Upgrade oss-fuzz to 947169dc86572e121c3e138f366a9f39ac6266ae am: f3764d0712 am: 1117028736 am: 235e96b2f8
Original change: https://android-review.googlesource.com/c/platform/external/oss-fuzz/+/1662261
Change-Id: Ib7b7a79b38e1261c1d5fb4ccb1a5dfd106588996
diff --git a/.dockerignore b/.dockerignore
index 61ac0b1..b72d742 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,10 +1,11 @@
-out
.git
+infra/cifuzz/test_data/*
+docs/*
# Copied from .gitignore.
.vscode/
*.pyc
-/build/
+build
*~
.DS_Store
-*.swp
+*.swp
\ No newline at end of file
diff --git a/.github/workflows/infra_tests.yml b/.github/workflows/infra_tests.yml
index 8b3ed96..5273adc 100644
--- a/.github/workflows/infra_tests.yml
+++ b/.github/workflows/infra_tests.yml
@@ -9,6 +9,11 @@
runs-on: ubuntu-latest
steps:
+ - name: Cancel previous
+ uses: styfle/cancel-workflow-action@0.8.0
+ with:
+ access_token: ${{ github.token }}
+
- uses: actions/checkout@v2
- run: | # Needed for git diff to work.
git fetch origin master --depth 1
@@ -33,5 +38,3 @@
- name: Run infra tests
run: sudo env "PATH=$PATH" INTEGRATION_TESTS=1 python infra/presubmit.py infra-tests -p
-
-
diff --git a/.github/workflows/presubmit.yml b/.github/workflows/presubmit.yml
index 0ab4f4f..9a4b8d6 100644
--- a/.github/workflows/presubmit.yml
+++ b/.github/workflows/presubmit.yml
@@ -1,11 +1,20 @@
name: Presubmit checks
-on: [pull_request]
+
+on:
+ pull_request:
+ branches:
+ - master
jobs:
build:
runs-on: ubuntu-latest
steps:
+ - name: Cancel previous
+ uses: styfle/cancel-workflow-action@0.8.0
+ with:
+ access_token: ${{ github.token }}
+
- uses: actions/checkout@v2
- run: | # Needed for git diff to work.
git fetch origin master --depth 1
diff --git a/.github/workflows/project_tests.yml b/.github/workflows/project_tests.yml
index 4c78ee1..55dfb7f 100644
--- a/.github/workflows/project_tests.yml
+++ b/.github/workflows/project_tests.yml
@@ -1,5 +1,9 @@
name: Project tests
-on: [pull_request]
+
+on:
+ pull_request:
+ branches:
+ - master
jobs:
build:
@@ -38,6 +42,11 @@
ARCHITECTURE: ${{ matrix.architecture }}
steps:
+ - name: Cancel previous
+ uses: styfle/cancel-workflow-action@0.8.0
+ with:
+ access_token: ${{ github.token }}
+
- uses: actions/checkout@v2
- run: | # Needed for git diff to work.
git fetch origin master --depth 1
diff --git a/METADATA b/METADATA
index 0156a82..dfba61b 100644
--- a/METADATA
+++ b/METADATA
@@ -9,11 +9,11 @@
type: GIT
value: "https://github.com/google/oss-fuzz.git"
}
- version: "0e6b81c81b415bb584c8d7595264480fa5a7de84"
+ version: "947169dc86572e121c3e138f366a9f39ac6266ae"
license_type: RESTRICTED
last_upgrade_date {
year: 2021
- month: 2
- day: 9
+ month: 4
+ day: 1
}
}
diff --git a/README.md b/README.md
index 0d590b1..4e5474a 100644
--- a/README.md
+++ b/README.md
@@ -29,7 +29,7 @@
[Sanitizers]: https://github.com/google/sanitizers
[ClusterFuzz]: https://github.com/google/clusterfuzz
-Currently, OSS-Fuzz supports C/C++, Rust, Go and Python code. Other languages
+Currently, OSS-Fuzz supports C/C++, Rust, Go, Python and Java/JVM code. Other languages
supported by [LLVM] may work too. OSS-Fuzz supports fuzzing x86_64 and i386
builds.
diff --git a/docs/faq.md b/docs/faq.md
index fa0826c..46e5ebf 100644
--- a/docs/faq.md
+++ b/docs/faq.md
@@ -158,6 +158,19 @@
possible. We believe that public code coverage reports do not put users at risk,
as they do not indicate the presence of bugs or lack thereof.
+## Why is the coverage command complaining about format compatibility issues?
