* Add more fuzzer
Fix build script
* Fix formatting for fuzzers
Fix length checking for nonce in fuzz_aead
* Fix fuzzer
- Add more randomization to data input
* Swap from `compile_go_fuzzer` to `compile_native_go_fuzzer`
* Move building to an internal script `fuzz/oss-fuzz-build.sh` to ease addition of new fuzzing methods
* Update `auto_ccs`
* ghostscript: extend fuzzing
- Add two new fuzzers
- One new fuzzer that explore multiple colorings
- One new fuzzer that focuses on PDF exploration
- Add dictionary to PDF fuzzer
- Add small sized PDF seed to PDF fuzzer
- Ensure max_len on multiple coloring fuzzing
* Add myself to auto_ccs
* Fix typo
* set indentation
* add options file
* Address review: split fuzzers and have dict + seed locally
* nit
* clarify prepending of single byte
* fix styling
* clarify comments in all_colors fuzzer
* Addess final review
Using bfd_check_format_matches requires that a returned matching
vector (when return is false and bfd_get_error() is
bfd_error_file_ambiguously_recognized) be freed. Use bfd_check_format
instead.
to make it easier to catch issues like
https://github.com/google/honggfuzz/issues/465.
With -V when unreproducible crashes are triggered honggfuzz shows something like
```
[2022-06-10T15:21:12+0000][W][2373157] subproc_checkTimeLimit():532 pid=2374490 took too much time (limit 30 s). Killing it with SIGKILL
Sz:280 Tm:30,021,052us (i/b/h/e/p/c) New:0/0/0/0/0/3, Cur:0/0/0/0/0/591
Launching verifier for HASH: 1b859677dd (iteration: 1 out of 5)
[2022-06-10T15:21:13+0000][E][2373157] fuzz_runVerifier():280 Verifier stack mismatch: (original) 1b859677dd != (new) 0
```
* croniter: instrument fuzzing function
The Croniter build is having some troubles with coverage and I'm not
entirely sure why. It seems like the corpus is not there and I'm not
entirely sure if this has to do with some instrumentation underlyings.
Locally the end-to-end process of running, collecting seeds and
generating coverage works for me. The effort in this PR is to make the
setup similar to pyyalm where the coverage visualisation works -- the
only difference I could spot between fuzzers from the two projects is
that croniter does not have its fuzzer entry function instrumented.
* Instrument all. This is similar to protobuf-python
* A PoC with `node-shell-quote` v1.7.3.
* A description of the shell injection bug in the prev version of shell-quote and how to reproduce it with `execSan`.
* Amend the instructions to run `execSan` on `node-shell-quote` and `pytorch-lightning`.
* java-projects: update maven 3.8.5 to 3.8.6
The 3.8.5 is no longer available so project builds are failing for those
in this commit. This fixes it.
* nit: remove jul-to-slf4j
By analogy with 8d762775ac it should make it easier
to change the build script when new build dependencies like
meson are introduced.
lxc is switching to meson in https://github.com/lxc/lxc/pull/4142
so it's expected that it should fail to build on OSS-Fuzz.
MacroFake