* added draco integration files
* wrote build file and Dockerfile for Draco
* added more fuzzers, updated build script to generate corpus and options for each
* place yaml.dict in SRC first, rather than in OUT directly
* changed fuzzers from c++ to c, updated build script
* started using booleans instead of ints, updated naming conventions
* replaced all instances of with
* removed memsets, stopped using first two bytes of input, and removed file I/O
* fixed style, changed function return types to bool instead of int
* added libyaml_parser_fuzzer back, implemented string handling to not exceed buffer size in libyaml_emitter_fuzzer, and made style fixes
* changed boolean functions to return error, not success
* fixed inverted check
* changed variable names, fixed crash in libyaml_emitter_fuzzer
* fixed addition/subtraction style
* make a dynamically growing heap buffer
* place yaml_write_handler in distinct header file, style fixes
* fix style and memory safety issues in reformatter fuzzers, remove unused vars
* consistent assignment of done variables
* [CRAS] Fix build error and build new fuzzer
- Fix build error by installing 1.8.x gtest and using `make install` to
install gtest pc file for pkg-config
- Build and add new fuzzer `cras_hfp_slc`
BUG=oss-fuzz:24744
* fix the copyright
* fix the copyright
* Update Dockerfile
Co-authored-by: Max Moroz <mmoroz@chromium.org>
* Add bind9 as new proposed oss-fuzz target
* Add basic Dockerfile and build.sh
* Change the auto_cc addresses to @isc.org
* fix the copyright
* fix the copyright
Co-authored-by: Max Moroz <mmoroz@chromium.org>
* initial commit
* removed instances of cout in fuzzer, build failing
* Fix the Alembic build.
This commit gets Alembic building properly by linking it against
a locally compiled checkout of the most recent OpenEXR release.
* placed temp file in /tmp, modified build script
* added zlib1g-dev:i386 as a dependency in Dockerfile
* style fixes, removed msan
* combine dumpAttribute functions
* fix formatting
* update fuzzer_temp_file.h, style fixes for fuzzer
* populate target names
* disable ubsan for the time being
Co-authored-by: Michael Jezierny <mtjz@google.com>
* [opusfile] Initial integration
* add license header
* cleaned up loop in build script
* fix typo in build script
* changed fuzzer from C++ to C
* run ldconfig before building fuzzer
* Force static linking when building the fuzzer.
This alternative linker syntax overrides the "lib{whatever}.so" default.
Fortunately, Ubuntu packages static libraries in libopus-dev and
libogg-dev.
Co-authored-by: Michael Jezierny <mtjz@google.com>
The upstream LPM-based fuzzer changed its layout, so update the build
files to reflect this. This may make sense as a separate .a file in
the future to avoid these breaks.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24776
* projects/dav1d: remove unnecessarily installed packages
* projects/dav1d: fix build by just copying the fuzzing binaries
Meson switched the name of the directory holding the objects for the
fuzzer binaries to match the pattern used to copy all fuzzing binaries.
Copying the directory failed.
* using tidy_html5's fuzzer_temp_file utilities to create a file from fuzzing input in /tmp
* used FuzzerTemporaryFile class, updated copyright year
* catch all exceptions instead of a select few, fix styling in openexr_exrheader_fuzzer
* updating fuzzer_temp_file.h with the changes mentioned in https://github.com/google/oss-fuzz/pull/4236
The purpose of the fuzzer is to very that an exception is thrown, not
to validate that the correct *type* of exception is thrown. That is
the responsibility of the project's traditional test suite. Therefore,
the exception type is inconsequential.
Signed-off-by: Cary Phillips <seabeepea@gmail.com>
Update the primary contact addresss and website in the Mbed TLS
project file.
Also update the Mbed TLS cc address in the bignum-fuzzer project
file.
Signed-off-by: Dan Handley <dan.handley@arm.com>
Reducing the number of concurrent link steps to the number of cpus does
not appear to have made much difference to the success of the Skia
project build. Limit the number of concurrent links to one in an attempt
to avoid running out of memory. If issues persist it is likely the bot
running this simply does not have enough memory to run the linker step.
This change is speculative since these builds have been working on the
CI bots and only failing on the oss-fuzz build.
