Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,194 Commits 195 Branches 0 Tags 125 MiB
Commit Graph

8194 Commits

Author SHA1 Message Date
Yulong Zhang 1f54736ca2
Grant maintainer access to libraw issues (#8830) 
Per upstream request here: https://github.com/LibRaw/LibRaw/issues/496
 2022-10-21 11:06:22 +01:00
AdamKorcz 3d25bcc757
golang: add encoding fuzzer (#8829) 
Signed-off-by: AdamKorcz <adam@adalogics.com>

Signed-off-by: AdamKorcz <adam@adalogics.com>
 2022-10-21 10:14:03 +01:00
aschaich 4ba604688c
[spring-cloud-config] Initial integration for spring-cloud-config-client (#8755) 2022-10-20 15:05:25 -04:00
aschaich f78eb9e01f
[spring-cloud-netflix] Initial Integration for spring-cloud-netflix-eureka-client (#8751) 
Current master branch of
https://github.com/spring-cloud/spring-cloud-netflix is broken, as is
also indicated by the upstream project CI. Use 5ec430e instead, which is
the latest commit that passed through the upstream CI and also "works
over here".
 2022-10-20 15:02:44 -04:00
Henry Lin 1417f5f183
spring-webflow: Initial integration (#8776) 2022-10-20 15:01:26 -04:00
Patrice.S 5d3e7691a9
spring-cloud-stream: initial integration (#8778) 2022-10-20 14:56:18 -04:00
jonathanmetzman 871ea5240a
[trial-build] Add sleep to avoid rate limiting (#8819) 
Sleep is appropriate because we're going to wait on builds which take
orders of magnitude longer than one second sleeps
 2022-10-20 12:52:21 -04:00
DavidKorczynski 69e9860b8f
git: add timeout for locking files (#8822) 
Aim to solve issue e.g.
https://storage.cloud.google.com/git-logs.clusterfuzz-external.appspot.com/libFuzzer_git_fuzz-cmd-diff/libfuzzer_asan_git/2022-10-20/00%3A10%3A58%3A417288.log
 2022-10-20 15:34:31 +01:00
Yusuke Endoh 7967f44dc7
Add oss-fuzz@ruby-lang.org to ruby (#8821) 
We'd like to receive notification from oss-fuzz by our dedicated mail
alias.
 2022-10-20 09:35:59 +00:00
Dongge Liu d277b01ed8
[Rolling out Centipede] Project 1 - 5 (#8690) 
Given that `Centipede` works fine on our test project
`github-scarecrow`, we will gradually roll it out to let more real-world
fuzzing targets benefit from it.
The first round contains the following 5 projects:
1. `brotli`,
2. `brunsli`,
3. `draco`,
4. `http-pattern-matcher`,
5. `woff2`.

Projects are selected because:
1. They are `C++` projects,
2. They are from `Google`.

