1. Don't use trace-loads as it is not fully supported in LLVM and breaks
many projects (see
9383870160)
2. Use -Wl for link time options so they aren't unnecessarily used (also
fixes meson based projects).
This PR enables using Jazzer.js for fuzzing Node.js projects in
OSS-Fuzz.
Part of #8324
---------
Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
Update Centipede to [its latest commit
eb91dd2](eb91dd2157),
which added some new features and fixed runtime bugs found in recent
FuzzBench experiments.
Enable Fuzztest fuzzers for Tensorflow.
This depends on https://github.com/google/fuzztest/pull/79 and
eventually a PR on the tensorflow repo with the (to be refined) diff in
this PR.
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
Co-authored-by: Oliver Chang <oliverchang@users.noreply.github.com>
Some projects use `-Werror` to turn all warnings into errors.
This affects `Centipede` as we do not separate build and linking flags
as it expects, which leads to `unused-command-line-argument` warnings.
This PR disables turning that specific warning into errors and keeps the
rest the same.
`go-118-fuzz-build` is undergoing refactoring to fix some runtime issues
affecting Rekor and other projects. Currently none of Rekors fuzzers
run. This PR has been tested on all of Rekors fuzzers that will run with
this PR.
This PR modifies the infra OSS-Fuzz build script to adapt to the
upstream changes.
Cloning the `dev` branch of `go-118-fuzz-build` is a temporary solution
until it gets merged into `main` upstream.
Cloning go-118-fuzz-build in each build script is also a temporary
measure until `dev` gets merged into `main`.
Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: AdamKorcz <adam@adalogics.com>
- Pass coverage_url to both c/c++ and python report generation.
- Remove a double calling of introspector report generation.
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
Cross referencing https://github.com/google/fuzztest/pull/69
Signed-off-by: David Korczynski <david@adalogics.com>
Co-authored-by: Oliver Chang <oliverchang@users.noreply.github.com>
This is a follow-up to https://github.com/google/oss-fuzz/pull/8952
This bump is needed to have the Python projects work properly. Scan
should be done for all projects now, so have switched it on by default
in fuzz introspector.
Bump also contains
- Fix for util-linux where per-target coverage report links were broken.
- Reduced logging.
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
Co-authored-by: Navidem <navid.emamdoost@gmail.com>
Bumps fuzz introspector and updates the way python fuzzers are build for
introspector builds.
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
Wrap wildcards in quotes as otherwise the script will autocomplete if
there is a e.g. .json file in the current directory. This causes the
wrong files to be moved, which means `all_cov.json` will not be moved to
the introspector folder and thus wrong (no) coverage data will be used.
This error happens in e.g. g-api-auth-library-python
We can't simply autoremove the packages it installs and it adds 500 MB
to the image size.
Install the only dependency we don't already have libssl-dev since it is very small anyway.
Most projects have upgraded to 1.19 which is the latest version.
This upgrades Go to 1.19 in the base-image.
Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: AdamKorcz <adam@adalogics.com>
This fixes an issue where the `testing.F` is replaced with a new
package; if this was the only usage of `testing` in the file then we end
up with `testing` being an unused import. A workaround for this is to
just always use `testing` via some placeholder variable.
A recent commit allows `Centipede` to add timestamps to its log, which
can be very helpful for debugging.
This PR intends to update `Centipede` to add that commit.
Update `Centipede` to fix [the SegFault when using `AddressSanitizer`
with
`address_space_limit_mb`](https://github.com/google/centipede/issues/166).
Also set `address_space_limit_mb` as the issue has been fixed.
jonathanmetzman