Flex & Bison are needed to generate source files for yara syntax
support. While the generated source are currently in the clamav-devel
repo, the build system sometimes thinks the files must be regenerated.
In the future, these and the autotools generated files will be removed
from the clamav-devel repo and will need to be generated for every
build.
We're also planning to add CMake tooling (still a work in progress).
Once the generated files are removed, we'll either have ot build the
fuzz targets with CMake or bring in autoconf, automake, m4, libtool, and
pkg-config to generate the files in build.sh. At that time, we should
also update build.sh to build the dependencies statically, many of which
are missing at present meaning we're not getting great code coverage.
We'll also want to load a small signature set to improve code coverage
for the fuzz targets.
* [IPFS] Initial fuzzing of datastore consistency
Submitting IPFS for initial integration.
Initial fuzz testing is validating the interface of the multiple
datastore backings of IPFS. A fuzzer for the protocol between
nodes will follow.
* split backends into separate binaries for libfuzzer address sanitizer
* Add more json corpus
Add more json corpus, taken from https://github.com/minio/simdjson-fuzz (contains 8024 json seeds)
* Update wuffs dockerfile
simplify seeds extraction command and remove some blank lines
A specific configure option and installation directory have been
added for fuzzers built with an external engine via:
https://github.com/zeromq/libzmq/pull/3885
Also clone and build libsodium, as the encryption feature is using
its safe memory APIs.
* [Leptonica] Added fuzzer with corpus
* Updated fuzzer to not create and read from a file
* Updated fuzzer to not create and read from a file
* Added check to see if pixReadMem is NULL
This remaps /usr/bin/python as python3, because grpcio-tools support
for Python 2 has ended. Nanopb generator still uses #!/usr/bin/env python
so it would pick Python 2 by default otherwise.
Anaconda was used in a previous pull request to attempt installing a working
combination of libraries, but it is unnecessary once the version conflict was
fixed.
* libzmq: add alternative mail address and other maintainer's address
* libzmq: adjust zmq_z85_decode test
The output buffer is not fixed in size, it depends on input size and the
caller allocates it
* libzmq: add tests for handshake engine on connect/bind
Create localhost ipv4 TCP sockets to exercise libzmq's processing
of data over the network.
This connections should be rejected in the first part of the handshake
(greeting) only, so more tests should be added to further mock the
greeting and exercise deeper parts of the engine.
https://rfc.zeromq.org/spec/37/
* libzmq: fix coverage build
The combination of clang, coverage and automake is not happy at the
moment, and binaries fail to link. We don't need to build any of
the tools for these tests, so simply disable them.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21872
Upstream binutils commit 978c4450511 broke this target. What's more,
the use-after-free issue had been fixed quite some time ago. So,
don't reference symtab_shndx_list.
Catena cyber