In anticipation of samtools/htslib#929 merge, which will add
a submodule, among other changes. This will ensure fuzzing
continues to work both before and after the update.
* [teleport] Initial integration
* Minor update to run tests again
* [Hiredis] Initial integration
* Added maintainer email and slightly updated the build script
* Removed empty line
* Add BeautifulSoup
BeautifulSoup is the standard to parse untrusted/invalid/weird
html in Python, so fuzzing it for unexpected exceptions and
infinite loops makes sense. Moreover,
it's using various parsers, with some of them written in C.
* Update the building script
* ValueError is also a valid exception
Fix the build breakage caused by the AttrValues fuzzer in OSS. The target requires large artifacts to link against which are not optimal for OSS fuzzing.
* Add AVIF format to kimageformats project
* Update build.sh
Include license
Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
* Stop when opening a database fails. This will avoid null pointer
dereferences.
* Use C++11 smart pointers for leveldb::DB and leveldb::Iterator. This
makes it easier to ensure the fuzzer doesn't leak memory. No leak was
detected while applying this fix.
* Use the FuzzedDataProvider API exclusively for consuming data. This
makes it easier to ensure maximum fuzzer coverage.
* Avoid building unnecessary code (tests, benchmarks). This slightly
reduces oss-fuzz resource usage.
* Use an enum class and FuzzedDataProvider::ConsumeEnum() instead of
reimplementing it. This makes it easier to extend the fuzzer with new
operations in the future.
* Use meaningful names (key, value, name) instead of tmp* for local
variables storing leveldb API inputs.
The fwupd daemon is a firmware installer deployed onto tens (hundreds?) of
millions of devices. It parses untrusted firmware blobs from OEMs, ODMs and
IHVs writing using dozens of different protocols.
See https://fwupd.org/ for a whole ton more details about the project.
Using the LVFS we've deployed at least 22 million updates in the last few years,
although that number could be a lot higher in reality as we allow the LVFS to
be anonymously mirrored and for fwupd to be run without phoning home.
We used to fuzz with afl but recently switched to honggfuzz which found an
additional 17 critical warnings or crashes. Hence my interest in oss-fuzz!
My actual email address richard@hughsie.com is aliased to the email address
given here, and I can confirm I'm the upstream maintainer. The github project
has 1.1k stars and 172 forks if that means anything in reality.
The fwupd project is used by almost all distributions, *including* ChromeOS.
Soon osquery will require that the version of CMake
is not equal or higher than 3.18.0.
We can ignore such requirement since we are not making packages.
See osquery/osquery#6801
Also remove unused sed replacements. Those settings are now the default
when not using the osquery toolchain.
* Add a fuzzer for Pygments
While pygments doesn't use native code for fuzzing,
it's the defacto solution to highlight (untrusted) code,
so unexpected exceptions and timeouts are important.
* Make the fuzzer work
* Remove a useless LD_PRELOAD
* Add a missing "main_repo" field
* pillow: initial integration, but draft for now since some aspects of Python fuzzing are unclear.
* pillow: add header.
* Added pillow project.
* pillow: simply build.
* pillow: update project.yaml and build.
* pillow: remove or true when makeing.
* Pillow: remove use of temp file and simplify other aspects.
* pillow: do not use warnings and only use embedded jpeg in first run.
* pillow: speed gains.
Jeremy Katz