`isc__initialize()` is a libisc function that is marked with
`__attribute__((constructor))`; it works as expected when the library is
linked dynamically, but it gets stripped away in static builds prepared
by OSS-Fuzz as it is not called directly by any of the fuzzers. However,
one of the fuzzers (`fuzz/dns_message_checksig.c`) calls
`dns_view_create()`, which calls `isc_file_sanitize()`, which in turn
calls `isc_md(ISC_MD_SHA256, ...)`. The latter does not work unless
`isc__md_initialize()` is called beforehand and that function is in turn
expected to be called by `isc__initialize()`. Since the latter is absent
from OSS-Fuzz builds, the `dns_message_checksig` fuzzer crashes on every
input.
Since this is only an issue for static builds, which BIND 9 currently
does not support except for OSS-Fuzz specifically, use the `-u` linker
flag to force-link `isc__initialize()` into the fuzzer binaries. Also
force-link `isc__shutdown()` (a libisc destructor) for consistency.
Recent updates in upstream caused the latest build to fail. Am pushing
these patches to ensure the build runs at the moment. The proper next
step is to get rid of the patching but will do that later.
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
…tras distribution.
These changes fix the problem that is currently causing the freeradius
project not to build properly. I am a consultant working with Network
RADIUS, and I am submitting this pull request on their behalf.
This should enable fuzz introspector builds to run smoothly
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
XS is a JavaScript engine, the typical timeouts aren't necessarily bugs
-- it's expected that code will run for a long time. Over time the
fuzzer has generated quite a few timeouts, near-infinite loops.
We added metering to the XS fuzz target to cap execution to a number of
steps. In this PR we set the limits to reduce the amount of timeouts.
Timeouts that still reported are more likely to be bugs we should fix
(either in engine or in metering feature itself).
The main changes are:
- improvements to code injection sink analyser
- output of data about all functions into summary.json. This is useful
for e.g. comparing reports and making historical analysis.
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
This fixes the build failure in Exiv2.
We recently added [inih](https://github.com/benhoyt/inih) as a
dependency to Exiv2, but we need a newer version of inih that includes
the C++ bindings. OSS-Fuzz is still using a docker image based on Ubuntu
20.04 which doesn't include a sufficiently up-to-date version of the
`libinih-dev` package. So I've added a build flag to Exiv2 in
https://github.com/Exiv2/exiv2/pull/2465 which enables us to build
without the inih dependency. The fuzz target doesn't need inih, so it
shouldn't make any difference to the fuzzing results.
I am removing one of the existing fuzzers in
https://github.com/rustls/rustls/pull/1171 (which should be subsumed by
one of the existing ones). However, the fuzzing CI job that we run is
currently failing because the build script hard codes the fuzzer names.
Make an attempt at copying whatever the fuzzer builds instead.
I am not very experienced at shell stuff, but in some local testing this
seems to do the job.
cc @ctz
Update Centipede to [its latest commit
eb91dd2](eb91dd2157),
which added some new features and fixed runtime bugs found in recent
FuzzBench experiments.
Build only status_fuzz fuzztest for now in addition to all the
non-fuzztest fuzzers. The build will be extended to new fuzztest fuzzers
once the overall build starts passing again.
Recent commits on Tensorflow made the build not work e.g.
77e3480998
and the reason is we need proper diffing in place (e.g. remove `no_oss`
in the BUILD tag). These should be included in the build, but will
handle that after the current build starts working agains.
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
jonathanmetzman