Bug: oss-fuzz:23438,oss-fuzz:24345
The number of link build steps in the Skia build is currently not
limited and may be leading to the current failures where the linker is
killed with a signal. This changes that to limit the number of
concurrent linker steps to the number of cpus available. If there
continue to be issues it may be necessary to implement a hard limit.
Bug: oss-fuzz:23438,oss-fuzz:24345
* added two fuzzers from patch files, stripped unnecessary code from exrenvmap_fuzzer, build currently failing
* exrheader build working
* checking coverage for exrheader_fuzzer
* removed writes to cout for exrheader_fuzzer
* exrheader_fuzzer and exrenvmap_fuzzer working
* added license to exrheader_fuzzer
* remove namespaceAlias.h
* changed function names in exrheader_fuzzer, wrote files to /tmp in exrenvmap_fuzzer, included style fixes
* [rnp] Add afl engine
* Add fuzz_dump and fuzz_keyring to the exception list
These binaries - from https://github.com/rnpgp/rnp/tree/master/src/fuzzing -
are very tiny and just call into the library with a single API,
and are not staticly compiled - so they have very few UBSAN calls.
Undefined sanitizer should now work, and the honggfuzz engine as well.
Upstream changes supported enabling these, and when I did so I
renamed one of the variables.
ClamAV recently removed autotools generated materials (configure,
Makefile.in, etc) from the git repo. This commit adds tools and calls
necessary to generate those files if autogen.sh is present.
* fixed null dereference in uri_dissect_query_malloc_fuzzer
* removed unused include
* initialized chars_required, freed query_list if check unsuccessful, and used buf.data() instead of &buf[0]
* Updates patch for mysql 8.21
* Fixup 8.21
* Disabkes fuzz_docommand to keep going with other targets for now
* do not even compile fuzz_docommand
* Adding license
* FIXMEs
* no longer compiled
* nits
The gold linker was forced when the system linker stopped linking the
Skia build. It seems that the gold linker is now running into issues, so
attempt to switch back.
* added new fuzzer
* added new fuzzer
* removed commented code
* add license header for uri_parse_fuzzer
* get values from FuzzedDataProvider, awaiting fuzz targets for FileNames and Ipv4 in parse_fuzzer
* build working
* fixed size mismatch, used better consumption function for remaining input
* reduced maxSize for uri_dissect_query_malloc_fuzzer
* added missing fuzz targets, removed unnecessary import
* removed unused include, changed instances of std::string to string, removed ToVector, added checks, and removed usage of FuzzedDataProvider in uri_dissect_query_malloc_fuzzer
* fixed vector issue in uri_parse_fuzzer
* added explicit value checks, removed Yoda comparisons
This leads to multiple definitions of everything defined in
SkSVGCanvas.cpp since it will be compiled into the api_svg_canvas target
directly as well as the Skia xml target.
* Homepage updated, added auto ccs to project.yaml
* Fixed project.yaml
* [spdlog] Added new fuzzers, modifed existing ones
* Revert "[spdlog] Added new fuzzers, modifed existing ones"
This reverts commit 1e7f14a81d.
* Modified existing fuzzer
* Added new fuzzer for backtrace
* Added new fuzzer for formatter
* Added new fuzzer for set_pattern
* Added new fuzzer for log_levels
* Moved fuzzers to upstream repo
* Moved fuzzers back to oss-fuzz
* fixed fuzzers
* Update years
The SwiftShader build seems to want SWIFTSHADER_EMIT_COVERAGE set or it
will do things that interfere with a coverage build. Use this to
simplify the SwuftShader build a bit and hopefully restore the coverage
build.