There will be another two rounds (5 + 10) as soon as we can confirm that
`Centipede` works fine in the first round.
 2022-10-20 10:12:57 +11:00
manunio 8b76f1a6d3
miniz_oxide: initial integration (#8742) 
Hi, [miniz_oxide](https://github.com/Frommi/miniz_oxide) is a pure rust
replacement for the [miniz](https://github.com/richgel999/miniz)
deflate/zlib encoder/decoder using no unsafe code.
- It has 60 million+ downloads as per
[crates.io](https://crates.io/crates/miniz_oxide).
- It is being used by projects like:
  - [backtrace-rs](https://crates.io/crates/backtrace)
  - [flate2](https://crates.io/crates/flate2)
  - [deflate-rs](https://crates.io/crates/deflate)
  - [image-png](https://crates.io/crates/png)
 2022-10-19 14:09:09 -04:00
commented-line bef71d2321
initial intigraion of textwrap (#8770) 
textwrap is a very popular library for rust. It has 75 million downloads
from crates.io . It is also used as a dependency for a lot of very
popular libraries.
 2022-10-19 14:06:42 -04:00
Julien Voisin 3c95350db6
Document file GitHub issue (#8810) 
Co-authored-by: Julien Voisin <jvoisin@google.com>
 2022-10-19 14:04:58 -04:00
jonathanmetzman 97fb43c360
Delete trigger_test 2022-10-19 13:51:35 -04:00
Fabian Meumertzheim 5b1953b201
infra/java: Improve reproducibility of memory issues (#8736) 
When reproducing, use slightly lower limits on heap and stack size so
that minimal changes to fuzz targets, fuzzer and runtime do not cause
memory issues to fail to reproduce.
 2022-10-19 13:51:06 -04:00
manunio d5ac057980
bson-rust: initial integration (#8633) 
Hi, [bson-rust](https://github.com/mongodb/bson-rust) provides encoding
and decoding support for BSON in Rust.
- It has 2 million+ downloads as per
[crates.io](https://crates.io/crates/bson)
-  It's being used by projects like:
   - [mongo-rust-driver](https://github.com/mongodb/mongo-rust-driver)
   - [juniper](https://github.com/graphql-rust/juniper)
   - [nushell](https://github.com/nushell/nushell)
   - [async-graphql](https://github.com/async-graphql/async-graphql)
   - [poem](https://github.com/poem-web/poem)
   - [rbatis](https://github.com/rbatis/rbatis)
 2022-10-19 13:25:45 -04:00
Julien Voisin 5f4bb59dc6
Improve a bit the libraw fuzzer (#8814) 
Co-authored-by: Julien Voisin <jvoisin@google.com>
 2022-10-19 17:35:13 +01:00
AdamKorcz a065702de6
golang: fix multipart fuzzer (#8816) 
Adds an updated version of [this
fuzzer](https://github.com/AdamKorcz/go-fuzz-corpus/blob/master/multipart/main.go)
that invokes the garbage collector manually.

This prevents _some_ incorrect OOM crashes reported by OSS-Fuzz, for
example https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52536

Signed-off-by: AdamKorcz <adam@adalogics.com>

Signed-off-by: AdamKorcz <adam@adalogics.com>
 2022-10-19 17:34:50 +01:00
Henry Lin 8ec85eb8e5
jetty: Fix build failure (#8817) 
Fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51784
Delete some not needed jar.
 2022-10-19 17:34:25 +01:00
AdamKorcz 05108923f3
golang: add strings split fuzzer (#8813) 
@howardjohn: for info

Signed-off-by: AdamKorcz <adam@adalogics.com>

Signed-off-by: AdamKorcz <adam@adalogics.com>
 2022-10-19 01:28:43 +01:00
DavidKorczynski a64bdf16a0
Bump fuzz introspector (#8812) 
To fetch various improvements, e.g.
- https://github.com/ossf/fuzz-introspector/pull/528
- https://github.com/ossf/fuzz-introspector/pull/546
- https://github.com/ossf/fuzz-introspector/pull/548
- https://github.com/ossf/fuzz-introspector/pull/549
 2022-10-18 23:57:07 +00:00
Navidem 45c5e45aa9
Add Monitoring via Fuzz Introspector (#8803) 2022-10-18 11:06:16 -07:00
Julien Voisin 00d62f5b55
Fill issues on github for libraw (#8808) 
As asked by upstream here:
https://github.com/LibRaw/LibRaw/issues/295#issuecomment-637604541

cc @LibRaw
 2022-10-18 18:43:11 +01:00
AdamKorcz 58ae87370e
jackson-core: improve fuzzer (#8811) 
Adds more target APIs to `ParseNextTokenFuzzer`.

