Previously the allocator handled small pointer values incorrectly
and prevented multiple executions (unexpectedly used when OSS-fuzz
uses LSAN to look for memory leaks). More over there were cases
where too large allocations were not caught and the allocator
needlessly kept track of peak allocation statistics.
This makes it easier to build the fuzzer using a locally checked
out git repo without having to manually copy the fuzzer glue code
into the locally checked out git repo first.
- Enable i386 fuzzing
- Enable more operations (Digest, HMAC, KDF_X963, ECC_ValidatePubkey)
- Scope the calc operations in order to spend less time trying to run calculations not supported by relic
- Compile Botan module in oracle mode: makes it more likely to find discrepancies
This should fix coverage build broken again today. It seems that a
recent change in TF toolchains removed the creation of `org_tensorflow`
but it is likely that this change will be rolled back in the future.
Hence, to keep OSSFuzz working, we conditionally remove this symlink.
We don't do any internal tests using honggfuzz, and our code is highly
unlikely to work with honggfuzz in the current shape. All of the
true-positive bugs seem to be libfuzzer bugs.
Lets disable honggfuzz, to avoid wasting resources. We will try to get
afl++ working, before taking another look at honggfuzz.
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
This will mainly be useful for non-OSS-Fuzz users.
Though it can also be used by OSS-Fuzz users to speed things
up (very slightly in most cases).
Fixes#4377
gsutil recently started asking daily for a security key jiggle for accounts
using it. This means if we don't print stderr in real time, users won't see
why a corpus isn't downloading and helper will hang until 2FA request times out.
Repos cloned with `--branch BRANCH` will only track that branch, even
when we unshallow. If we provide a git SHA from another branch, it will
not be recognized.
To fix, this, we update the remote tracking config and fetch them.
For google/osv#88.
Generate badges also for projects with no coverage builds at all (e.g.
JVM and Python projects). For these projects, the badge only has the two
possible states "build passing" and "build failing".
* mv instead of cp skia build.sh artifacts
Hopefully this will reduce the footprint so skia builds begin passing the CQ again.
* Update build.sh
Return some moves to copies, since the same corpus and binary is sometimes reused, slight reordering for clarity.
* Update build.sh with mv of reused corpus
* [firefox] Suppress LSan errors during build
* [firefox] Properly ignore CFLAGS/CXXFLAGS
* [firefox] Use the same Rust Nightly version as in Mozilla CI
Christian Brauner