Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,870 Commits 189 Branches 0 Tags 122 MiB
Commit Graph

217 Commits

Author SHA1 Message Date
Abhishek Arya 1bf9031854
Fix code coverage regression. (#5949) 
Hardcode commit hash for chromium code coverage script, till
revert happens.
Fixes #5934
 2021-06-19 16:48:24 -07:00
jonathanmetzman 624a294bff
[CIFuzz] Allow run_fuzzers to use a preexisting corpus. (#5928) 
* [CIFuzz] Allow run_fuzzers to use a preexisting corpus.

Also improve comment in cifuzz-base/Dockerfile.

* improve comment

* Fix run_fuzzers
Add --cache option to helper.py's build_image command which
uses the docker image cache when building and use this in
ci/build.py.
Change build_image_impl's argument no_cache to cache for clarity.
Eliminate default argument cache in build_fuzzers_impl since no users
use it.
 2021-06-17 08:32:20 -07:00
van Hauser 6ca95a1817
enhance afl++ performance (#5916) 2021-06-14 07:37:20 -07:00
Fabian Meumertzheim 73d78b8879
[infra][jvm] Add Jazzer UBSan support (#5898) 
* [infra][jvm] Add Jazzer UBSan support

* [java-example] Reenable and plant UB

* [docs] Mention support for Java UBSan in docs

Also adds a link to the java-example build.sh to the docs.
 2021-06-10 07:57:42 -07:00
Fabian Meumertzheim 770d590e13
[infra][jvm] Don't override jvm_args in coverage builds (#5862) 
Specify --additional_jvm_args instead of --jvm_args so that custom
target JVM args (e.g. --enable-preview) are preserved in coverage runs.
 2021-06-01 08:03:10 -07:00
jonathanmetzman 8c4ad095e9
[CIFuzz] Refactor in preparation for filestore (#5841) 
1. Moving the _create_config and create_config functions from build_fuzzers_test.py and run_fuzzers_test.py into test_helpers.py (which is now part of cifuzz instead of infra) and share code between them.
2. Rename artifacts_dir to crashes_dir in run_fuzzers.py. "artifacts" is ambiguous.
3. Make some small changes to pytest.ini to improve debugging.
 2021-05-26 09:45:22 -07:00
Fabian Meumertzheim 6defe8c725
[infra] File-level coverage for JVM projects (#5822) 
* Exclude Jazzer classes from coverage reports

* Generate file-level coverage data for Java

Adds per-file coverage information to llvm-cov style *.json files for
Java targets.

This provides full CI Fuzz support for "jvm" projects.
 2021-05-25 08:05:16 -07:00
van Hauser 878a05a092
afl++: increase forkserver timeout (#5784) 2021-05-24 13:43:34 -07:00
Fabian Meumertzheim f053e761ec
[infra] Allow shell script targets for all languages (#5802) 
For proper support of Bazel's runfiles tree, a shell script wrapper is
also needed for C++ targets, see
https://github.com/bazelbuild/rules_fuzzing/pull/149.

This commit allows shell script fuzz targets for all languages. This
also helps to consolidate the various fuzz target checks in OSS-Fuzz
by removing a dependence on fuzzing_language.
 2021-05-24 09:16:32 -07:00
Fabian Meumertzheim f08e98d176
[infra][jvm] Create per-target summary.json (#5778) 2021-05-17 07:25:10 -07:00
Fabian Meumertzheim 88f76bc641
[infra] Make `targets_list` detect JVM/Python targets (#5775) 
* [infra] Make `targets_list` detect JVM/Python targets

`targets_list` should not detect `jazzer_driver` and `jazzer_driver_asan` as fuzz targets, but should consider shell scripts that contain `LLVMFuzzerTestOneInput`.

@inferno-chromium This should fix https://github.com/google/oss-fuzz/pull/5770#issuecomment-841851786.

* Fix
 2021-05-16 18:37:55 +00:00
jonathanmetzman 8221561c34
Fix coverage script issues (#5764) 
Make sure to install MarkupSafe==0.23 instead of >=0.23 which breaks.
Probably the solution is to upgrade Jinja upstream.
Fixes #5763
 2021-05-13 15:32:42 +00:00
Fabian Meumertzheim 466787d4f5
[infra] Fix base-runner build (#5756) 
Builds of base-runner fail as the Chromium coverage helper script has a
transitive dependency on MarkupSafe, which as of version 2.0 requires
additional python packaging tools to be installed.

