55c912c9c7
[systemd] report OSS-Fuzz bugs on GitHub as well ( #7510 )
...
It should hopefully make it easier to keep track of them.
It was discussed in https://github.com/google/oss-fuzz/issues/7023
2022-04-05 14:44:59 -04:00
e71b32c79c
Consider submodules while commit and PR checkout ( #7500 )
...
This fix includes a few updates for infra/repo_manager.py:
* Add step for updating submodules while commit checkout
* Add step for updating submodules while PR checkout
Fixes #7493
2022-04-05 11:14:39 -04:00
909a0d7ed3
Attempt to fix insufficient extract_name buffer ( #7293 )
...
* Attempt to fix insufficient extract_name buffer
Some fuzzing failures happen because extract_name always uses in real
dnsmasq code daemon->namebuff of size at least MAXDNAME. Provide long
enough data also to fuzzed functions.
* Add myself as an interested party
Being dnsmasq maintainer in Fedora project and RHEL, I am interested in
new found failures. Especially when security related.
* Allocate full dhcp packet buffer
fuzz_dhcp can fail in clear packet. But that fails, because clear packet
always cleans whole buffer of maximal DHCP packet. But fuzzer allocates
less. Fix fuzzer to allocate similar memory as dhcp_common_init()
function of real dnsmasq.
2022-04-05 02:07:30 +00:00
b3b6f748cc
Fuzz JBIG2 code by checking on each object in PDF file ( #7508 )
2022-04-04 17:54:35 -07:00
8bad6b2c75
infra: make per-target coverage reports readable ( #7505 )
...
Similar to the main report make all target reports readable. This is
currently a blocker on fuzz-introspector for running locally.
2022-04-04 23:39:16 +01:00
0bcaec68ab
infra: fuzz-introspector: ensure COVERAGE_URL exists ( #7502 )
...
* infra: fuzz-introspector: ensure COVERAGE_URL exists
This is to make sure fuzz-introspector can run in local builds.
Ref:
https://github.com/ossf/fuzz-introspector/issues/48#issuecomment-1087513497
Ref:
https://github.com/ossf/fuzz-introspector/issues/67#issuecomment-1087518856
* refactor fuzz-introspector command generation
This is to shorten the long line that runs fuzz-introspector and also in
anticipation that down the line we will have more oss-fuzz specific
commands in fuzz-introspector
2022-04-04 23:38:37 +01:00
696a4dd4e5
Setup trial builds in CI. ( #7415 )
...
This adds the script that will be used by the GCB trigger to do trial builds when we have a base-images change.
2022-04-04 17:47:21 -04:00
1839964003
[woodstox] update copyright info ( #7504 )
2022-04-04 17:46:51 -04:00
fbeb8fb984
[woodstox] Initial Integration ( #7499 )
2022-04-04 09:12:43 -04:00
77bad6cbdb
tensorflow-py: fix build ( #7501 )
2022-04-04 13:03:56 +01:00
4ff34a956e
infra: fuzz-introspector updates and bump ( #7497 )
...
* infra: remove use of git_repo_url to fuzz-introspector
* libarchive,fluent-bit: add fuzz-introspector exclusion config
* fuzz-introspector: bump
Co-authored-by: Oliver Chang <oliverchang@users.noreply.github.com>
2022-04-04 11:35:58 +10:00
10fdf2878d
To include latest introspector changes ( #7494 )
2022-04-03 14:08:09 -04:00
4ae09c2ac2
ngolo-fuzzing: use latest go from git ( #7490 )
2022-04-02 22:05:24 +01:00
43da75fcc0
Add @piponazo to Exiv2 auto_ccs ( #7496 )
2022-04-02 22:03:39 +01:00
1556fb10d6
[zlib-ng] build fixes and improvements ( #7467 )
...
* [zlib-ng] fixed dataflow sanitizer build error. #7464
* [zlib-ng] use cmake instead of configure to build fuzzers.