Signed-off-by: AdamKorcz <adam@adalogics.com>

Signed-off-by: AdamKorcz <adam@adalogics.com>
 2022-10-18 18:42:24 +01:00
Julien Voisin 6a1eff7459
Fix libraw's build (#8809) 
Co-authored-by: Julien Voisin <jvoisin@google.com>
 2022-10-18 17:54:03 +01:00
AdamKorcz f7cd9410c9
jackson-databind: Improve fuzzers (#8807) 
1. Add more target APIs
2. Group target types together
3. Add more settings

Signed-off-by: AdamKorcz <adam@adalogics.com>

Signed-off-by: AdamKorcz <adam@adalogics.com>
 2022-10-18 15:08:25 +01:00
DavidKorczynski dc3a4df805
ruby: extend fuzzing to hit regex (#8797) 
Signed-off-by: David Korczynski <david@adalogics.com>

Signed-off-by: David Korczynski <david@adalogics.com>
 2022-10-18 10:58:12 +01:00
DavidKorczynski bc2c2bed01
asn1crypto: add primary contact (#8806) 
ref:
https://github.com/wbond/asn1crypto/issues/234#issuecomment-1281715842
 2022-10-18 10:56:13 +01:00
Navidem b4a9385b2a
Add Fuzz Introspector to FAQ (#8800) 2022-10-17 17:42:49 -07:00
Steven Wirsz e93ef71771
BZIP2: new BZ2_bzWrite & BZ2_bzRead fuzz driver. (#8790) 
Should increase functional coverage of BZIP2 from 60% to 80%
 2022-10-17 16:40:44 -07:00
Ari Rubinstein ab9234fb09
fix(xs): Add Raphael to oss-fuzz perms (#8799) 
This PR adds Raphael to the oss-fuzz perms for XS

CC: @raphdev
 2022-10-17 21:17:09 +01:00
AdamKorcz 250146fd34
jackson-databind: remove Pattern class for deserialization (#8796) 
Will resolve https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51219
which is a false positive.

Signed-off-by: AdamKorcz <adam@adalogics.com>

Signed-off-by: AdamKorcz <adam@adalogics.com>
 2022-10-17 11:51:18 +01:00
DavidKorczynski eb36c36bd2
git: fix branch name during diffing (#8795) 
Fixes various early exits atm:
-
https://storage.cloud.google.com/git-logs.clusterfuzz-external.appspot.com/libFuzzer_git_fuzz-cmd-diff/libfuzzer_asan_git/2022-10-17/05%3A05%3A41%3A777284.log
-
https://storage.cloud.google.com/git-logs.clusterfuzz-external.appspot.com/libFuzzer_git_fuzz-cmd-diff/libfuzzer_asan_git/2022-10-17/05%3A05%3A36%3A470438.log
 2022-10-17 11:44:45 +01:00
Dongge Liu 947683a594
More thorough build checks for Centipede (#8697) 
Solves the CI failure in #8690, and uses the chance to add more thorough
tests for the sanitized target binary and the unsanitized target binary
for `Centipede`, which is something we thought about but did not have
the chance to implement:
1. When building sanitized binaries with `helper.py` (i.e., local or
GitHub CI): Unsanitized ones will be built automatically into the same
docker container. Now bad_build_check tests both
* a) If main fuzz targets can run with the auxiliary sanitized binaries,
and
    * b) If the auxiliaries are built with the correct sanitizers.
3. When In the Trial build and production build: Two kinds of binaries
will be in separate buckets / docker containers. Now Script
bad_build_check tests either
* a) If the unsanitized binaries can run without the sanitized ones, or
* b) If the sanitized binaries are built with the correct sanitizers.

