This is an intermediate step towards fuzzing of out-of-memory
conditions, which will be accomplished by making the Nth malloc/
calloc/realloc fail. With this intermediate step, hopefully no
oss-fuzz build failures will occur
In PR #7687 I tried to add a define by adding it to CFLAGS, but that
didn't work without rerunning configure. By adding the define to
config.h, rerunning configure is not necessary
oss-fuzz has reported numerous signed integer overflow problems
in flac that cannot be reasonably fixed. The problem is that
flac uses some math that is numerically unstable when fed with
random data, and as these are only audio samples, this overflow
is not a problem. Therefore, I added
`__attribute__((no_sanitize("signed-integer-overflow")))` to a few
functions in the flac sources.
However, while a decoder fed with random data has this problem,
an decoder that is being used to verify an encoder fed with random
data should never overflow. As the same functions are used, the
flac sources should be compiled twice: once with the mentioned
attributes for the decoder fuzzers, and once without them for the
encoder fuzzers.
Note that the define passed in this code is not yet integrated in
libflac, but this change should happen first or else the old
bugs appear again
Erik de Castro Lopo is no longer actively involved in maintaining the libFLAC project. I'd like access to the not-yet-public bug reports and the details so we can get a new release out.
* [presubmit] Enforce language attribute in projectt.yaml to be always set.
* Update documentation, better presubmit check, new project template.
* add docstring to templates.py
* Add example values in the project.yaml template and remove python value for now
* Add "project: c++" to 256 projects
* format
* Add labels and selective_unpack sections to the presubmit check
* fix incorrect auto_ccs format in three projects
* fix nss emails after rebase
* Add Mozilla fuzzing team to auto_cc of their used 3rd party libraries
* Use new vendor_ccs field in projects.yml (#2703)
* Remove not yet approved projects
* Remove not yet approved projects
Martijn van Beurden