This commit installs python3-setuptools and wheels, which fixes the
build.
 2021-05-12 07:13:22 -07:00
Fabian Meumertzheim 124db941a7
[infra] Fix java coverage (#5747) 
* Filter non-fuzz target binaries in coverage script

* Filter non-fuzz target binaries in helper.py

* Fix fuzz target executable bit check in helper.py

Python and JVM fuzz target executables created via the docs template
set the exectuable via `chmod u+x` as the root user, which means that
os.access checks in infra/helper.py don't see the exectuable bit if
not run as root locally.

With this commit, the check now looks for any of the three exectuable
bits.
 2021-05-11 10:10:54 -07:00
Fabian Meumertzheim 5cfb074ae5
Add Java coverage support (#5733) 
Coverage is collected by running the fuzz targets with the JaCoCo agent
in Jazzer's no instrumentation mode.

Since JaCoCo does not support llvm-cov style coverage reports, a simple
Python helper creates it using the information contained in the JaCoCo
XML report.

As the Java build process does not maintain a mapping between source
files and build artifacts and JaCoCo needs to be passed the root folder
of the package tree, we use the Maven directory layout convention to
heuristically detect these roots.
 2021-05-10 20:33:07 -07:00
Fabian Meumertzheim f393c97b11
Add missing Java AWT dependency (#5644) 
The library libXext.so.6 is required by some Java AWT classes even in
headless environments.

This fixes a crash in apache-commons:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33489
 2021-04-20 21:10:13 +01:00
Caolán McNamara 0f02ca5a56
retry sequentially if multiprocessing do_bad_build_check detects fail… (#5578) 
* retry sequentially if multiprocessing do_bad_build_check detects failures

https://github.com/google/oss-fuzz/issues/5441

The error seen in the build log is:

Whoops, the target binary crashed suddenly, before receiving any input
from the fuzzer!

suggesting that the fuzzer crashed before it got to do anything.
Debugging locally what I tend to see is that

a) in src/afl-forkserver.c afl_fsrv_start the read_s32_timed call
returns 0 and that triggers kill(fsrv->fsrv_pid, fsrv->kill_signal);
(SIGKILL)
b) read_s32_timed returns 0 because *stop_soon_p is non-zero at
restart_read:
c) *stop_soon_p becomes non-zero in handle_stop_sig of
src/afl-fuzz-init.c due to receiving SIGINT
d) that SIGINT is sent by the timeout script used in bad_build_check so
it is that "outer" timeout process which is sending SIGINT which then
triggers afl-forkserver's internal SIGKILL to kill the process

I get improved results if I retry the killed off fuzzers sequentially

* Remove unneeded semicolons to fix presubmit

Co-authored-by: Abhishek Arya <inferno@chromium.org>
 2021-04-05 12:50:15 -07:00
van Hauser df6dc548a9
remove map size for afl++ (#5433) 
* output afl++ setup

* update commit id

* update afl++ commit id

* asan + cmplog fix

* update commit id

* update and enhance afl++

* update afl++ commit id, better run asan options

* fix linter

* add debug_afl script

* Update debug_afl

* Update compile_afl

* fix for karchive

* put debug_afl in the docker container

* asan poison fix

* fix asan settings for zeek

* update afl++ commit id

* fix

* update afl++ commit id

* final touches

* remove map size

* remove old comment

Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
 2021-03-18 14:49:58 +00:00
Catena cyber e71e49d721
Golang coverage summary updated to version 2.0.1 (#5346) 2021-03-17 06:53:19 -07:00
Catena cyber 5c174c7e36
Golang coverage: use absolute paths (#5407) 2021-03-16 12:19:02 -07:00
Catena cyber b000f70a7a
Golang coverage: build binary instead of bash script (#5377) 2021-03-14 08:29:13 -07:00
Abhishek Arya 90b3d55f36
Fix unzip regression on base-runner. (#5356) 
* Fix unzip regression on base-runner.

* Dont rpath patch llvm-symbolizer.

Should fix https://github.com/google/oss-fuzz/issues/5349

* Revert "Dont rpath patch llvm-symbolizer."