+
+This may happen if the Docker images fetched locally become out of sync. Make
+sure you run the following command to pull the most recent images:
+
+```bash
+$ python infra/helper.py pull_images
+```
+
+Please refer to
+[code coverage]({{ site.baseurl }}/advanced-topics/code-coverage/) for detailed
+information on code coverage generation.
+
## What happens when I rename a fuzz target ?
If you rename your fuzz targets, the existing bugs for those targets will get
diff --git a/docs/getting-started/bug_disclosure_guidelines.md b/docs/getting-started/bug_disclosure_guidelines.md
index f82a751..e5a76ef 100644
--- a/docs/getting-started/bug_disclosure_guidelines.md
+++ b/docs/getting-started/bug_disclosure_guidelines.md
@@ -12,12 +12,12 @@
OSS-Fuzz will adhere to following disclosure principles:
- **Deadline**. After notifying project authors, we will open reported
- issues to the public in 90 days, or 30 days after the fix is released
- (whichever comes earlier).
+ issues to the public in 90 days, or after the fix is released (whichever
+ comes earlier).
- **Weekends and holidays**. If a deadline is due to expire on a weekend,
the deadline will be moved to the next normal work day.
- **Grace period**. We have a 14-day grace period. If a 90-day deadline
expires but the upstream engineers let us know before the deadline that a
patch is scheduled for release on a specific day within 14 days following
the deadline, the public disclosure will be delayed until the availability
- of the patch.
\ No newline at end of file
+ of the patch.
diff --git a/docs/getting-started/continuous_integration.md b/docs/getting-started/continuous_integration.md
index bb3f7e1..88e6e4b 100644
--- a/docs/getting-started/continuous_integration.md
+++ b/docs/getting-started/continuous_integration.md
@@ -74,13 +74,13 @@
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
with:
oss-fuzz-project-name: 'example'
- dry-run: false
+ language: c++
- name: Run Fuzzers
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
with:
oss-fuzz-project-name: 'example'
+ language: c++
fuzz-seconds: 600
- dry-run: false
- name: Upload Crash
uses: actions/upload-artifact@v1
if: failure() && steps.build.outcome == 'success'
@@ -93,8 +93,16 @@
### Optional configuration
#### Configurable Variables
+
+`language`: (optional) The language your target program is written in. Defaults
+to `c++`. This should be the same as the value you set in `project.yaml`. See
+[this explanation]({{ site.baseurl }}//getting-started/new-project-guide/#language)
+for more details.
+
`fuzz-time`: Determines how long CIFuzz spends fuzzing your project in seconds.
-The default is 600 seconds. The GitHub Actions max run time is 21600 seconds (6 hours).
+The default is 600 seconds. The GitHub Actions max run time is 21600 seconds (6
+hours). This variable is only meaningful when supplied to the `run_fuzzers`
+action, not the `build_fuzzers` action.
`dry-run`: Determines if CIFuzz surfaces errors. The default value is `false`. When set to `true`,
CIFuzz will never report a failure even if it finds a crash in your project.
@@ -103,7 +111,8 @@
`allowed-broken-targets-percentage`: Can be set if you want to set a stricter
limit for broken fuzz targets than OSS-Fuzz's check_build. Most users should
-not set this.
+not set this. This value is only meaningful when supplied to the `run_fuzzers`
+action, not the `build_fuzzers` action.
`sanitizer`: Determines a sanitizer to build and run fuzz targets with. The choices are `'address'`,
`'memory'` and `'undefined'`. The default is `'address'`. It is important to note that the `Build Fuzzers`
@@ -128,14 +137,14 @@
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
with:
oss-fuzz-project-name: 'example'
- dry-run: false
+ language: c++
sanitizer: ${{ matrix.sanitizer }}
- name: Run Fuzzers (${{ matrix.sanitizer }})
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
with:
oss-fuzz-project-name: 'example'
+ language: c++
fuzz-seconds: 600
- dry-run: false
sanitizer: ${{ matrix.sanitizer }}
- name: Upload Crash
uses: actions/upload-artifact@v1
@@ -175,13 +184,13 @@
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
with:
oss-fuzz-project-name: 'example'
- dry-run: false
+ language: c++
- name: Run Fuzzers
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
with:
oss-fuzz-project-name: 'example'
+ language: c++
fuzz-seconds: 600
- dry-run: false
- name: Upload Crash
uses: actions/upload-artifact@v1
if: failure() && steps.build.outcome == 'success'
@@ -213,9 +222,9 @@
1. When a crash is found by CIFuzz the Upload Artifact event is triggered.
1. This will cause a pop up in the right hand corner, allowing
you to download a zip file called `artifacts`.
- 1. `artifacts` contains two files:
- * `test_case` - a test case that can be used to reproduce the crash.
