mirror of https://github.com/google/oss-fuzz.git
a1a5797b89
The oss-fuzz git ASAN build fails due to a leak inside git iself: the build script builds a copy of git, and then uses that binary to prepare the corpus - although the git invocation itself succeeds, ASAN causes the script to fail due to the leak: https://oss-fuzz-build-logs.storage.googleapis.com/log-2eee2921-1b3f-4dd8-a902-50474e8fed55.txt This was reproduced locally using: $ python infra/helper.py build_fuzzers --sanitizer address git Disabling leak checking for all invocations of git in the script is enough to avoid this failure, thus fixing the build. The leak itself is being fixed in git in the following commit (which is now in next, hence the build should be fixed by now): https://git.kernel.org/pub/scm/git/git.git/commit/?id=bf4bb9f9f5130a7b299f7810fb87a40cdd1bd8ee However, I still believe we should be disabling leak checking during the build script in this way because: 1. This issue persisted for close to one month before being fixed, and blocking oss-fuzz runs on a leak during the build process for that long seems counter-productive. 2. An alternative would be to use a pre-built copy of git to build the corpus (thus sidestepping ASAN in the first place), but IMHO installing git via the Dockerfile seems more wasteful AND it's unclear if that would have side effects (I'm not sure if the commit-graph format changes between versions). |
||
|---|---|---|
| .. | ||
| Dockerfile | ||
| build.sh | ||
| project.yaml | ||