Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,159 Commits 196 Branches 0 Tags 125 MiB
Commit Graph

46 Commits

Author SHA1 Message Date
jonathanmetzman 439d0bc2c6
Enable centipede on a bunch of projects (#9643) 2023-02-13 14:24:42 -05:00
DavidKorczynski 0b97ad90e0
libarchive: handle erroneous archives (#9452) 
Some more codepaths were added to the fuzzer in
https://github.com/google/oss-fuzz/pull/9003 However, these paths are
only valid to call in the event `archive_read_open_memory` returns
`ARCHIVE_OK` -- the fuzzer is currently blocked due to this and is why
the coverage decreased between 17th Nov to 19th Nov
(https://storage.googleapis.com/oss-fuzz-coverage/libarchive/reports/20221117/linux/src/libarchive/report.html
vs

https://storage.googleapis.com/oss-fuzz-coverage/libarchive/reports/20221119/linux/src/libarchive/report.html)

Am looking to get the coverage back up as I'm writing some documentation
about

https://github.com/ossf/fuzz-introspector/issues/580#issuecomment-1318961239

@jvoisin could you help review?

Signed-off-by: David Korczynski <david@adalogics.com>

Signed-off-by: David Korczynski <david@adalogics.com>
 2023-01-18 16:01:44 +00:00
DavidKorczynski cecd0abb7f
libarchive: compile libxml without instrumentation (#9007) 
This makes the coverage reporting for lxml go away.

Ref:

https://github.com/ossf/fuzz-introspector/issues/580#issuecomment-1318961239

Signed-off-by: David Korczynski <david@adalogics.com>

Signed-off-by: David Korczynski <david@adalogics.com>
 2022-11-17 21:17:46 +00:00
Julien Voisin f00e25efb6
Exercises even more codepaths in libarchive (#9003) 
Co-authored-by: Julien Voisin <jvoisin@google.com>
 2022-11-17 12:29:34 -08:00
Julien Voisin 3ff681232d
Enable support for gnu-tar archive in libarchive (#9001) 
archive_read_support_format_gnutar isn't' called in
archive_read_support_format_all.

Co-authored-by: Julien Voisin <jvoisin@google.com>
 2022-11-17 04:43:19 -08:00
Julien Voisin 646285eeda
Simplify libarchive's fuzzer (#8781) 
Co-authored-by: Julien Voisin <jvoisin@google.com>
 2022-10-14 17:56:28 +01:00
Julien Voisin cd51dc3672
Increase a bit the coverage of libarchive (#8779) 
Exercise archive_entry related functions

Co-authored-by: Julien Voisin <jvoisin@google.com>
 2022-10-14 16:32:25 +01:00
Julien Voisin aeb77f29c8
Add two defines to libarchive's build (#8743) 
This should increase coverage by making libarchive ignore some crc
computation results.

Co-authored-by: Julien Voisin <jvoisin@google.com>
 2022-10-11 14:29:51 +01:00
Julien Voisin 16bf2e52de
Improve coverage of tar files in libarchive (#8744) 
Co-authored-by: Julien Voisin <jvoisin@google.com>
 2022-10-11 14:29:35 +01:00
Julien Voisin 7b2df00056
Enable all formats for libarchive (#8731) 
By default, raw and empty aren't enabled.

Co-authored-by: Julien Voisin <jvoisin@google.com>
 2022-10-10 15:46:47 +01:00
Julien Voisin 47e450b05a
Ignore crc32 in zip files in libarchive (#8732) 
Taken from
1385cd9c51/libarchive/test/test_write_format_zip_large.c (L293)
while waiting for https://github.com/libarchive/libarchive/issues/1788

Co-authored-by: Julien Voisin <jvoisin@google.com>
 2022-10-10 15:46:24 +01:00
Julien Voisin cf0808d299
Make use of libarchive uuencoded testfiles (#8686) 
Please do squash me :)