- * `bug_summary` - the stack trace and summary of the crash.
+ 1. `artifacts` contains two files for each crash:
+ * A test case that can be used to reproduce the crash.
+ * The sanitizer stack trace of the crash.
diff --git a/docs/getting-started/new-project-guide/bazel.md b/docs/getting-started/new-project-guide/bazel.md
index 4ad179d..45b942f 100644
--- a/docs/getting-started/new-project-guide/bazel.md
+++ b/docs/getting-started/new-project-guide/bazel.md
@@ -3,7 +3,7 @@
title: Integrating a Bazel project
parent: Setting up a new project
grand_parent: Getting started
-nav_order: 4
+nav_order: 5
permalink: /getting-started/new-project-guide/bazel/
---
@@ -36,10 +36,9 @@
target automatically has a `//path/to:fuzz_test_oss_fuzz` packaging target that
(a) builds the fuzz test using the instrumentation and engine library specified
in the OSS-Fuzz environment variables, and (b) generates an archive containing
-the binary and its associated artifacts (corpus, dictionary, etc.). Using the
-`_oss_fuzz` target substantially simplifies the `build.sh` script, which only
-needs to copy the build artifacts from `bazel-bin/` to the `${OUT}/` directory.
-The next section explains this process in more detail.
+the binary and its associated artifacts (corpus, dictionary, etc.). Moreover,
+OSS-Fuzz provides a standard tool to automatically process these targets,
+substantially simplifying the `build.sh` script (see below).
[rules-fuzzing-usage]: https://github.com/bazelbuild/rules_fuzzing#using-the-rules-in-your-project
@@ -61,7 +60,7 @@
Since the OSS-Fuzz target builds the fuzz test using the instrumentation and
engine specified in the OSS-Fuzz environment variables, all the engine and
sanitizer configurations supported in the `project.yaml` file are automatically
-supported by the `_oss_fuzz` packaging rule, too.
+supported by the fuzzing rules.
### Dockerfile
@@ -75,43 +74,24 @@
### build.sh
-Your `build.sh` script essentially needs to perform three tasks: (1) selecting
+Your `build.sh` script essentially needs to perform three steps: (1) selecting
which fuzz tests to build, (2) building their OSS-Fuzz package targets in the
right configuration, and (3) copying the build artifacts to the `${OUT}/`
destination.
-For the first step, you can use the "bazel query" command for the most
-flexibility. Each fuzz test has the `"fuzz-test"` tag, which you can query. You
-may also perform additional filtering. We recommend using the `"no-oss-fuzz"`
-tag to opt-out particular fuzz tests if they are a work in progress or
-test-only.
+OSS-Fuzz provides a
+[`bazel_build_fuzz_tests`](https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-builder/bazel_build_fuzz_tests)
+tool that implements these steps in a standard way, so in most cases your
+build script only needs to invoke this command with no arguments.
-The complete query command would look as follows ([example][example-query]):
+If necessary, the behavior of the tool can be customized though a set of
+environment variables. The most common are:
-```sh
-declare -r QUERY='
- let all_fuzz_tests = attr(tags, "fuzz-test", "//...") in
- $all_fuzz_tests - attr(tags, "no-oss-fuzz", $all_fuzz_tests)
-'
-declare -r OSS_FUZZ_TESTS="$(bazel query "${QUERY}" | sed "s/$/_oss_fuzz/")"
-```
-
-Building the `_oss_fuzz` targets requires setting the engine and instrumentation
-options. We recommend creating a `--config=oss-fuzz` configuration in your
-`.bazelrc` file ([example][example-bazelrc]), so you can directly invoke
-`bazel build --config=oss-fuzz` in your build script ([example][example-build]).
-
-If all goes well, `bazel-bin/` will contain an `_oss_fuzz.tar` archive for each
-fuzz test built. You need to traverse each archive and extract it in the
-`${OUT}/` directory ([example][example-copy]):
-
-```sh
-for oss_fuzz_archive in $(find bazel-bin/ -name '*_oss_fuzz.tar'); do
- tar -xvf "${oss_fuzz_archive}" -C "${OUT}"
-done
-```
-
-[example-query]: https://github.com/google/oss-fuzz/blob/b19e7001928b08f9ae8fd3c017688cd5edf96cb2/projects/bazel-rules-fuzzing-test/build.sh#L27-L37
-[example-bazelrc]: https://github.com/bazelbuild/rules_fuzzing/blob/f6062a88d83463e2900e47bc218547ba046dad44/.bazelrc#L56-L58
-[example-build]: https://github.com/google/oss-fuzz/blob/b19e7001928b08f9ae8fd3c017688cd5edf96cb2/projects/bazel-rules-fuzzing-test/build.sh#L43-L45
-[example-copy]: https://github.com/google/oss-fuzz/blob/b19e7001928b08f9ae8fd3c017688cd5edf96cb2/projects/bazel-rules-fuzzing-test/build.sh#L50-L52
+* `BAZEL_EXTRA_BUILD_FLAGS` are extra build flags passed on the Bazel command
+ line.
