These changes add some additional .so files to the container so that
loading some classes from java.awt works.
See #10933 and #7380 for related discussions.
Also decrease "Xmx" as it seems we get native OOM in Jazzer-runs
otherwise.
Fastify is a javascript web framework and it's a foundation project from
[OpenJS](https://openjsf.org/). It's used by a lot of
[organisations](https://fastify.dev/organisations/) (50+ listed on its
website), including:
- Microsoft
- [Net-a-porter](https://www.net-a-porter.com/en-gb/) (fyi, this is a
large UK e-commerce website with 1.8 billion in revenue)
- [Amerisave](https://www.amerisave.com/)
Maintainers are happy to integrate this and is listed as primary
contact.
Signed-off-by: Arthur Chan <arthur.chan@adalogics.com>
Previous Jazzer version only instrument code under the same package as
the fuzz test, this PR adds `--instrumentation_includes` to several
projects.
Also fix build failures in jdom and jsqlparser, fix fuzzing blocker in
qdox and avro, delete not needed file in apache-cxf
96b8b80172 did not properly fix the issue
because on older branches, where dnsdist does not have its own fuzzing
targets, we do not properly go back to the checkout directory and thus
the next step fails.
We only need to make sure that if the wrapped compiler (clang) prints
something to stderr, we report that to stderr in the wrapper, __even
if__ the compiler exits with 0. This is because when starting up, Bazel
invokes the compiler with various flags to detect what features are
available and what flags to pass during regular compilation. The
detection is based on the stderr of the compiler invocation, so we need
to make sure we are properly printing out stderr. Finally, Bazel uses
stderr to determine if the compiler is clang / gcc or a third option. If
we don't report stderr, then Bazel considers we are using a generic
compiler and then gets confused about what to generate in the toolchain.
Currently, this is the diff from the toolchain autoconfig when Bazel
starts up:
```diff
--- w-clang/bazel-w-clang/external/bazel_tools~cc_configure_extension~local_config_cc/BUILD 2023-09-15 16:54:56.131676995 +0000
+++ w-jcc/bazel-w-jcc/external/bazel_tools~cc_configure_extension~local_config_cc/BUILD 2023-09-15 18:17:24.486499047 +0000
@@ -85,16 +85,13 @@
"/usr/include/x86_64-linux-gnu",
"/usr/include",
"/usr/local/lib/clang/15.0.0/share",
- "/usr/include/c++/9",
- "/usr/include/x86_64-linux-gnu/c++/9",
- "/usr/include/c++/9/backward",
"/usr/local/include/c++/v1"],
tool_paths = {"ar": "/usr/bin/ar",
"ld": "/usr/bin/ld",
"llvm-cov": "/usr/local/bin/llvm-cov",
"llvm-profdata": "/usr/local/bin/llvm-profdata",
"cpp": "/usr/bin/cpp",
- "gcc": "/usr/local/bin/clang-15",
+ "gcc": "/usr/local/bin/clang-jcc",
"dwp": "/usr/bin/dwp",
"gcov": "/usr/bin/gcov",
"nm": "/usr/bin/nm",
```
The 3 missing header files could be because of
7a4eefa869/tools/cpp/unix_cc_configure.bzl (L316-L321)
but I could not find a way to force this. So far, it didn't look like it
was causing problems though.
---------
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
Adds a few features that are very beneficial for CI fuzzing. e.g.
AFL_IGNORE_SEED_PROBLEMS
This also fixes several minor bugfixes.
---------
Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
Mitigates the known issue where we don't automatically change to the
`WORKDIR` defined in `Dockerfile` when running cloud experiments.
Question:
Would it be preferred if I introduce a flag for this?
(e.g., `--use_workdir` or `--workdir=/src/<project>`)
While this gives more flexibility, I feel `cd` to `WORKDIR` should
always be preferred if we want the cloud experiments to behave the same
as local ones.
In the mbedtls fuzzer, enable some non-default features that are
supposed to be secure and so should be fuzzed. In particular:
* Test both with and without `MBEDTLS_USE_PSA_CRYPTO` (which has a major
impact on X.509 and TLS).
* Test both with and without `MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED` and
`MBEDTLS_RSA_NO_CRT` (which affect X25519 and RSA respectively).
* Enable non-default features (in particular, at this time, PKCS#7).
Fixes https://github.com/Mbed-TLS/mbedtls/issues/6708.
---------
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
My fork of Kyverno contains two new fuzzers that should run for a bit on
OSS-Fuzz before they are merged upstream.
This PR temporarily points Kyvernos OSS-Fuzz integration to my fork to
collect runtime and performance metrics over the next few days.
Signed-off-by: AdamKorcz <adam@adalogics.com>
Stable branches do not have the recent per-product split that was
introduced in #10926, and thus CI Fuzz fails on them. This commit checks
that there actually is at least one fuzzing target in the `dnsdistdist/`
directory before trying to build them, so that this step can be skipped
on older branches.
Add two more Exceptions which popped up when running fuzzing at large
scale.
There is one more place where font-handling is triggered, but not
available
on the VMs that run fuzzing
DavidKorczynski