A direct clone now gives you dev which is future Qt 6, none of the
code using Qt expects Qt6 yet
Using 5.15 now (instead 5.12 before) means we have to disable
sanitize=vptr in parts of qt in kimageformats since those
parts now compile with no-rtti
While at it make the compilation script a bit better:
* Don't need to disable compressing rcc files, only needed to pass
the CFLAGS to the QMAKE_CFLAGS
* Also fix the "make qmake faster" sed command
I'm re-enabling AFL since the issue with gmock's main being present was fixed in e8616a31f4
This libunwind changes solve the issues we were seeing with the fuzzers not running in the clusterfuzz bot environment. What this PR does, roughly:
* Copy the .so from the build image into `/out/lib`
* Patch the binaries so they have an rpath which specifies looking in `/out/lib` for libraries in addition to the normal search path
This will work *assuming* `/out/lib` is copied over in the bot environment and is available. I'm relying on code reviewers to let me know if this is true or not. If not, it should be an easy path update.
Test plan:
Verifying the AFL build was easy:
python infra/helper.py build_fuzzers --sanitizer address --engine afl proxygen
python infra/helper.py check_build --engine afl proxygen
python infra/helper.py run_fuzzer --engine afl proxygen ProxygenHTTP1xFuzzer
I verified the libunwind changes by using the shell command (thanks for the tip, didn't know that was there!).
I first built the binary using this build script.
I then used `python infra/helper.py shell --sanitizer address proxygen`
In the shell, I:
* Ran `/out/ProxygenHTTP1xFuzzer` and verified it worked
* Ran `ldd` on it and showed it pointed to `/out/lib` for `libunwind.so.8`
* Uninstalled libunwind
* Verified it still worked
* Used `patchelf --print-rpath ProxygenHTTP1xFuzzer` to verify that the rpath was set as I expected (inside `/out/lib`)
* Removed the patch using `patchelf --remove-rpath to_patch`
* Verified that the fuzzer no longer runs (crashes on startup, complaining about missing `libunwind.so.8`)
* I verified that the binary still finds the system one if rpath isn't set, by reinstalling it, using `patchelf --print-rpath` again, verifying that it prints the path to the system `libunwind` when I run `ldd`, and that the fuzzer runs fine. This implies it can find other system libraries fine too (and I saw that in the `ldd` output)
I don't think I can do any further testing, so we will just have to hope that this works in the bot environment.
It seems mails from ossfuzz are not reliably received on *gmx
(that is michaelni@gmx.at in my case)
They sometimes appear days later or not at all.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* [libssh] Enable msan
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* [libssh] Add Jakub Jelen to the project
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
This adds support for compiling and running the fuzzers present in the proxygen repository.
Right now there's only one fuzzer committed there, but this build script is generic
and will pull all of them in as we add more (if oss-fuzz integration proves fruitful).
Test plan is below - following https://google.github.io/oss-fuzz/getting-started/new-project-guide/#testing-locally
I verified the base image builds:
python infra/helper.py build_image proxygen
I built and verified the ASAN fuzzer works:
python infra/helper.py build_fuzzers --sanitizer address proxygen
python infra/helper.py check_build proxygen
python infra/helper.py run_fuzzer proxygen ProxygenHTTP1xFuzzer
Similar thing for UBSAN:
python infra/helper.py build_fuzzers --sanitizer undefined proxygen
python infra/helper.py check_build proxygen
python infra/helper.py run_fuzzer proxygen ProxygenHTTP1xFuzzer
Note the last one seemed to run ASAN build by default so I pulled out the command it runs and ran it manually:
docker run --rm -i --privileged -e FUZZING_ENGINE=libfuzzer -e SANITIZER=undefined -e ARCHITECTURE=x86_64 -v /home/mhl/oss-fuzz/build/out/proxygen:/out -t gcr.io/oss-fuzz-base/base-runner test_all
I tested the coverage build:
python infra/helper.py build_fuzzers --sanitizer coverage proxygen
python infra/helper.py coverage proxygen ProxygenHTTP1xFuzzer
Note that this "runs" but threw some warnings which I will file a separate issue for.
It does generate the files though.
NOTE: I didn't run the MSAN build as I would have to figure out instrumenting all dependencies.
We can investigate that in a follow up.
Similarly, I haven't yet tried the dataflow build.
Note that I haven't tried testing this with the AFL build yet either. There were no instructions on the page (https://google.github.io/oss-fuzz/getting-started/new-project-guide/#testing-locally) on how to do so -- if someone can mention them here I am happy to test that too before committing.
* mpg123: limit runtime of decode_fuzzer
To avoid spurious timeout reports, the test shall end after 10000 MPEG frames
or 1 MiB of data, which should both be reasonable numbers. The timeout
report motivating this had 500K with 140k bad frames. The limit of
10000 frames corresponds to a normal radio song as MP3 stream.
* mpg123: limit runtime of read_fuzzer
This applies the same logic as the decode fuzzer: stop decoding after
10000 MPEG frames or 1 MiB of input data. We could debate a bigger
limit on the data size, but we do want compact testcases, right?
Meson requires a cross file for compiling i386 on x86_64. This
unfortunately needs to be generated on the fly to honor oss-fuzz'
compiler and compiler flags.
Supercedes #2823.
Catena cyber