+* `BAZEL_FUZZ_TEST_TAG` and `BAZEL_FUZZ_TEST_EXCLUDE_TAG` can be overriden to
+ specify which target tags to use when determining what fuzz tests to include.
+ By default, the tool selects all the fuzz tests except for those tagged as
+ `"no-oss-fuzz"`.
+* `BAZEL_FUZZ_TEST_QUERY` overrides the Bazel query the tool uses to identify
+ the fuzz tests to build, if the tag-based approach is not sufficient.
diff --git a/docs/getting-started/new-project-guide/go_lang.md b/docs/getting-started/new-project-guide/go_lang.md
index 62fde91..600a666 100644
--- a/docs/getting-started/new-project-guide/go_lang.md
+++ b/docs/getting-started/new-project-guide/go_lang.md
@@ -60,21 +60,16 @@
### Dockerfile
The OSS-Fuzz builder image has the latest stable release of Golang installed. In
-order to install dependencies of your project, add `RUN go get ...` command to
+order to install dependencies of your project, add `RUN git clone ...` command to
your Dockerfile.
[Example](https://github.com/google/oss-fuzz/blob/356f2b947670b7eb33a1f535c71bc5c87a60b0d1/projects/syzkaller/Dockerfile#L23):
```dockerfile
# Dependency for one of the fuzz targets.
-RUN go get github.com/ianlancetaylor/demangle
+RUN git clone --depth 1 https://github.com/ianlancetaylor/demangle
```
-In the case you are using modules, the best practice is to `git clone` the repository into the expected `$GOPATH/src` directory.
-
-A usage example from go-coredns project is
-```dockerfile
-RUN git clone --depth 1 https://github.com/coredns/coredns $GOPATH/src/github.com/coredns/coredns
-```
+go-fuzz will then automatically download the dependencies based on the go.mod file
### build.sh
diff --git a/docs/getting-started/new-project-guide/jvm_lang.md b/docs/getting-started/new-project-guide/jvm_lang.md
new file mode 100644
index 0000000..19e4ecb
--- /dev/null
+++ b/docs/getting-started/new-project-guide/jvm_lang.md
@@ -0,0 +1,173 @@
+---
+layout: default
+title: Integrating a Java/JVM project
+parent: Setting up a new project
+grand_parent: Getting started
+nav_order: 4
+permalink: /getting-started/new-project-guide/jvm-lang/
+---
+
+# Integrating a Java/JVM project
+{: .no_toc}
+
+- TOC
+{:toc}
+---
+
+The process of integrating a project written in Java or any other language
+running on the Java Virtual Machine (JVM) with OSS-Fuzz is very similar to the
+general
+[Setting up a new project]({{ site.baseurl }}/getting-started/new-project-guide/)
+process. The key specifics of integrating a JVM project are outlined below.
+
+## Jazzer
+
+Java fuzzing in OSS-Fuzz depends on
+[Jazzer](https://github.com/CodeIntelligenceTesting/jazzer), which is
+pre-installed on the OSS-Fuzz base docker images. As Jazzer operates directly
+on the bytecode level, it can be applied to any project written in a JVM-based
+language. More information on how Jazzer fuzz targets look like can be found in
+its
+[README's Usage section](https://github.com/CodeIntelligenceTesting/jazzer#usage).
+
+## Project files
+
+### Example project
+
+We recommend viewing
+[json-sanitizer](https://github.com/google/oss-fuzz/tree/master/projects/json-sanitizer)
+as an example of a simple Java-only fuzzing project. Additional examples,
+including one for a Java project with native dependencies, are part of the
+[java-example](https://github.com/google/oss-fuzz/tree/master/projects/java-example)
+project.
+
+### project.yaml
+
+The `language` attribute must be specified as follows:
+
+```yaml
+language: jvm
+```
+
+The only supported fuzzing engine is libFuzzer (`libfuzzer`). So far the only
+supported sanitizer is AddressSanitizer (`address`), which needs to be
+specified explicitly even for pure Java projects.
