This PR adds to the flac fuzzer build script to include
fuzzer_reencoder, which is a fuzzer for which the fuzz input is first
decoded and then re-encoded. Additional coverage beyond what is
currently achieved is fuzzing of metadata input to the encoder (which is
copied from the decoded fuzz input) and the use of very large empty
inputs
Requesting accessing to apache-commons-jxpath project, for the vendor
address bharath_mohanraj@persistent.com
This request is raised to get access to the jxpath vulnerability details
(like crashing build, crashing input, stacktrace, etc.,) that will help
in debugging and fixing these issues.
Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
Because https://github.com/google/oss-fuzz/pull/8933 is not optimal for
oss-fuzz, we make this PR to meet apache-commons requirements. This PR
will add primary contact email, fix apache-commons-logging build failure
and move apache-commons-math, apache-commons-geometry,
apache-commons-compress and apache-commons-imaging out of apache-commons
folder .Each of them will have their own Dockerfile and build.sh.
The `detect_stack_use_after_return=1` option in `ASAN_OPTIONS` set by
the runner seemed to cause the fuzzer to not pick up any coverage.
I'm not quite sure why this happens. Any guidance would be appreciated.
The fuzzer seems stuck with this flag set:
`python infra/helper.py run_fuzzer --corpus-dir ../corpus_xst_json/ xs
xst_jsonparse -- seed=1`
```
INFO: seed corpus: files: 1728 min: 1b max: 131336b total: 336638b rss: 92Mb
#64 pulse cov: 322 ft: 323 corp: 1/1b exec/s: 32 rss: 92Mb
#128 pulse cov: 322 ft: 323 corp: 1/1b exec/s: 25 rss: 92Mb
#256 pulse cov: 322 ft: 324 corp: 2/8b exec/s: 23 rss: 93Mb
#512 pulse cov: 322 ft: 324 corp: 2/8b exec/s: 22 rss: 93Mb
#1024 pulse cov: 322 ft: 324 corp: 2/8b exec/s: 22 rss: 93Mb
```
However disabling it seems to make progress, with the same command (note
same seed and corpus). After rebuilding image with
`detect_stack_use_after_return` disabled:
`python infra/helper.py run_fuzzer --corpus-dir ../corpus_xst_json/ xs
xst_jsonparse -- seed=1`
```
INFO: seed corpus: files: 1728 min: 1b max: 131336b total: 336638b rss: 92Mb
#64 pulse cov: 485 ft: 500 corp: 29/55b exec/s: 32 rss: 93Mb
#128 pulse cov: 574 ft: 673 corp: 70/239b exec/s: 25 rss: 93Mb
#256 pulse cov: 749 ft: 1060 corp: 132/707b exec/s: 23 rss: 93Mb
#512 pulse cov: 834 ft: 1560 corp: 214/1767b exec/s: 22 rss: 93Mb
#1024 pulse cov: 953 ft: 2344 corp: 353/5213b exec/s: 22 rss: 93Mb
```
Setting `detect_stack_use_after_return=0` fixed it -- local runs picked
up coverage with seed corpus, and even a couple of crashes. Until I work
around this it would be preferable to gain some coverage, even if we
don't detect `stack-use-after-return` for now.
Signed-off-by: David Korczynski <david@adalogics.com>
Cross referencing https://github.com/google/fuzztest/pull/69
Signed-off-by: David Korczynski <david@adalogics.com>
Co-authored-by: Oliver Chang <oliverchang@users.noreply.github.com>
Currently if you make a coverage build for a particular architecture
(e.g. aarch64), running the coverage command doesn't work as it assumes
`x86_64`. This PR adds the `--architecture` flag present in other
commands for parity, allowing to run coverage reports built for the
matching architecture.
Tested by running `build_fuzzers` and then `coverage` works as expected
with defaults (x86_64).
Now `build_fuzzers` and then `coverage` also work when `--architecture
aarch64` is used.
This has a fix for coverage urls for per-fuzzer coverage reports:
https://github.com/ossf/fuzz-introspector/pull/605
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
This is a follow-up to https://github.com/google/oss-fuzz/pull/8952
This bump is needed to have the Python projects work properly. Scan
should be done for all projects now, so have switched it on by default
in fuzz introspector.
Bump also contains
- Fix for util-linux where per-target coverage report links were broken.
- Reduced logging.
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
Co-authored-by: Navidem <navid.emamdoost@gmail.com>
With the python projects enabled, we need to broaden the coverage file
names that should to be downloaded.
This PR changes `download_coverage_data_steps()` function to download
all the contents of `textcov_reports` dir from the coverage bucket.
This variable is no longer needed by fuzz-introspector python version
for these projects.
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
Bumps fuzz introspector and updates the way python fuzzers are build for
introspector builds.
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
Wrap wildcards in quotes as otherwise the script will autocomplete if
there is a e.g. .json file in the current directory. This causes the
wrong files to be moved, which means `all_cov.json` will not be moved to
the introspector folder and thus wrong (no) coverage data will be used.
This error happens in e.g. g-api-auth-library-python
Updated my mail in the contacts for u-root, since the web login does not
accept my non-Gmail address.
Sorry, I got confused not knowing what exactly counts as an alternative
e-mail address for a Google account.
Signed-off-by: Fabian Wienand <fabian.wienand@9elements.com>
Signed-off-by: Fabian Wienand <fabian.wienand@9elements.com>
@bobcallaway @loosebazooka
Gives @DavidKorczynski and me access to bug reports for Rekor.
Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: AdamKorcz <adam@adalogics.com>
Martijn van Beurden