* Add new RDKit dependency (freetype)
FIxes Issue #23703
* just remove the freetype requirement for now
otherwise we have to build that static and that's a mess
* Update Dockerfile
* style: Clean up the repo
* Bolster the `.gitignore`
* Follow `CONTRIBUTING.md` guidelines and wrap `README.md` to 80
characters and seperate links for readability
* Remove pesky Unicode dash in `CONTRIBUTING.md`
* Remove `.DS_STORE` files
* Rename `#project.yaml#` to something logical and enable stntax
highlighting
* Updates from reviewers
* Greatly reduce `.gitignore` to only macOS `.DS_Store` and Vim
temporary files
* Apply markdown style to `docs/index.md`
* small comma grammatical change
* http -> https
* added new opus fuzzer, build working
* added missing license header, cleaned up Dockerfile
* fixed build process
* changed build process depending on C or C++ fuzzer
* converted opus_multi_fuzzer from C++ to C, reverted build script to only accept C files
* Add a working skeleton for OpenEXR fuzzers.
* added openexr fuzzers, updated build script to include them
* cleaned up bash loop
* [openexr] Replace buf_to_file with StdISStream.
Version 2.5.0 of OpenEXR added a StdISStream class that turns
a std::string into an Imf::IStream, which can be used instead of
filenames when opening an OpenEXR image. This commit adds code which
wraps the fuzzer input into a StdISStream, which enables us to remove
the hacky buf_to_file function.
* updated deepscanlines_fuzzer to use IStream instead of filenames
* replace "/work" with in build.sh
* Reformat CMake settings, and also prevent building utils and examples.
* Reformat and change names in build.sh.
* Omit the version prefix when building OpenEXR and IlmBase libraries.
* updated final two fuzzers to use istream
* fixed additional conflict in project.yaml
* get header size from input
* increased header size
* Fix argument types in readFileSingle
Co-authored-by: Michael Jezierny <mtjz@google.com>
Co-authored-by: Abhishek Arya <inferno@chromium.org>
- Updates project.yaml to specify libfuzzer as fuzzing engine
- Adds a basic Dockerfile
- Add a build.sh script for initial target
Co-authored-by: pierwill <pierwill@users.noreply.github.com>
* Add wasm-tools repository to wasmtime project
This commit expands the fuzzers run under the Wasmtime project to
include those in the https://github.com/bytecodealliance/wasm-tools
repository. This includes various parsing for utilities used by Wasmtime
itself but also generally useful for other Rust projects! The
maintainers of the wasm-tools repository are also all currently all on
the notification list for Wasmtime fuzz bugs as well.
* Load all corpuses from wasmtime-libfuzzer-corpus
* fixing Dockerfile for libpng-proto
* adding json proto, LPM, and fuzz target for jsoncpp
* adding vanilla fuzzer back in
* fixing weird spacing in build script + taking out unneedef header file
* adding settings field and passing all of json_str
* adding license headers
* refactoring settings field
* fixing compile issue
* fixing MSan issue, changing license to 2020, and using iterator instead of pointers
* passing pointers more understandably to parse
* taking out unecessary assign
Co-authored-by: Danny Halawi <dhalawi@google.com>
* Add spanner emulator project
* Adding auto_css for Sneha and myself
* Adding dockerfile and build.sh files
* Further fixes for OSS-Fuzz integration
* Update build.sh
* Cleaning up commented code in build.sh
* Fuzzing branch merged with main in the emulator repo, modified dockerfile to clone main now instead of the branch.
* Updating build.sh to copy the binaries to out
* Cleaning up build.sh by removing Envoy specific comments, removed dictionary code as no corpus exists yet
* Updating yaml to include the memory sanitizer
* Build.sh should now copy fuzzing binaries properly to , adding fuzzing_enginers parameter to yaml to bypass AFL timeout for now.
Co-authored-by: Jonathan Volfson <volfson@google.com>
Co-authored-by: Oliver Chang <oliverchang@users.noreply.github.com>
* Add a working skeleton for OpenEXR fuzzers.
* added openexr fuzzers, updated build script to include them
* cleaned up bash loop
* replace "/work" with in build.sh
* Reformat CMake settings, and also prevent building utils and examples.
* Reformat and change names in build.sh.
* Omit the version prefix when building OpenEXR and IlmBase libraries.
* Correct the contact addresses for OpenEXR.