+
+```yaml
+fuzzing_engines:
+ - libfuzzer
+sanitizers:
+ - address
+```
+
+### Dockerfile
+
+The OSS-Fuzz base Docker images already come with OpenJDK 15 pre-installed. If
+you need Maven to build your project, you can install it by adding the following
+line to your Dockerfile:
+
+```docker
+RUN apt-get update && apt-get install -y maven
+```
+
+Apart from this, you should usually not need to do more than to clone the
+project, set a `WORKDIR`, and copy any necessary files, or install any
+project-specific dependencies here as you normally would.
+
+### Fuzzers
+
+In the simplest case, every fuzzer consists of a single Java file with a
+filename matching `*Fuzzer.java` and no `package` directive. An example fuzz
+target could thus be a file `ExampleFuzzer.java` with contents:
+
+```java
+public class ExampleFuzzer {
+ public static void fuzzerTestOneInput(byte[] input) {
+ ...
+ // Call a function of the project under test with arguments derived from
+ // input and throw an exception if something unwanted happens.
+ ...
+ }
+}
+```
+
+### build.sh
+
+For JVM projects, `build.sh` does need some more significant modifications
+over C/C++ projects. Below is an annotated example build script for a
+Java-only project with single-file fuzz targets as described above:
+
+```sh
+# Step 1: Build the project
+
+# Build the project .jar as usual, e.g. using Maven.
+mvn package
+# In this example, the project is built with Maven, which typically includes the
+# project version into the name of the packaged .jar file. The version can be
+# obtained as follows:
+CURRENT_VERSION=$(mvn org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate \
+-Dexpression=project.version -q -DforceStdout)
+# Copy the project .jar into $OUT under a fixed name.
+cp "target/sample-project-$CURRENT_VERSION.jar" $OUT/sample-project.jar
+
+# Specify the projects .jar file(s), separated by spaces if there are multiple.
+PROJECT_JARS="sample-project.jar"
+
+# Step 2: Build the fuzzers (should not require any changes)
+
+# The classpath at build-time includes the project jars in $OUT as well as the
+# Jazzer API.
+BUILD_CLASSPATH=$(echo $PROJECT_JARS | xargs printf -- "$OUT/%s:"):$JAZZER_API_PATH
+
+# All .jar and .class files lie in the same directory as the fuzzer at runtime.
+RUNTIME_CLASSPATH=$(echo $PROJECT_JARS | xargs printf -- "\$this_dir/%s:"):\$this_dir
+
+for fuzzer in $(find $SRC -name '*Fuzzer.java'); do
+ fuzzer_basename=$(basename -s .java $fuzzer)
+ javac -cp $BUILD_CLASSPATH $fuzzer
+ cp $SRC/$fuzzer_basename.class $OUT/
+
+ # Create an execution wrapper that executes Jazzer with the correct arguments.
+ echo "#!/bin/sh
+# LLVMFuzzerTestOneInput for fuzzer detection.
+this_dir=\$(dirname \"\$0\")
+LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\":\$this_dir \
+\$this_dir/jazzer_driver --agent_path=\$this_dir/jazzer_agent_deploy.jar \
+--cp=$RUNTIME_CLASSPATH \
+--target_class=$fuzzer_basename \
+--jvm_args=\"-Xmx2048m\" \
+\$@" > $OUT/$fuzzer_basename
+ chmod u+x $OUT/$fuzzer_basename
+done
+```
+
+## FuzzedDataProvider
+
+Jazzer provides a `FuzzedDataProvider` that can simplify the task of creating a
+fuzz target by translating the raw input bytes received from the fuzzer into
+useful primitive Java types. Its functionality is similar to
+`FuzzedDataProviders` available in other languages, such as
+[Python](https://github.com/google/atheris#fuzzeddataprovider) and
+[C++](https://github.com/google/fuzzing/blob/master/docs/split-inputs.md).
+
+On OSS-Fuzz, the required library is available in the base docker images under
+the path `$JAZZER_API_PATH`, which is added to the classpath by the example
+build script shown above. Locally, the library can be obtained from
+[Maven Central](https://search.maven.org/search?q=g:com.code-intelligence%20a:jazzer-api).
+
+A fuzz target using the `FuzzedDataProvider` would look as follows:
+
+```java
+import com.code_intelligence.jazzer.api.FuzzedDataProvider;
+
+public class ExampleFuzzer {
+ public static void fuzzerTestOneInput(FuzzedDataProvider data) {
+ int number = data.consumeInt();
+ String string = data.consumeRemainingAsString();
+ // ...