2022-04-01 15:05:01 +11:00
4aeb753191
Revert "Pin Jazzer to older revision. ( #7484 )" ( #7486 )
...
This reverts commit 86a4d9d11f
2022-04-01 15:04:34 +11:00
7f8fe932ca
Mbed TLS: update references to old Github org ( #7487 )
...
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration. The new home
for Mbed TLS is:
https://github.com/Mbed-TLS
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-03-31 16:42:43 +00:00
d527319cf1
Fix possible uninitialized values in zlib's compress.c fuzzer ( #7488 )
...
Co-authored-by: Julien Voisin <jvoisin@google.com>
2022-03-31 10:19:26 -04:00
87554e18a8
Add OpenSK member ( #7485 )
2022-03-31 09:55:25 -04:00
221b39181a
Bump introspector ( #7482 )
2022-03-31 17:13:04 +11:00
86a4d9d11f
Pin Jazzer to older revision. ( #7484 )
2022-03-31 15:54:50 +11:00
8d55f22548
Fix libarchive build. ( #7481 )
...
Set --enable-static for libxml2. This was set to false by default in a
recent commit
2022-03-31 13:52:59 +11:00
e3aaf609aa
Improve a bit the coverage of libraw's fuzzer ( #7478 )
...
Co-authored-by: Julien Voisin <jvoisin@google.com>
2022-03-30 19:32:02 -04:00
e3d89bccaf
libical: Add Ken Murchison ( #7480 )
2022-03-30 19:25:52 -04:00
9f236c1c9c
Update new_project_guide.md ( #7477 )
2022-03-30 10:43:25 -04:00
f1a882a076
Update zlib URL ( #7474 )
...
* Update zlib URL
Per #7468
* Update Dockerfile
2022-03-30 10:14:46 -04:00
c8e84159db
pigweed: Update team list and website ( #7414 )
...
Co-authored-by: asraa <asraa@google.com>
2022-03-30 10:13:59 -04:00
b4dcddf1ee
Check for non-null baseStream ( #7476 )
2022-03-30 02:14:32 +00:00
c13fa231dc
Fuzzing for JBIG2 streams ( #7475 )
2022-03-30 12:57:32 +11:00
fe93ec53c8
infra: bump fuzz-introspector ( #7471 )
...
Following fix of https://github.com/ossf/fuzz-introspector/issues/154
2022-03-29 16:33:51 -07:00
528d0810f2
bitcoin-core: Fix msan ( #7472 )
2022-03-29 16:50:42 -04:00
e48b906242
opensips: Add support for -DFUZZ_BUILD ( #7469 )
...
OpenSIPS runs on a custom memory allocator, which makes use of a
pre-allocated, large heap chunk, so buffer read overflows are harmless
and allow for some SIP parsing optimizations.
By enabling FUZZ_BUILD for the fuzzer runs, we add extra runtime checks,
so the fuzzer should no longer crash due to ASan detecting
false-positive buffer read overflows in the SIP parser.
2022-03-29 20:26:30 +01:00
d94ac89d00
[elfutils] always build zlib ( #7470 )
...
* [elfutils] always build zlib
to make sure all the fuzz targets use the same version of zlib
* [elfutils] switch to the latest version of zlib
2022-03-29 10:55:54 -04:00
1abbd8bf08
Revert "Fix run_fuzzers_test::CoverageReportIntegrationTest. ( #7325 )" ( #7466 )
...
This reverts commit 9553ab10d7
2022-03-29 14:46:36 +11:00
090c5fc586
Add a scarecrow project to test GitHub issue filing/closing ( #7437 )
...
* Add a scarecrow project to test github issue filing/closing
* Add file_github_issue as a new valid section name
2022-03-29 08:59:43 +11:00
c462cad1be
cras: Disable featured in configure ( #7456 )
...
featured [1] is a ChromeOS specific daemon that's not available in gcr.io/oss-fuzz-base/base-builder-rust
Disable it to fix the build [2].