This reverts commit fdd881dea2.
 2021-03-10 10:46:58 -08:00
jonathanmetzman 92bb205b50
[infra] Remove minijail. (#5343) 
We don't need minijail tooling anymore since we aren't using it
on OSS-Fuzz.
 2021-03-09 19:57:33 +00:00
jonathanmetzman c3124a0843
[base-runner] Reduce size by ~200 MB by using apt better (#5339) 
Don't install recommended packages if it means installing an
entire gcc toolchain. We don't need it in the runner.
 2021-03-09 18:06:44 +00:00
Catena cyber be915129e1
Golang coverage with go 1.16 and modules (#5321) 
* Fixes go coverage with modules

* Golang coverage html report turning off modules

Otherwise, we get the error
working directory is not part of a module
 2021-03-08 21:26:19 +00:00
jonathanmetzman 8fe74c1f72
[base-runner] Fix go issue and remove uneeded rust stuff. (#5319) 
Go needs the toolchain for now, so add it back to base-runner.
We don't actually need the rust toolchain so get rid of it
(saving about 1GB).
 2021-03-08 09:43:44 -08:00
Catena cyber c41e46ffc8
Rust coverage report (for Suricata) (#4697) 
* Rust coverage test

* Workaround to get rust coverage for Suricata
 2021-03-08 07:05:35 -08:00
jonathanmetzman 5e207cb607
[base-runner] Reduce image size by 45% (645 MB). (#5283) 
Reduce image size by:
1. Not installing go toolchain in final image. Build go tools in
seperate image that doesn't become base-runner.
2. Download the JVM zip in the same step we remove it.
 2021-03-04 06:33:27 -08:00
van Hauser c243108b6a
update afl++ commit id plus add afl++ debug script (#5297) 2021-03-04 14:19:53 +00:00
jonathanmetzman f5901265d1
[TSAN] Support TSAN (#5266) 
We aren't planning on suppoting TSAN on ClusterFuzz.
But we can support in CIFuzz since Skia wants it.
 2021-03-02 09:20:40 -08:00
van Hauser b5de0307a7
Fixes for afl++ (#5235) 
* output afl++ setup

* update commit id
 2021-02-22 07:41:49 -08:00
DavidKorczynski ab55c8eeef
infra: update the timeout of AFL (#5223) 
* Updated the timeout for AFL.

* Updated the AFL timeout.
 2021-02-21 16:06:29 -08:00
van Hauser 4bb61df790
Final afl++ integration (#5191) 
* final afl++ integration

* remove afl++ cmplog tests

* update afl++ commit id

* support rebuild

* llvm 13 workaround

* apply fix for llvm 13

* fix nits

* Fix nits.

* Fix name nit.

* update commit id

* update commit id

* update commit id to stable

Co-authored-by: Abhishek Arya <inferno@chromium.org>
 2021-02-18 12:55:07 -08:00
Fabian Meumertzheim 481280c650
[jazzer] Adapt infra scripting to JVM fuzz targets (#5176) 
compile, bad_build_check, and presubmit.py require small tweaks to
support JVM fuzz targets, most of which are similar to those required
for Python. The following additional changes are required:

* Since the Jazzer driver binary already links in libFuzzer, it should
  not be built as a static library.
* It is not clear how to do architecture checks as JVM fuzz targets can
  load their native dependencies dynamically at runtime. For now, the
  check is disabled.
* The Jazzer binaries are moved into $OUT and need to be skipped over in
  find_fuzz_targets.
 2021-02-16 07:06:58 -08:00
Fabian Meumertzheim 427f63c93c
Add Jazzer to base-builder and base-runner (#5166) 
Jazzer is built from HEAD using Bazel and the clang toolchain provided
by base-clang. While it could be built with OpenJDK 8, which is
available as a package, JVM fuzz targets should not be forced to be
compatible with Java 8. For this reason, the official binary release of
OpenJDK 15 is pulled into both base-builder and base-runner and set as
JAVA_HOME. It is trimmed down in size by removing src.zip and the jmods
directory.

