Let me know if you would rather have the commits squashed into one, or
separated into multiple PRs. This should address:
- Changing the primary contact email address. This will give the XZ
Utils maintainers access to the filed bugs in the issue tracker since
the previous primary contact email address was not associated with a
Google account.
- Updated the main repository URL. The project recently moved to GitHub
as the main repository. The old repository will still be a mirror, but
it will be updated with a slight delay.
- Fixed [build
issue](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57241) by
adding an extra argument to the autogen.sh script.
I've managed to recreate the issue that was stopping the `fuzz_requests`
coverage on `urllib3` ( see #9863 )
The issues not visible running introspector locally but can be see in
clusterfuzzlite which is a port binding error. This change randomises
the port that's used and ensures that it can bind to it before fuzzing
starts. Change is tested and demonstrated as working here
[sg3-141-592/urllib3 - ClusterFuzzLite PR
fuzzing](https://github.com/sg3-141-592/urllib3/actions/runs/4466205991/jobs/7844093473?pr=1).
Also I've changed the style of the main block and atheris to be
consistent with the other fuzzers added lately.
`infra/helper.py shell project` used to open docker container with
different volumes mounted than `infra/helper.py build_fuzzers project`
Use the same logics in shell for project workdir calculation as it's
used during build procedure. This way we may easier troubleshoot build
issues in shell.
Recently Wasmtime switched code generator tactics for the implementation
of integer division. This means that Wasmtime expects to receive SIGFPE
for divide-by-zero traps and similar. This is similar to other signals
that Wasmtime is expected to handle in JIT code.
This commit adds an option for Wasmtime to let it handle signals in the
same manner that it's allowed to handle SIGILL and SIGSEGV currently.
We moved a test case to crossplane-runtime, so we are going to also
build fuzzers from that repo.
Should wait for
https://github.com/crossplane/crossplane-runtime/pull/394 to be merged
before moving forward with this one.
Signed-off-by: Philippe Scorsolini <p.scorsolini@gmail.com>
This should fix build of ngolo-fuzzing even when the corpus for one
target is empty.
net/http does not give a corpus because of `use of internal package
net/http/internal not allowed` in the tests...
`fuzz_iter.py`
- Added coverage of optional `hash_id` parameter
- Added call to `is_valid` method
- Added call to `get_next` & `get_prev` methods for the returned
croniter iterator
`fuzz_match.py`
- Added fuzzing of `croniter.match`
`fuzz_range.py`
- Added fuzzing of `croniter.range`
See https://github.com/google/guava/issues/6324#issuecomment-1433981628
for more context.
This change makes sure that (1) `minimumBits` is valid (previously it
could be negative, which is invalid) and (2) the value is not too large
to prevent spurious `OutOfMemoryError`s.
Changes made:
- Made buffers more variable
- Change input of `deserialized_obj` to be more appropriate
- Fixed a spelling mistake of the variable `deserialized_obj`
Our "cjpeg" fuzz target, which tests rarely-used compression code paths,
inputs only TARGA images (because that's a rarely-used compression code
path as well), so the lack of those images in the seed corpus was
preventing the rarely-used compression code paths from being fuzz-tested
at all. This should improve the overall coverage.
DavidKorczynski