+ }
+}
+```
+
+For a list of convenience methods offered by `FuzzedDataProvider`, consult its
+[javadocs](https://codeintelligencetesting.github.io/jazzer-api/com/code_intelligence/jazzer/api/FuzzedDataProvider.html).
diff --git a/docs/getting-started/new-project-guide/python_lang.md b/docs/getting-started/new-project-guide/python_lang.md
index 14208e3..da14780 100644
--- a/docs/getting-started/new-project-guide/python_lang.md
+++ b/docs/getting-started/new-project-guide/python_lang.md
@@ -31,7 +31,7 @@
### Example project
-We recommending viewing [ujson](https://github.com/google/oss-fuzz/tree/master/projects/ujson) as an
+We recommend viewing [ujson](https://github.com/google/oss-fuzz/tree/master/projects/ujson) as an
example of a simple Python fuzzing project, with both plain-Atheris and
Atheris + Hypothesis harnesses.
@@ -112,14 +112,17 @@
failures in the test reveal problems with the system under test that could not have been
revealed by direct fuzzing of that system.
-You also get integrated test-case reduction for free - meaning that it's trivial to
-report a canonical minimal example for each distinct failure discovered while fuzzing!
+We recommend using the [`hypothesis write`](https://hypothesis.readthedocs.io/en/latest/ghostwriter.html)
+command to generate a starter fuzz harness. This "ghostwritten" code may be usable as-is,
+or provide a useful template for writing more specific tests.
See [here for the core "strategies"](https://hypothesis.readthedocs.io/en/latest/data.html),
for arbitrary data, [here for Numpy + Pandas support](https://hypothesis.readthedocs.io/en/latest/numpy.html),
or [here for a variety of third-party extensions](https://hypothesis.readthedocs.io/en/latest/strategies.html)
supporting everything from protobufs, to jsonschemas, to networkx graphs or geojson
or valid Python source code.
+Hypothesis' integrated test-case reduction also makes it trivial to report a canonical minimal
+example for each distinct failure discovered while fuzzing - just run the test function!
To use Hypothesis in OSS-Fuzz, install it in your Dockerfile with
diff --git a/docs/getting-started/new_project_guide.md b/docs/getting-started/new_project_guide.md
index 64d4b80..d2a7d80 100644
--- a/docs/getting-started/new_project_guide.md
+++ b/docs/getting-started/new_project_guide.md
@@ -97,6 +97,7 @@
* [`go`]({{ site.baseurl }}//getting-started/new-project-guide/go-lang/)
* [`rust`]({{ site.baseurl }}//getting-started/new-project-guide/rust-lang/)
* [`python`]({{ site.baseurl }}//getting-started/new-project-guide/python-lang/)
+* [`jvm` (Java, Kotlin, Scala and other JVM-based languages)]({{ site.baseurl }}//getting-started/new-project-guide/jvm-lang/)
### primary_contact, auto_ccs {#primary}
The primary contact and list of other contacts to be CCed. Each person listed gets access to ClusterFuzz, including crash reports and fuzzer statistics, and are auto-cced on new bugs filed in the OSS-Fuzz
@@ -148,7 +149,8 @@
### architectures (optional) {#architectures}
The list of architectures to fuzz on.
ClusterFuzz supports fuzzing on x86_64 (aka x64) by default.
-However you can also fuzz using AddressSanitizer and libFuzzer on i386 (aka x86, or 32 bit) by specifying "x86_64" and "i386" in "architectures" like this:
+Some projects can benefit from i386 fuzzing. OSS-Fuzz will build and run
+AddressSanitizer with libFuzzer on i386 by doing the following:
```yaml
architectures:
@@ -192,7 +194,6 @@
```docker
FROM gcr.io/oss-fuzz-base/base-builder # base image with clang toolchain
RUN apt-get update && apt-get install -y ... # install required packages to build your project
-RUN go get ... # install dependencies to build your Go project
RUN git clone <git_url> <checkout_dir> # checkout all sources needed to build your project
WORKDIR <checkout_dir> # current directory for the build script
COPY build.sh fuzzer.cc $SRC/ # copy build script and other fuzzer files in src dir
@@ -245,6 +246,30 @@
alphanumeric characters, underscore(_) or dash(-). Otherwise, they won't run on our infrastructure.
3. Don't remove source code files. They are needed for code coverage.
+### Temporarily disabling code instrumentation during builds
+
+Sometimes not every 3rd party library might be needed to be instrumented or
+tools are being compiled that just support the target built.
+
+If for any reasons part of the build process should not be instrumented
+then the following code snippit can be used for this:
+
+```
+CFLAGS_SAVE="$CFLAGS"
+CXXFLAGS_SAVE="$CXXFLAGS"
+unset CFLAGS
+unset CXXFLAGS
+export AFL_NOOPT=1
+
+#
+# build commands here that should not result in instrumented code.
