The fwupd daemon is a firmware installer deployed onto tens (hundreds?) of
millions of devices. It parses untrusted firmware blobs from OEMs, ODMs and
IHVs writing using dozens of different protocols.
See https://fwupd.org/ for a whole ton more details about the project.
Using the LVFS we've deployed at least 22 million updates in the last few years,
although that number could be a lot higher in reality as we allow the LVFS to
be anonymously mirrored and for fwupd to be run without phoning home.
We used to fuzz with afl but recently switched to honggfuzz which found an
additional 17 critical warnings or crashes. Hence my interest in oss-fuzz!
My actual email address richard@hughsie.com is aliased to the email address
given here, and I can confirm I'm the upstream maintainer. The github project
has 1.1k stars and 172 forks if that means anything in reality.
The fwupd project is used by almost all distributions, *including* ChromeOS.
Soon osquery will require that the version of CMake
is not equal or higher than 3.18.0.
We can ignore such requirement since we are not making packages.
See osquery/osquery#6801
Also remove unused sed replacements. Those settings are now the default
when not using the osquery toolchain.
* Add a fuzzer for Pygments
While pygments doesn't use native code for fuzzing,
it's the defacto solution to highlight (untrusted) code,
so unexpected exceptions and timeouts are important.
* Make the fuzzer work
* Remove a useless LD_PRELOAD
* Add a missing "main_repo" field
* pillow: initial integration, but draft for now since some aspects of Python fuzzing are unclear.
* pillow: add header.
* Added pillow project.
* pillow: simply build.
* pillow: update project.yaml and build.
* pillow: remove or true when makeing.
* Pillow: remove use of temp file and simplify other aspects.
* pillow: do not use warnings and only use embedded jpeg in first run.
* pillow: speed gains.
* Initial integration of rocksdb.
* Remove fuzz_db from OSS-Fuzz as we want it upstream.
* rocksdb: update initial integration set up.
* Removed unneeded line.
* [teleport] Initial integration
* Minor update to run tests again
* [Kops] Initial integration
* Minor adjustment
* Run tests again
* Removed comment
* --depth'ed cloning of two repositories
* [teleport] Initial integration
* Minor update to run tests again
* [clib] Initial integration
* Updates to build file
* Switched off AFL
* Minor correction
When we fail a build, we attempt to identify the first OSS-Fuzz commit
prior to the upstream commit date.
If this does not exist, we bailed out. This commit changes it such that
we at least try on the oldest integration commit.
Rewrite test_all in python.
Bash is quite annoying to write and test.
One issue with bash is it is even worse than Python for parallelism (which may be causing #4707).
Rewrite test_all in python and optimize base-runner/Dockerfile for fast development.
Also, combine some docker layers.
In [Wasmtime](https://github.com/bytecodealliance/wasmtime), we're
planning to transition eventually to a new x86 backend. We recently
added a fuzz target for this backend that differentially fuzzes against
a Wasm interpreter.
This PR adds the new backend's fuzz target and adds a contact (me) to
the notification list.
dlorenc