Co-authored-by: Julien Voisin <jvoisin@google.com>
Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
 2022-10-06 10:44:35 -04:00
Julien Voisin e74acd6a70
Make use of liblzo2 in libarchive (#8685) 
Co-authored-by: Julien Voisin <jvoisin@google.com>
 2022-10-05 15:34:26 +01:00
Julien Voisin 0a8a100e8d
Improve a bit libarchive's corpus (#8683) 
- Add corkami's repository of weird formats/archives
- Speed up compilation a bit

Co-authored-by: Julien Voisin <jvoisin@google.com>
 2022-10-05 11:20:41 +01:00
DavidKorczynski e93fb6ddbe
ffmpeg, libarchive: bump automate to fix builds (#8383) 
Similar to: https://github.com/google/oss-fuzz/pull/8365

Signed-off-by: David Korczynski <david@adalogics.com>

Signed-off-by: David Korczynski <david@adalogics.com>
 2022-09-01 12:10:53 +01:00
DavidKorczynski 4ff34a956e
infra: fuzz-introspector updates and bump (#7497) 
* infra: remove use of git_repo_url to fuzz-introspector

* libarchive,fluent-bit: add fuzz-introspector exclusion config

* fuzz-introspector: bump

Co-authored-by: Oliver Chang <oliverchang@users.noreply.github.com>
 2022-04-04 11:35:58 +10:00
Oliver Chang 8d55f22548
Fix libarchive build. (#7481) 
Set --enable-static for libxml2. This was set to false by default in a
recent commit
 2022-03-31 13:52:59 +11:00
DavidKorczynski 1194a4d59c
libarchive: fix xenial build to latest base (#6441) 
* libarchive: fix xenial build to latest base

* libarchive: switch to cmake build
 2021-09-14 17:36:51 -07:00
jonathanmetzman bf1275f005
[Ubuntu upgrade] Pin projects to Xenial where fuzzer build fails. (#6293) 
This does not include coverage build failures.
Related: #6180.
 2021-08-24 15:24:25 -07:00
Oliver Chang 84faf55729
Populate a bunch of main_repo values. (#4815) 
Also enforce this for future integrations.
 2020-12-10 09:49:27 +11:00
devtty1er d561c49ae5
Update Dockerfiles (#4070) 
* Use LABEL in place of MAINTAINER

* Remove LABEL maintainer from Dockerfiles
 2020-07-06 13:18:23 -07:00
AdamKorcz aec1054d97
[Libarchive] Removed creation of corpus from build script (#3744) 2020-04-30 09:12:02 -07:00
AdamKorcz 4eb1249499
Suggested fix for broken build (#3678) 2020-04-20 12:20:30 -07:00
AdamKorcz 3dcc003479
Added a seed corpus to libarchive fuzzer (#3590) 
* Added seed corpus to libarchive fuzzer

* Added auto cc

* Updated cc-list
 2020-04-17 07:25:38 -07:00
Max Moroz 71f4914c45
[presubmit] Enforce language attribute in project.yaml to be always set. (#3477) 
* [presubmit] Enforce language attribute in projectt.yaml to be always set.

* Update documentation, better presubmit check, new project template.

* add docstring to templates.py

* Add example values in the project.yaml template and remove python value for now

* Add "project: c++" to 256 projects

* format

* Add labels and selective_unpack sections to the presubmit check

* fix incorrect auto_ccs format in three projects

* fix nss emails after rebase
 2020-03-10 11:08:01 -07:00
Martin Matuška a996649c2c [libarchive] process archive_read_next_header() return codes like bsdtar (#2427) 
ARCHIVE_EOF and ARCHIVE_FATAL are the only valid exit codes
ARCHIVE_RETRY should read to re-entering the loop
All other codes (ARCHIVE_OK, ARCHIVE_WARN, ARCHIVE_FAILED) do not prohibit
the caller from reading data and next headers.