Co-authored-by: Ravi Jotwani <rjotwani@google.com>
Currently, coverage builds fail on step 3 with:
```
Step #3: + rsync -avLkR --include '*.h' --include '*.cc' --include '*.hpp' --include '*.cpp' --include '*.c' --include '*/' --exclude '*' /tmp /workspace/out/coverage
Step #3: sending incremental file list
Step #3: symlink has no referent: "/tmp/tmp.BOH6TAB62E/ares/include/ares_build.h"
Step #3: symlink has no referent: "/tmp/tmp.BOH6TAB62E/ares/include/ares_dns.h"
Step #3: symlink has no referent: "/tmp/tmp.BOH6TAB62E/ares/include/ares.h"
Step #3: symlink has no referent: "/tmp/tmp.BOH6TAB62E/ares/include/ares_rules.h"
Step #3: symlink has no referent: "/tmp/tmp.BOH6TAB62E/ares/include/ares_version.h"
Step #3: symlink has no referent: "/tmp/tmp.BOH6TAB62E/include/sha1.c"
Step #3: symlink has no referent: "/tmp/tmp.BOH6TAB62E/include/gcm_nohw.c"
Step #3: symlink has no referent: "/tmp/tmp.BOH6TAB62E/include/digests.c"
...
```
Just exclude these files. Doubt they matter to us.
Ref: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23621&q=esp-v2&can=2
Signed-off-by: Teju Nareddy <nareddyt@google.com>
* syzkaller: update go get invocation
The way to checkout the repo has changed.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21994
* [syzkalle] Fix paths passed to `compile_fuzzer` function.
Co-authored-by: Max Moroz <mmoroz@chromium.org>
* [libspng] Fetch zlib in Dockerfile
This step has been moved from the build script: c35e509f04
* Update Dockerfile
* Update Dockerfile
* dummy commit
* Update Dockerfile
* dummy commit
* dummy commit
* libzmq: use build script from upstream repository
In order to avoid having to send PRs every time we change something, simply
maintain the build script in the upstream repository, and change build.sh
to a one-line call.
* libzmq: clone corpora and dictionary repository
* fixing Dockerfile for libpng-proto
* Fixing Dockerfile so the LPM for giflib works
* Fixing Dockerfile so the LPM for xerces-c works
* taking out unneeded installations
Co-authored-by: Danny Halawi <dhalawi@google.com>
* [util-linux] cover mnt_table_parse_stream
Waiting for https://github.com/karelzak/util-linux/pull/1068
* temporarily point OSS-Fuzz to evverx/util-linux
* make sure it can be built with sanitizer=coverage
* added draco integration files
* wrote build file and Dockerfile for Draco
* split security-research-pocs fuzzer into four
* added project build to build.sh
* added more fuzzers
* fixed sanitizer flags
* removed commented code, combined fuzzers, fized build script
* changed to singular filenames, converted usage of random int to enum, changed buffer name, and fixed build script
* placed test files in memory instead of on disk, added asserts
* [libxml2] Two new fuzz targets
Enable HTML and XML Schema fuzzers.
* [libxml2] Compile missing source files
* [libxml2] Don't forget to build seed corpora
* added draco integration files
* wrote build file and Dockerfile for Draco
* added Apache 2 license header
* changed project maintainer, cleaned up draco_decoder_fuzzer, and set working directory in Dockerfile
* added a couple of fuzzers
* two more targets
* merged from upstream
* build point cloud encoding fuzzer, renamed quantization fuzzers
* added more fuzzers
* moved fuzzers and build script to https://github.com/google/draco, made the build script here execute the new one
Co-authored-by: Ravi Jotwani <rjotwani@google.com>
* QEMU: Add fuzz target build scripts
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
* QEMU: Disable AFL and MSan in project.yaml
We can't link against OSS-Fuzz' afl driver as it is not compiled with
-fPIC. Additionally, it appears that we trigger some false-positives
with MemorySanitizer, since we don't instrument all of the libraries.
Disable AFL and MemorySanitizer, for now.
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
* [opus] Build with -D_FORTIFY_SOURCE=0 to avoid msan false positives
Without this, a silk_memcpy call could resolve to __memcpy_chk,
which does not have an msan intercept, leading to false use-of-uninitialized-value errors.
* [opus] Consolidate cflags
* [opus] Fix typo
* Link against `libc++` with proper config in `.bazelrc`
* Add support for `undefined` build, link against proper `clang_rt` library
* Don't rsync in verbose mode.