Co-authored-by: Jonathan Metzman <metzman@chromium.org>
 2022-10-17 12:48:04 +11:00
Catena cyber f5f128e131
SystemSan: use tgkill on precise pid (#8615) 
This patch is meant for `tgkill` to use the right thread, so that we get
the right stack trace every time
 2022-10-17 09:28:42 +11:00
Mike Kruskal 1a291c1174
Move protobuf python to upb (#8782) 
We currently have 3 implementations of protobuf-python (pure python,
C++, and upb). upb has been the default implementation since 21.x
though, and we should be fuzzing against that one. The other two will
eventually be turned down.
 2022-10-15 21:36:02 +01:00
DavidKorczynski 9307cd2b26
ghostscript: add pdfwrite options fuzzer (#8783) 
Fuzzer that will randomise more options for the ghostscript. First try
this out with interpolation, where the goal is to increase coverage of
base/gxiscale.c

Signed-off-by: David Korczynski <david@adalogics.com>

Signed-off-by: David Korczynski <david@adalogics.com>
 2022-10-15 15:07:17 +01:00
Julien Voisin 646285eeda
Simplify libarchive's fuzzer (#8781) 
Co-authored-by: Julien Voisin <jvoisin@google.com>
 2022-10-14 17:56:28 +01:00
Julien Voisin cd51dc3672
Increase a bit the coverage of libarchive (#8779) 
Exercise archive_entry related functions

Co-authored-by: Julien Voisin <jvoisin@google.com>
 2022-10-14 16:32:25 +01:00
DavidKorczynski 51ce3445c3
git: create empty template directory (#8777) 
Create empty template directory instead of using /tmp/. This is because
there are lots of other stuff in /tmp/.

To avoid errors like:

https://storage.cloud.google.com/git-logs.clusterfuzz-external.appspot.com/libFuzzer_git_fuzz-cmd-diff/libfuzzer_asan_git/2022-10-14/03%3A28%3A22%3A198498.log

Signed-off-by: David Korczynski <david@adalogics.com>

Signed-off-by: David Korczynski <david@adalogics.com>
 2022-10-14 14:12:26 +01:00
DavidKorczynski b7b3792cde
python-tabulate: fix primay maintainer email (#8775) 
Ref:

https://github.com/astanin/python-tabulate/issues/191#issuecomment-1277610774

Signed-off-by: David Korczynski <david@adalogics.com>

Signed-off-by: David Korczynski <david@adalogics.com>
 2022-10-14 12:14:36 +01:00
Riccardo Schirone 5b854a4468
pyjwt: catch PyJWTError exceptions (#8645) 
jwt functions like jwt.decode could raise PyJWTError exceptions (e.g.
ExpiredSignatureError if the token is expired)

Fix error handling for issue:
- 50696 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50696)
 2022-10-14 06:49:39 -04:00
Jacek Trossen 647284cd19
spring-security: initial integration spring-security-oauth2-jose (#8763) 2022-10-14 06:44:01 -04:00
Roman Wagner 1edc359f0d
[spring-ldap] Initial Integration (#8764) 
Co-authored-by: psy <patrice.salathe@code-intelligence.com>
 2022-10-14 06:39:04 -04:00
Patrice.S 844d382598
spring-data-mongodb: initial integration (#8762) 2022-10-14 06:38:32 -04:00
jonathanmetzman f8a91ddfe7
Debug "failed to start build" (#8772) 2022-10-14 06:12:02 -04:00
Catena cyber a6c7dee83a
ngolo-fuzzing: fuzz golang x packages (#8769) 
cc @AdamKorcz for the latest x/text CVE ;-)
 2022-10-13 18:53:27 -04:00
jonathanmetzman 8dfc2723ba
Speculative fix for proj4 in CIFuzz. (#8771) 
Related: #8647
 2022-10-13 20:57:26 +00:00
Riccardo Schirone 53e3927257
airflow: include cron_descriptor locale data in fuzzer executable (#8747) 
Fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50710
 2022-10-13 16:05:21 -04:00
zhangskz a3676fafb1
Update upb to +cc protobuf-oss-fuzz and team (#8767) 
Per

https://google.github.io/oss-fuzz/getting-started/new-project-guide/#primary,
Google accounts are needed for full access, which is why individuals are
also listed explicitly instead of using groups.
 2022-10-13 16:03:45 -04:00