+#
+
+export CFLAGS="${CFLAGS_SAVE}"
+export CXXFLAGS="${CXXFLAGS_SAVE}"
+unset AFL_NOOPT
+```
+
### build.sh script environment
When your build.sh script is executed, the following locations are available within the image:
@@ -334,7 +359,8 @@
$ python infra/helper.py coverage $PROJECT_NAME --fuzz-target=<fuzz_target> --corpus-dir=<path-to-temp-corpus-dir>
```
-Please refer to
+You may need to run `python infra/helper.py pull_images` to use the latest
+coverage tools. Please refer to
[code coverage]({{ site.baseurl }}/advanced-topics/code-coverage/) for detailed
information on code coverage generation.
@@ -421,7 +447,7 @@
Please include copyright headers for all files checked in to oss-fuzz:
```
-# Copyright 2020 Google LLC
+# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/docs/index.md b/docs/index.md
index 74f1961..c372e77 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -38,9 +38,9 @@
[Sanitizers]: https://github.com/google/sanitizers
[ClusterFuzz]: https://github.com/google/clusterfuzz
-Currently, OSS-Fuzz supports C/C++, Rust, Go and Python code. Other languages
-supported by [LLVM] may work too. OSS-Fuzz supports fuzzing x86_64 and i386
-builds.
+Currently, OSS-Fuzz supports C/C++, Rust, Go, Python and Java/JVM code. Other
+languages supported by [LLVM] may work too. OSS-Fuzz supports fuzzing x86_64
+and i386 builds.
[LLVM]: https://llvm.org
diff --git a/docs/oss-fuzz/architecture.md b/docs/oss-fuzz/architecture.md
index 689870e..56ff296 100644
--- a/docs/oss-fuzz/architecture.md
+++ b/docs/oss-fuzz/architecture.md
@@ -29,5 +29,5 @@
discovery (the commit message should contain the string **'Credit to OSS-Fuzz'**).
Once the developer fixes the bug, [ClusterFuzz]({{ site.baseurl }}/further-reading/clusterfuzz) automatically
-verifies the fix, adds a comment, and closes the issue ([example](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53#c3)). 30 days after the fix is verified or 90 days after reporting (whichever is earlier), the issue becomes [public]({{ site.baseurl }}/getting-started/bug-disclosure-guidelines/).
+verifies the fix, adds a comment, and closes the issue ([example](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53#c3)). After the fix is verified or 90 days after reporting (whichever is earlier), the issue becomes [public]({{ site.baseurl }}/getting-started/bug-disclosure-guidelines/).
diff --git a/infra/.dockerignore b/infra/.dockerignore
index 1e82e3e..c786533 100644
--- a/infra/.dockerignore
+++ b/infra/.dockerignore
@@ -1 +1,9 @@
-test_files
\ No newline at end of file
+cifuzz/test_data/*
+
+# Copied from .gitignore.
+.vscode/
+*.pyc
+build
+*~
+.DS_Store
+*.swp
\ No newline at end of file
diff --git a/infra/.pylintrc b/infra/.pylintrc
deleted file mode 100644
index 8ce0b22..0000000
--- a/infra/.pylintrc
+++ /dev/null
@@ -1,2 +0,0 @@
-[FORMAT]
-indent-string = " "
\ No newline at end of file
diff --git a/infra/base-images/Jenkinsfile b/infra/base-images/Jenkinsfile
deleted file mode 100644
index 67b22e9..0000000
--- a/infra/base-images/Jenkinsfile
+++ /dev/null
@@ -1,37 +0,0 @@
-// Copyright 2016 Google Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-//
-////////////////////////////////////////////////////////////////////////////////
-
-// Jenkins build script for base images.
-node {
- git url: 'https://github.com/google/oss-fuzz/'
-
- stage("infra/base-images/all.sh") {
- sh "infra/base-images/all.sh --no-cache"
- }
-
- stage("docker push") {
- def images = ['ossfuzz/base-image', 'ossfuzz/base-clang', 'ossfuzz/base-libfuzzer',
- 'ossfuzz/base-runner', 'ossfuzz/base-runner-debug',
- 'ossfuzz/base-builder',]
-
- docker.withRegistry('', 'docker-login') {
- for (int i = 0; i < images.size(); i++) {
- def image = images[i]
- docker.image(image).push()
- }
- }
- }
-}
diff --git a/infra/base-images/base-builder/Dockerfile b/infra/base-images/base-builder/Dockerfile
index 6f596d5..d802f24 100644
--- a/infra/base-images/base-builder/Dockerfile
+++ b/infra/base-images/base-builder/Dockerfile
@@ -29,6 +29,7 @@
jq \
libc6-dev-i386 \
patchelf \
+ rsync \
subversion \
zip
@@ -57,12 +58,14 @@
ln -s /usr/bin/python3 /usr/bin/python && \
cd .. && \
rm -r /tmp/Python-$PYTHON_VERSION.tar.xz /tmp/Python-$PYTHON_VERSION && \
- apt-get remove -y $PYTHON_DEPS # https://github.com/google/oss-fuzz/issues/3888
+ rm -rf /usr/local/lib/python3.8/test && \
+ apt-get remove -y $PYTHON_DEPS # https://github.com/google/oss-fuzz/issues/3888
