The oss-fuzz git ASAN build fails due to a leak inside git iself:
the build script builds a copy of git, and then uses that binary to
prepare the corpus - although the git invocation itself succeeds,
ASAN causes the script to fail due to the leak:
https://oss-fuzz-build-logs.storage.googleapis.com/log-2eee2921-1b3f-4dd8-a902-50474e8fed55.txt
This was reproduced locally using:
$ python infra/helper.py build_fuzzers --sanitizer address git
Disabling leak checking for all invocations of git in the script
is enough to avoid this failure, thus fixing the build.
The leak itself is being fixed in git in the following commit (which
is now in next, hence the build should be fixed by now):
https://git.kernel.org/pub/scm/git/git.git/commit/?id=bf4bb9f9f5130a7b299f7810fb87a40cdd1bd8ee
However, I still believe we should be disabling leak checking during
the build script in this way because:
1. This issue persisted for close to one month before being fixed,
and blocking oss-fuzz runs on a leak during the build process
for that long seems counter-productive.
2. An alternative would be to use a pre-built copy of git to build
the corpus (thus sidestepping ASAN in the first place), but IMHO
installing git via the Dockerfile seems more wasteful AND it's
unclear if that would have side effects (I'm not sure if the
commit-graph format changes between versions).
Andrzej Hunt