Jazzer consists of the following four components:

* The API (`jazzer_api_deploy.jar`), which is required for fuzz targets
  that use FuzzedDataProvider or custom method hooks, is made available
  in /usr/local/lib in base-builder.
* The driver (`jazzer_driver`), which links in libFuzzer and is reused
  across fuzz targets. Since it is used to run fuzz targets, it is
  included into base-runner.
* The ASanified driver (`jazzer_driver_asan`), which is obtained from
  `jazzer_driver` by linking in ASan.
* The agent (`jazzer_agent_deploy.jar`), which bundles the runtime
  instrumentation agent with the Jazzer API. It is loaded by the driver
  and thus also included into base-runner.

The changes to the infra scripts required by JVM fuzz targets will be
submitted as a separate PR.
 2021-02-16 06:56:36 -08:00
jonathanmetzman a98d7f1ca4
[base-runner][NFC] Replace test_one with test_one.py (#5179) 2021-02-16 06:14:53 -08:00
Evgeny Vereshchagin 4af2cfe3cf
bad_build_check: also look for call on x86_64 (#5159) 
It should make the script compatible with binutils-2.36.1 (where
"callq" is no longer present in the output of objdump)

It was spotted in https://github.com/systemd/systemd/pull/18528
 2021-02-10 09:43:18 -08:00
van Hauser 458dd61bbb
afl++ CMPLOG test (#5130) 
* afl++ CMPLOG test

* fixes
 2021-02-07 09:42:13 -08:00
van Hauser 380687236a
optimal afl++ defaults (#5129) 
* optimal afl++ defaults

* fixes
 2021-02-06 22:58:58 +00:00
Abhishek Arya 93eb6024f4
Add AFL_MAP_SIZE in run_fuzzer 
Otherwise get errors like these for libsass.

[+] All right - fork server is up.

[-] PROGRAM ABORT : AFL_MAP_SIZE is not set and fuzzing target reports that the required size is very large. Solution: Run the fuzzing target stand-alone with the environment variable AFL_DEBUG=1 set and set the value for __afl_final_loc in the AFL_MAP_SIZE environment variable for afl-fuzz.
         Location : report_error_and_exit(), src/afl-forkserver.c:321
 2021-01-31 10:48:04 -08:00
jonathanmetzman de2ecf8553
[cifuzz] Allow specifying corpus for run_fuzzer (#5064) 2021-01-28 15:04:43 -08:00
jonathanmetzman 0ac841a1a4
Replace terms that are uninclusive. (#5045) 2021-01-25 08:41:34 -08:00
Jonathan Metzman 1193e419a3 Disable linting on dataflow_tracer 2021-01-20 13:40:50 -08:00
Jonathan Metzman 4184718c61 undo changes 2021-01-20 13:34:26 -08:00
Jonathan Metzman 2b26c5446f Lint everything (and test everything too? 2021-01-20 13:25:56 -08:00
Abhishek Arya 01ebe8e15f
Don't run test_all on llvm-symbolizer for black box fuzzer projects. (#4873) 2020-12-19 08:20:29 -08:00
jonathanmetzman 2a1194c939
Improve CIFuzz tests (#4868) 
1. Fix problem where permissions were being changed to root by non-root test (test was doing this by invoking test_all.py within docker).
2. Mark tests as integration tests so that cifuzz_test.py can be run in a reasonable amount of time.
3. Prevent some unittests from polluting source repo.
4. Add .venv to .gitignore
5. Rename test_test_all.py to the correctly formatted name "test_all_test.py"
 2020-12-18 10:37:56 -08:00
Abhishek Arya 6718fb8bd6
Fix broken blackbox fuzzer projects. (#4865) 
* Fix broken blackbox fuzzer projects.

Regression from
https://github.com/google/oss-fuzz/pull/4769/files

* Fix indent.
 2020-12-17 16:29:11 -08:00
jonathanmetzman a24cebec02
Make test_all.py return nonzero when there are no fuzzers. (#4796) 
Make test_all.py return nonzero when there are no fuzzers.

This matches the previous behavior.
Fixes https://github.com/google/oss-fuzz/issues/4795
 2020-12-07 10:16:31 -08:00
jonathanmetzman b1c77d1fa2
[test_all] Fix issue where CIFuzz may use an empty string for ALLOWED_BROKEN_TARGETS_PERCENTAGE (#4778) 2020-12-03 13:30:03 -08:00