GetINCHIfromINCHI calls strlen on szOptions, which leads to undefined behavior as it's not a valid null-terminated byte string.
Explicitly NULL out the char* to avoid this.
We have some fuzzers that are security-critical (json, exif), but
these haven't found anything genuinely new in a long time. It seems
unlikely that they will find something that is not a regression in
a pre-release version (and as such okay to be public).
The other fuzzers are not classified as security-critical by the
the PHP project (unserialize, unserializehash, parser, execute,
function-jit, tracing-jit). The latter three produce the vast
majority of new reports.
I think it would be more valuable to make fuzzing reports public
and have a larger set of people who can work on them.
1. Move most of the generic stuff into BasePlatformConfig.
2. Make a GCB platform config that sets WORKSPACE and PROJECT_SRC_PATH so users don't have to.
3. Make a skeleton prow platform_config for Mitchel to fill out.
4. Make users explicitly specify the CFL_PLATFORM so we can pick CI environments
Share more code between the 4 implementations of `prepare_for_fuzzer_build`.
This simplifies the code of these implementations, reduces repetition and makes them easier to
understand.
Create helper functions/methods for:
1. Creating a failed `BuildPreparationResult`: `get_build_preparation_failure`
2. Building an external project docker image: `_build_external_project_docker_image`
3. Cloning a repo and checking out the specified commit/pr: `_clone_repo_and_checkout`
4. Detecting the main repo `_detect_main_repo`
5. Creating a repo manager from an existing checkout: `_create_repo_manager_for_project_src_path`
Change `ExternalGeneric` implementation of `prepare_for_fuzzer_build` to:
1. Call `_create_repo_manager_for_project_src_path`
2. Call `_build_external_project_docker_image`
Change `InternalGeneric` implementation of `prepare_for_fuzzer_build` to:
1. Call `_detect_main_repo`
2. Call `_create_repo_manager_for_project_src_path`
Change `ExternalGithub` implementation of `prepare_for_fuzzer_build` to:
1. Call `_clone_repo_and_checkout`
2. Call `_build_external_project_docker_image`
Change `InternalGithub` implementation of `prepare_for_fuzzer_build` to:
1. Call `_detect_main_repo`
2. Call `_clone_repo_and_checkout`
Fix diffing on non-GitHub and improve config
1. Remove obsolete comments.
2. Remove unused function get_pr_ref
3. Correct comment on git_sha
4. Rename commit_sha to git_sha
5. Make base_commit, pr_ref, and base_ref non-github specific and move to
CiEnvironment.
6. Hoist get_diff_base to base class to allow diffing
7. Fix downloading coverage on non-Github.
8. Add TODO so that we don't assume github actions is run on github.com
(enterprise users)
9. Rename repo_url to git_url.
10. Add missing git_url method base class.
11. Clarify what git_url, git_sha and pr_ref are for and leave TODOs about how
we can eliminate them.
12. Fix typos.
Getting the LATEST_BUILD_WINDOW latest commits from HEAD^ is wrong. We
should use the diff base instead.
Also modify the Ci.get_diff_base methods to not include "..." in the
return value. This will be appended in get_changed_code_under_test
instead.
This also potentially fixes a behaviour mismatch with GitHub
PRs and diffing against the latest base branch rather than
git merge-base base-branch HEAD.
* binutils: add dlltool fuzzer
* binutils: build in a loop to try multiple times
* binutils: disable GAS building as AFLPP has problems with it
* disable building ld to make aflpp work
* binutils: simplify build
* binutils: reenable gas fuzzer
* binutils: conditionally build gas fuzzer
1 Fix usage of gsutil tool.
2 Get rid of run_fuzzers_mode and change to mode. Fixes: #6677
3 Install requirements before copying source code to make iterative development of cifuzz code faster.
Improve binutils fuzzing in three ways:
- Extend objdump and objcopy fuzzers. Make a version of objdump fuzzing
that is more stable
- New targetted disassembly fuzzer for mep architecture
- Include more extensive corpus
Signed-off-by: David Korczynski <david@adalogics.com>
DavidKorczynski