* Add fuzzing dictionaries for new ReadStat targets
They still need proper input corpuses, but this is a start.
* [readstat] Accommodate new file layout
corpus => fuzz/corpus
Dictionary files now included in source tree
* example project: fix minor problems with standalone fuzzer
* typo: "successfull" -> "successful"
* main should explicitly return 0 on success
* example project: fix minor problems with Makefile
* make "all" the first target
* use LIB_FUZZING_ENGINE to reference fuzzer in all places
* example project: fix typos in README
* Add upstream qpdf maintainer as auto_cc for qpdf
I am adding myself (using my Google account) as an auto_cc in
preparation for taking over ownership of the qpdf project and doing a
full integration with oss-fuzz.
The next branch is where relatively-stable changes live while testing
for stability. We should fuzz against this branch to give extra
confidence that these patches are bug-free before they are merged into
master.
* [bignum-fuzzer] Clone Mbed TLS recursively
The cryptography library of Mbed TLS has been moved to a separate
repository. It is now included into the project as a git submodule and
therefore we need to clone Mbed TLS recursively.
* [bignum-fuzzer] Use new Mbed TLS library location
The bignum module in Mbed TLS as part of the cryptography library has
been moved to a new location. This commit sets the corresponding paths
to their new values.
* [njs] Add nginx/njs project and njs_process_script_fuzzer.
* Add copyright, disable logging, disable leaks detection.
* fix memory leaks
* use $LIB_FUZZING_ENGINE
* list myself as a primary contact for now
* enable all sanitizers
These additional fuzzers all pass the existing check_build heuristics.
In the future, they would probably benefit from an input grammar file or corpus.
1. Ensure targets are re-linked after re-compiling libfuzzer_entry.o
2. Don't rely on LIBS to link libfuzzer_entry.o correctly (cannot
reproduce bot build failure, but log suggests this is the issue).
* Add protobuf target prototype
* Generalized architecture and added message stubs for future enhancements
* Added fine grained conversion of global/local color tables, LSD and image data
* Added conversion of extensions
* Flagged important TODOs
* Address important todos and add converter for GraphicControlExtension
* Minor bugfix: m_hasLct now reset for every image
* Fixed minor bugs and added GCExt to plaintext chunk
* Minor change to bug fix just for clarity
* Refactoring and add fuzz_dgif_extended
Refactor the code so that both targets import from dgif_fuzz_common.
Also add fuzz_dgif_extended, which exercises more functionality
of giflib
* Added minor comment
* Add new function that is a replica of Android JNI code
* Minor fix
* print errors (covers gif_err.c)
* bug fix in printing and disable it
* bug fix in printing error desc
* Add version variants to header message
* Add draw function from gif_font.c
* Remove LIB_FUZZING_ENGINE from compilation step and add GifDrawText8x8 API to custom fuzz harness
* WIP
* WIP
* WIP
* WIP
* WIP
* WIP
* Remove unnecessary loop
* Small bugfix: x is no longer unitialized
* Change to consistent formatting
* Fix bug that caused build failure
* Import the double-conversion fuzz target into OSS-Fuzz. double-conversion is a V8 library for computing and parsing string representations of floating point numbers.
* [cryptofuzz] EverCrypt: Don't explicitly allow AVX instructions
Recent crashes involving EverCrypt were found to be caused by
AVX instructions in the EverCrypt library. The Makefile explicitly
allowed the use of AVX instructions via hardcoded CFLAGS. The authors
have released a new version that should resolve this problem.
* [cryptofuzz, bignum-fuzzer] Revert to default OpenSSL build method
Reverts the workaround for OpenSSL broken build script, which is
now fixed.
* [cryptofuzz] Compile with -D_GLIBCXX_DEBUG (runtime C++ UB checks)
ARCHIVE_EOF and ARCHIVE_FATAL are the only valid exit codes
ARCHIVE_RETRY should read to re-entering the loop
All other codes (ARCHIVE_OK, ARCHIVE_WARN, ARCHIVE_FAILED) do not prohibit
the caller from reading data and next headers.
This behavior is identical with bsdtar (tar/read.c) and enables better
discovery of possible bugs by fuzzing.
This fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14648
Caused by reallocarray test succeeding in the docker image used by the
build worker. But the build.sh script assumes reallocarray is not
available and attempts to link in reallocarray.o replacement code, that
is not there, because the build image support linking with reallocarray.
This can be seen in the script lines in log above where ./configure
detects that that works. But this does not link if the instructions
are followed to reproduce the build, that docker image has no
reallocarray. The fix is to fetch the correct list of replaced
functions so that the build can succeed regardless of the version of
the base system that is used.
* [librawspeed] LIB_FUZZING_ENGINE fixes
Depends on 8906ca4a40
Refs. https://github.com/google/oss-fuzz/issues/2317
* [librawspeed] Drop dead CMake WITH_PTHREADS param
It is gone from RawSpeed's CMake, there is no longer any direct
dependecy on PThreads.
This is no longer needed as we handle this Envoy-side. This should fix
the build that has been broken since
https://github.com/envoyproxy/envoy/pull/6610.
Signed-off-by: Harvey Tuch <htuch@google.com>
* [cryptofuzz] Use latest OpenSSL version
This is a workaround for an issue OpenSSL's build system is currently
having. I've appended || true to the build command so failure is not
signaled to the Docker process running the build script, and the build
is not aborted.
Multithreaded compiling has been removed temporarily to avoid a race
condition that causes the make procedure to abort before libcrypto.a
has been compiled.
* [cryptofuzz] Build against LIB_FUZZING_ENGINE_DEPRECATED to prevent crashes
I just added a new fuzzer, `zstd_frame_info`, and want to be able to add new
fuzzers without submitting a pull request to oss-fuzz. This change uses zstd's
Makefile to download the corpora. Now I can add a new fuzzer to zstd and it will
automatically get built and download the seed corpus in oss-fuzz.
* [zstd] Add seed corpora for two new fuzzers
* [zstd] Add two more emails to cc list
It is helpful to add in the corporate email so we don't miss bugs.
* switch to another fuzzer repo aimed to be merged upstream
* update email addresses
checked with arvid, he approved adding his address
* [libtorrent] improve building
- use ninja
- don't build tests
- respect CXXFLAGS when building boost
- less verbose output when downloading
* create initial corpus zip files from git
this makes it much easier to add and remove
both fuzzers and corpus upstream and make
sure they work well.
Proto fuzzers are slow and haven't found bugs in a long time. Their
builds are also hard to maintain since they build in a different
configuration than any of the LLVM build bots.
* Determine Bazel version from configure.py script
* Install Bazel at the version from configure.py
* Don't downgrade Bazel on Dockerfile
* Make sure we were able to install proper Bazel
* Comment update
Ammar Askar