This PR reduces the final `base-builder-jvm` image by 9GB.
Careful review and full integration testing across oss-fuzz projects are
required before merging, obviously.
This worked on two projects I was interested in. One that used
`@FuzzTest` and one that used `fuzzerTestOneInput`
The `jsonpickle` project maintainers would like to take ownership of the
OSS-Fuzz integration & test harnesses.
@davvid is the project's primary maintainer and `primary_contact`.
@Theelx is a core contributor added to the CC list. Approval for these
changes can be found in the related upstream discussion here:
https://github.com/jsonpickle/jsonpickle/issues/496.
The Upstream integration PR (as referenced in the comments below) has
been merged: https://github.com/jsonpickle/jsonpickle/pull/525
### Notes
@DavidKorczynski I've removed your email from the `project.yaml` as I
believe it was added as a fallback in the absence of a `primary_contact`
for the project. Please let us know if you disagree with this change.
This PR initialises OSS-Fuzz integration for the utf8parse project in
Rust. New fuzzers have been created, and a PR
(https://github.com/alacritty/vte/pull/116) has been submitted upstream
to merge the fuzzers.
***REMARK: This PR only works when the upstream fuzzers PR has been
merged.**
---------
Signed-off-by: Arthur Chan <arthur.chan@adalogics.com>
This PR fixes a build error by adding `src/abort_message.cpp` to the
linker. It requires because
[DEMANGLE_ASSERT](230946fad6/libcxxabi/src/cxa_demangle.cpp (L14))
is used in the demangling module.
```
cxa_demangle.cpp:(.text._ZNK12_GLOBAL__N_116itanium_demangle4Node5visitINSt3__117reference_wrapperINS_11DumpVisitorEEEEEvT_[_ZNK12_GLOBAL__N_116itanium_demangle4Node5visitINSt3__117reference_wrapperINS_11DumpVisitorEEEEEvT_]+0xfcd): undefined reference to `__abort_message'
/usr/bin/ld: /tmp/cxa_demangle-39bd04.o: in function `__cxa_demangle':
cxa_demangle.cpp:(.text.__cxa_demangle[__cxa_demangle]+0x192c): undefined reference to `__abort_message'
/usr/bin/ld: /tmp/cxa_demangle-39bd04.o: in function `(anonymous namespace)::itanium_demangle::AbstractManglingParser<(anonymous namespace)::itanium_demangle::ManglingParser<(anonymous namespace)::DefaultAllocator>, (anonymous namespace)::DefaultAllocator>::parseEncoding(bool)':
cxa_demangle.cpp:(.text._ZN12_GLOBAL__N_116itanium_demangle22AbstractManglingParserINS0_14ManglingParserINS_16DefaultAllocatorEEES3_E13parseEncodingEb[_ZN12_GLOBAL__N_116itanium_demangle22AbstractManglingParserINS0_14ManglingParserINS_16DefaultAllocatorEEES3_E13parseEncodingEb]+0x297b): undefined reference to `__abort_message'
/usr/bin/ld: /tmp/cxa_demangle-39bd04.o: in function `(anonymous namespace)::itanium_demangle::AbstractManglingParser<(anonymous namespace)::itanium_demangle::ManglingParser<(anonymous namespace)::DefaultAllocator>, (anonymous namespace)::DefaultAllocator>::popTrailingNodeArray(unsigned long)':
cxa_demangle.cpp:(.text._ZN12_GLOBAL__N_116itanium_demangle22AbstractManglingParserINS0_14ManglingParserINS_16DefaultAllocatorEEES3_E20popTrailingNodeArrayEm[_ZN12_GLOBAL__N_116itanium_demangle22AbstractManglingParserINS0_14ManglingParserINS_16DefaultAllocatorEEES3_E20popTrailingNodeArrayEm]+0x407): undefined reference to `__abort_message'
/usr/bin/ld: cxa_demangle.cpp:(.text._ZN12_GLOBAL__N_116itanium_demangle22AbstractManglingParserINS0_14ManglingParserINS_16DefaultAllocatorEEES3_E20popTrailingNodeArrayEm[_ZN12_GLOBAL__N_116itanium_demangle22AbstractManglingParserINS0_14ManglingParserINS_16DefaultAllocatorEEES3_E20popTrailingNodeArrayEm]+0x441): undefined reference to `__abort_message'
/usr/bin/ld: /tmp/cxa_demangle-39bd04.o:cxa_demangle.cpp:(.text._ZN12_GLOBAL__N_116itanium_demangle22AbstractManglingParserINS0_14ManglingParserINS_16DefaultAllocatorEEES3_E18parseTemplateParamEv[_ZN12_GLOBAL__N_116itanium_demangle22AbstractManglingParserINS0_14ManglingParserINS_16DefaultAllocatorEEES3_E18parseTemplateParamEv]+0xffd): more undefined references to `__abort_message' follow
```
https://oss-fuzz-build-logs.storage.googleapis.com/log-85060829-7b6e-4940-bdbc-8fbf81f2055a.txt
We recently released a new version of Wasmer and, among other things, we
now use LLVM 18 and rust 1.81: this small patch bumps them to the
correct versions in the scripts.
---------
Co-authored-by: Vitor Guidi <vitorguidi@gmail.com>
Kubearmor is a Runtime Security Enforcement System leveraging LSMs
(BPF-LSM, AppArmor).
