The current run_fuzzer will fail when multiple libfuzzer options are
specificed in a .options file. Currently, if there are multiple options
then none of the options will be used, but rather an issue about a
"binary operator expected" will occur. One implication of this is that
check_build fails to use it and may, therefore, report erroneously. This
fixes it by enabling the use of zero, one and many libfuzzer options.
This generated dictionary consists of keywords and significant punctuation.
It's useful for fuzzers were inputs are C/C++/ObjC source code.
See https://reviews.llvm.org/D125166
clang-pseudo-fuzzer fuzzes clang-pseudo, which is a heuristic parser
based on clang's lexer.
This is a new effort and we'd like to keep it fuzz-clean from the beginning.
oss-fuzz has reported numerous signed integer overflow problems
in flac that cannot be reasonably fixed. The problem is that
flac uses some math that is numerically unstable when fed with
random data, and as these are only audio samples, this overflow
is not a problem. Therefore, I added
`__attribute__((no_sanitize("signed-integer-overflow")))` to a few
functions in the flac sources.
However, while a decoder fed with random data has this problem,
an decoder that is being used to verify an encoder fed with random
data should never overflow. As the same functions are used, the
flac sources should be compiled twice: once with the mentioned
attributes for the decoder fuzzers, and once without them for the
encoder fuzzers.
Note that the define passed in this code is not yet integrated in
libflac, but this change should happen first or else the old
bugs appear again
* pyxdg: extend fuzzer and add corpus+dict
The extension is mainly to force xml checking before its passed into the
pyxdg library. The problem I had was any code in xml would not be
instrumented, so coverage could not be used to explore correct xml
files. I did a minor guard to use lxml instead to check xml validity, as
this could be instrumented proper. Gains are significant.
* try to fix fuzzer not part of pyxdg
* nit
* nit
* fix build failure
* ngolo-fuzzing get some coverage
With the fuzz targets which work already.
The LPM fuzz targets do not support coverage yet...
* ngolo: do not take bufio for io
Following the addition of coverage visualisation it's now easier to
detect missing pieces. This extends flask fuzzing to cover missing
areas. A nice next step in flask fuzzing is to create more end-to-end
fuzzers.
* infra: fix python coverage
The python coverage has not started working on oss-fuzz.com yet. This is
an effort to fix this.
* add logs and stats files
* log stderr too
Updates oss-fuzz to correctly parse Pigweed's updated CIPD JSON format
to fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44445. Also
restores bloaty to the list of required CIPD packages to allow
post-bootstrap checks to pass.
Kobrin Eli