* Support `undefined` and `memory` sanitizers
* Support more fuzzers than just `libfuzzer`.
The oss-fuzz documentation states that listing supported sanitizers in a project's yaml [is optional](https://google.github.io/oss-fuzz/getting-started/new-project-guide/#sanitizers). It appears that CIFuzz requires supported sanitizers to be included in this file ([ref](26e8d7c772/infra/cifuzz/cifuzz.py (L508-L529))). I believe this causes the CIFuzz Github Action to fail for projects that have not listed support for address sanitizer explicitly in their respective project YAML.
This PR explicitly defines support for asan and ubsan with a goal of fixing h2o's CIFuzz build
This got a bit messy as a change, but it's basically all that topic. I
had to go squint at python3-libraries to figure out the modern
incantation for getting python3 to build under the fuzzer, but victory
is mine and this is probably substantially cleaner.
* Need to manually install numpy now as it is used in the toolchain
* Handle review
* Remove bazel install since we install bazelisk
* Force symlink python3 -> python
* Refactor build script
* Remove `-stdlib=libc++` as that causes link errors
* Remove `identity_fuzz` as it results in a huge fuzzer. Will work on reducing size and then enable back
* Copy fuzzer to `$OUT`, not move
* Handle coverage support
* Added new fuzzer to xpdf.
* Updated sanitizers.
* Limit sanitizer to address as this is the only one that allows us to fuzz the pdf core parser.
* Disable logging and go further into the API.
By default a cmake based build puts user provided flags at the beginning
of a compiler invocation, giving them lowest priority. This makes it
quite difficult to add the required -fno-sanitize=vptr flag since it
will be placed before -fsanitize=undefined in a SWIFTSHADER_UBSAN build.
To make this work will require upstream changes to SwiftShader's build.
However, it is not necessary to build SwiftShader with the undefined
behavior sanitizer in order to fuzz Skia for issues. (This is only
required for the memory sanitizer which fortunately works.) As a result,
build SwiftShader without the sanitizer in the Skia undefined sanitizer
fuzzer build.
* [skia] Update diff for upstream change.
SkReadBuffer::getArrayCount() implementation changed, so update the
diff.
* [skia] Build fix for upstream build changes.
Skia is changing its build a little bit. 'skia_enable_fontmgr_custom'
has become 'skia_enable_fontmgr_custom_directory' (since that is what
it actually did) and skia_enable_fontmgr_custom_embedded has been added.
* [skia] Update SwiftShader to something not so old.
Skia builds it without submodules. Only build libGLESv2 and libEGL
instead of building everything, which isn't needed and takes a long
time. SwiftShader already has a checked-in build/ directory, so use a
different directory for building. Limit the number of make jobs to avoid
'Cannot allocate memory' errors. To build SwiftShader with a sanitizer,
the cmake define is now like SWIFTSHADER_XSAN.
* Nodejs initial integration.
* Added headers to fix Travis.
* A lot of simplifications to build script. LDFLAGS is the key here.
* More simplifications to build script.
* Fix Travis.
* Remove msan.
* Generalise and simplify build script.
* utilise all cores and a bit nicer structure in build.
* [libxml2] Initial integration
Fuzz targets are now maintained in the libxml2 repo.
* [libxml2] Install i386 versions of dependencies
* [libxml2] dpkg --add-architecture i386
* [libxml2] Link dependencies statically
* Remove dga@google.com as he left Google
* Use python3 as python2 is deprecated
* Need to manually install numpy now as it is used in the toolchain
* Use bazelisk instead of the grep configure -> get Bazel version -> curl hack
* Remove C++11 constraint as TF now builds and uses C++14
* Handle review
* Remove source sed/replace as it is no longer needed
* Updated the haproxy fuzzers to build again.
* The frame decoder needs additional updates since we need to call init_h2 to initialise a memory pool. Disabling this for now as this is a larger change in the code base and will fix up in the coming week.
* Fixed hpack decode.
* Updated the yaml since we dont want memory sanitizer.
This makes build_fuzzers work with local checkouts.
Without this, it complains with 'Cannot use local checkout with "WORKDIR
/src".'
Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
Oliver Chang