More about KubeArmor [here](https://kubearmor.io/)
This PR covers initial integration with some fuzzers.
---------
Signed-off-by: prady0t <rickprimeranjan@gmail.com>
Co-authored-by: Vitor Guidi <vitorguidi@gmail.com>
I am requesting permission to integrate
[pdfplumber](https://github.com/jsvine/pdfplumber) into OSSFuzz. I
believe that this project is a good candidate for OSS-Fuzz integration
as it extracts a PDF for detailed information about each text character,
rectangle, and line. It is used by over 12.500 repositories and 245
packages. Most notably, langflow (30k+ stars), DB-GPT (13k+ stars),
unstructured (8k+ stars) and PaddleNLP (12k+ stars)
Please see upstream approval for integration
[here](https://github.com/jsvine/pdfplumber/issues/1198)
Co-authored-by: Vitor Guidi <vitorguidi@gmail.com>
I am requesting permission to integrate
[jupytext](https://github.com/mwouts/jupytext) into OSS-Fuzz. I believe
that this project is a good candidate for OSS-Fuzz integration. It is a
Python package that provides two-way conversion between Jupyter
notebooks and several other text-based formats like Markdown documents
or scripts. It is used by over 8,000 repositories and 340 packages. Most
notably, google/flax (6k+ stars), Azure/PyRIT (1.8k+ stars), scipy/scipy
(13k+ stars), ploomber (3.5k+ stars) and jupyter-book (3.8k+ stars)
Please see upstream approval for integration:
https://github.com/mwouts/jupytext/issues/1236
Co-authored-by: Vitor Guidi <vitorguidi@gmail.com>
Apply the following changes to the KImageFormats project:
- Moved EXR lib to branch 3.3
- Update AVIF lib to latest patch release
- Added SCITEX plugin to fuzzer test
- Fixed KDE/extra-cmake-modules build error
Giving
https://github.com/google/oss-fuzz/pull/12592#issuecomment-2415803665 a
go using `bashlex`
Will place a script in `/out/replay-build-script.sh` with the script
that can be used for replaying.
This is still poc and will need some adjustments, e.g. we need some more
handling on the bash script's ast to reason about loops.
---------
Signed-off-by: David Korczynski <david@adalogics.com>
Co-authored-by: Oliver Chang <ochang@google.com>
Create ccache wrappers for clang[++]-jcc, and remove the explicit path
from the CC/CXX variables in target_experiment.py.
Note: this is not fully tested end to end yet.
Part of https://github.com/google/oss-fuzz-gen/issues/682.
This PR initialises OSS-Fuzz integration for the tar-rs project in Rust.
New fuzzers have been created, and a PR
(https://github.com/alexcrichton/tar-rs/pull/385) has been submitted
upstream to merge the fuzzers.
---------
Signed-off-by: Arthur Chan <arthur.chan@adalogics.com>
As requested in https://github.com/google/oss-fuzz/pull/12605 Sorry for
the spam. It happened by accident when migrating bug trackers. It should
no longer be an issue. Let me know if you want more emails again :-)
This PR add a new fuzzer for the unicode-normalization module under the
unicode-rs repository. The fuzzer has been merged in upstream
repository.
---------
Signed-off-by: Arthur Chan <arthur.chan@adalogics.com>
This installs clang wrappers at /ccache/bin, and sets up a build cache
at /ccache/cache. To use this, inside the project container we just need
to do:
```
export PATH=/ccache/bin:$PATH
```
In another PR, we can store the /ccache/cache somewhere we can pull down
at runtime.
Some results:
Fresh compile:
real 0m49.249s
user 10m41.818s
sys 1m2.097s
With ccache cache:
real 0m9.877s
user 0m6.278s
sys 0m19.966s
Fresh compile:
real 1m17.214s
user 0m49.454s
sys 0m27.963s
With ccache:
real 0m34.962s
user 0m18.092s
sys 0m17.083s
The `PARALLEL_FUZZING` environment variable is used to enable parallel
fuzzing in CFLite. The variable is always defined by GH Action, but it
was not interpreted as a boolean value, so it was always enabled even if
the option is set to `false`.
Co-authored-by: Vitor Guidi <vitorguidi@gmail.com>
This PR initialises OSS-Fuzz integration for the semver-parser project
in Rust. New fuzzers have been created, and a PR
(https://github.com/steveklabnik/semver-parser/pull/63) has been
submitted upstream to merge the fuzzers.
REMARK: This PR only works when the upstream fuzzers PR has been merged.
---------
Signed-off-by: Arthur Chan <arthur.chan@adalogics.com>
Pull from stable branch of x265 project for builds. Default repository
content does not seem to be fully populated for use.
Co-authored-by: Vitor Guidi <vitorguidi@gmail.com>
A new fuzzer has been accepted and merged into the upstream repository
for the rust-url module in the Servo repository. This PR updates the
build script accordingly and adds a new contributor's email to the
project.yaml file of this project.
Signed-off-by: Arthur Chan <arthur.chan@adalogics.com>
Try adding a few ignores for dependencies that we're not interested in
to help improve the quality of the coverage reports coming out of
fuzzing for Wasmtime.
Tim Allison