dedicated fuzzer for fastmath.
qpdf's build has been failing with errors within its own build of
libjpeg-turbo because of lack of position-independent code. This change
forces libjpeg-turbo to build with PIC even though we continue to build
only static libraries. I have reproduced the build failure locally using
the fuzz docker images and have reproduced locally that this fixes it.
Currently OSS-Fuzz flags are not set when building the tinyxml2 library
due to
e05956094c/Makefile (L13).
Consequentially, coverage is low (only that which is in the fuzzer
source file). This fixes it by avoiding to overwrite the CXXFLAGS in the
build.
0xedward