This behavior is identical with bsdtar (tar/read.c) and enables better
discovery of possible bugs by fuzzing.
 2019-05-16 10:11:20 -07:00
jonathanmetzman 3049c50d48
Migrate projects using -lFuzzingEngine to $LIB_FUZZING_ENGINE (#2325) 
Migrate from -lFuzzingEngine to $LIB_FUZZING_ENGINE where possible and not causing breakage
 2019-05-01 11:09:55 -04:00
Abhishek Arya 1607410bb1 Enable msan experiment on some projects. (#591) 2017-05-10 09:10:46 -07:00
Devin Jeanpierre 330386686d Use apt-get update && apt-get install, per best practices: (#561) 
https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/

I ran into this because I was getting errors locally, like:

    E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/d/dpkg/libdpkg-perl_1.18.4ubuntu1.1_all.deb  404  Not Found [IP: 91.189.88.149 80]

It turns out you get these if you don't update, and the official best practices are to `run apt-get update && apt-get install`. In fact, running _any_ apt-get install command without the apt-get update && before it can result in unfortunate caching artifacts -- see "cache busting". (P.S. thanks to Peng on Freenode for helping me, I'm bad at Ubuntu.)

So:
    sed -re \
        's/RUN apt-get ((-y )?(install|build-dep))/RUN apt-get update \&\& apt-get \1/' -i \
        projects/**/Dockerfile

I also manually fixed the cases that already ran apt-get update in their Dockerfile:
    dlplibs/Dockerfile
    grpc/Dockerfile
    libreoffice/Dockerfile
 2017-05-01 23:31:02 -07:00
Oliver Chang 60835ac420 oss-fuzz/BASE_IMAGE -> oss-fuzz-base/BASE_IMAGE 2017-03-22 12:12:51 -07:00
Oliver Chang 7df64d4ac4 [infra] ossfuzz/IMAGE -> gcr.io/oss-fuzz/IMAGE 2017-03-15 18:46:31 -07:00
Oliver Chang 39e886806f [experimental] enable AFL for libarchive 2017-02-21 17:45:01 -08:00
Martin Matuška c7608cc5fe [libarchive] fix wrongly placed parentheses in 89ae65d (#307) 2017-01-22 06:22:08 -08:00
Abhishek Arya 89ae65d516 Fix compile error in libarchive 2017-01-21 08:19:48 -08:00
Martin Matuška 555a80407b [libarchive] correctly exit on read error in libarchive_fuzzer.cc (#305) (#305) 
Thanks!
As we are discussing in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=234#c6
we encourage you to move this file into your repo. 
https://github.com/google/oss-fuzz/blob/master/docs/ideal_integration.md
 2017-01-20 19:33:38 -08:00
Martin Matuška 76f0d8df7f Add libacl1-dev and libattr1-dev to libarchive build (#296) 2017-01-18 14:20:00 -08:00
Mike Aizatsky e6a8c4d6cd [infra] updating usages of base-libfuzzer (#142) 2017-01-03 15:07:49 -08:00
Mike Aizatsky 3dd707ed58 [infra] using -lFuzzingEngine instead of -lfuzzer 2016-12-07 11:41:08 -08:00
inferno-chromium ca9715a55a Fix email issue causing exception. 2016-12-05 22:28:50 -08:00
Mike Aizatsky 7196647036 Update project.yaml 2016-12-02 10:44:23 -08:00
inferno-chromium d37a62b865 Update project.yaml 2016-12-01 07:22:19 -08:00
inferno-chromium 7823a752b8 Update project.yaml 2016-11-30 14:45:54 -08:00
Mike Aizatsky cf248c4759 [infra] making shallow git clones. fixes #42 2016-11-29 12:55:45 -08:00
Mike Aizatsky 879120437d [infra] build.sh cleanup 2016-11-29 11:33:42 -08:00
Mike Aizatsky a1f645866d [infra] target.yaml -> project.yaml 2016-11-29 11:03:26 -08:00
Mike Aizatsky a143b9b39a [infra] renaming targets/ to projects/ 2016-11-29 10:55:25 -08:00