[1] https://chromium.googlesource.com/chromiumos/platform2/+/HEAD/featured/
[2] https://crbug.com/oss-fuzz/45744
2022-03-28 18:54:10 +00:00
d5cb28fb0c
Increase a bit zlib's compress fuzzer coverage ( #7465 )
...
Co-authored-by: Julien Voisin <jvoisin@google.com>
2022-03-28 14:47:47 -04:00
56e0158135
[elfutils] bring MSan back ( #7460 )
...
Now that all the false positives are gone and MSan reports real
issues like https://sourceware.org/bugzilla/show_bug.cgi?id=29000
confirmed by Valgrind it should be safe to bring MSan back.
It reverts 6e6d6068ae
2022-03-28 14:47:26 -04:00
a36be92ad9
[Nettle] Enable MSAN ( #7463 )
...
* [Nettle] Enable MSAN
* [Nettle] Add main_repo section
2022-03-28 14:47:01 -04:00
7be7db9e50
Remove jinja2, no longer used ( #7452 )
2022-03-28 14:46:04 -04:00
eeb2d1fbf8
[django] Fixed pyinstaller creation to include neccessary translations. ( #7458 )
2022-03-28 14:45:30 -04:00
981efa8d32
kimageformats: upgrade libaom dependency ( #7461 )
2022-03-28 13:19:10 -04:00
4d723ba451
Adds ngolo-fuzzing project ( #7372 )
...
* Adds ngolo-fuzzing project
* fixup use exclude.txt from upstream repo
* summary in the end
* hard fail on supported packages
* exact package match
2022-03-28 12:50:46 -04:00
b748536b39
Revert "infra: fuzz-introspector: force no inline ( #7413 )" ( #7455 )
...
* Revert "infra: fuzz-introspector: force no inline (#7413 )"
This reverts commit ba7f8eb9bf
2022-03-24 18:58:45 -07:00
b016b8f3fe
libavif: go back to using dav1d.cmd to build dav1d ( #7454 )
...
It is no longer necessary to use dav1d_oss_fuzz.sh.
2022-03-24 19:24:15 -04:00
acd32966b9
Make CI build experimental jobs. ( #7433 )
...
Fixes https://github.com/google/oss-fuzz/issues/7432
2022-03-24 18:54:45 +00:00
3a216f4e7a
build(deps): bump actions/setup-python from 2 to 3 ( #7438 )
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 2 to 3.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](https://github.com/actions/setup-python/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-24 13:29:23 -04:00
df0e13ebda
Remove dependabot ( #7453 )
2022-03-24 11:40:31 -04:00
e1b93ba81b
build(deps): bump pyyaml from 5.4 to 6.0 in /infra/ci ( #7439 )
...
Bumps [pyyaml](https://github.com/yaml/pyyaml ) from 5.4 to 6.0.
- [Release notes](https://github.com/yaml/pyyaml/releases )
- [Changelog](https://github.com/yaml/pyyaml/blob/master/CHANGES )
- [Commits](https://github.com/yaml/pyyaml/compare/5.4...6.0 )
---
updated-dependencies:
- dependency-name: pyyaml
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-24 15:32:37 +00:00
22c78b9fbb
build(deps): bump yapf from 0.30.0 to 0.32.0 in /infra/ci ( #7443 )
...
Bumps [yapf](https://github.com/google/yapf ) from 0.30.0 to 0.32.0.
- [Release notes](https://github.com/google/yapf/releases )
- [Changelog](https://github.com/google/yapf/blob/main/CHANGELOG )
- [Commits](https://github.com/google/yapf/compare/v0.30.0...v0.32.0 )
---
updated-dependencies:
- dependency-name: yapf
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-24 10:41:36 -04:00
Evgeny Vereshchagin