# Install latest atheris for python fuzzing, pyinstaller for fuzzer packaging,
# six for Bazel rules.
-RUN unset CFLAGS CXXFLAGS && pip3 install -v \
- atheris pyinstaller==4.1 six==1.15.0
+RUN unset CFLAGS CXXFLAGS && pip3 install -v --no-cache-dir \
+ atheris pyinstaller==4.1 six==1.15.0 && \
+ rm -rf /tmp/*
# Download and install the latest stable Go.
RUN cd /tmp && \
@@ -87,15 +90,42 @@
ENV RUSTUP_HOME=/rust/rustup
ENV PATH=$PATH:/rust/bin
RUN curl https://sh.rustup.rs | sh -s -- -y --default-toolchain=nightly --profile=minimal
-RUN cargo install cargo-fuzz
+RUN cargo install cargo-fuzz && rm -rf /rust/registry
# Needed to recompile rust std library for MSAN
RUN rustup component add rust-src --toolchain nightly
+# Set up custom environment variable for source code copy for coverage reports
+ENV OSSFUZZ_RUSTPATH /rust
# Install Bazel through Bazelisk, which automatically fetches the latest Bazel version.
ENV BAZELISK_VERSION 1.7.4
RUN curl -L https://github.com/bazelbuild/bazelisk/releases/download/v$BAZELISK_VERSION/bazelisk-linux-amd64 -o /usr/local/bin/bazel && \
chmod +x /usr/local/bin/bazel
+# Install OpenJDK 15 and trim its size by removing unused components.
+ENV JAVA_HOME=/usr/lib/jvm/java-15-openjdk-amd64
+ENV JVM_LD_LIBRARY_PATH=$JAVA_HOME/lib/server
+ENV PATH=$PATH:$JAVA_HOME/bin
+RUN cd /tmp && \
+ curl -L -O https://download.java.net/java/GA/jdk15.0.2/0d1cfde4252546c6931946de8db48ee2/7/GPL/openjdk-15.0.2_linux-x64_bin.tar.gz && \
+ mkdir -p $JAVA_HOME && \
+ tar -xzv --strip-components=1 -f openjdk-15.0.2_linux-x64_bin.tar.gz --directory $JAVA_HOME && \
+ rm -f openjdk-15.0.2_linux-x64_bin.tar.gz && \
+ rm -rf $JAVA_HOME/jmods $JAVA_HOME/lib/src.zip
+
+# Install the latest Jazzer in $OUT.
+# jazzer_api_deploy.jar is required only at build-time, the agent and the
+# drivers are copied to $OUT as they need to be present on the runners.
+ENV JAZZER_API_PATH "/usr/local/lib/jazzer_api_deploy.jar"
+RUN cd $SRC/ && \
+ git clone --depth=1 https://github.com/CodeIntelligenceTesting/jazzer && \
+ cd jazzer && \
+ bazel build --java_runtime_version=localjdk_15 -c opt --cxxopt="-stdlib=libc++" --linkopt=-lc++ \
+ //agent:jazzer_agent_deploy.jar //driver:jazzer_driver //driver:jazzer_driver_asan //agent:jazzer_api_deploy.jar && \
+ cp bazel-bin/agent/jazzer_agent_deploy.jar bazel-bin/driver/jazzer_driver bazel-bin/driver/jazzer_driver_asan /usr/local/bin/ && \
+ cp bazel-bin/agent/jazzer_api_deploy.jar $JAZZER_API_PATH && \
+ rm -rf ~/.cache/bazel ~/.cache/bazelisk && \
+ rm -rf $SRC/jazzer
+
# Default build flags for various sanitizers.
ENV SANITIZER_FLAGS_address "-fsanitize=address -fsanitize-address-use-after-scope"
@@ -106,6 +136,8 @@
ENV SANITIZER_FLAGS_dataflow "-fsanitize=dataflow"
+ENV SANITIZER_FLAGS_thread "-fsanitize=thread"
+
# Do not use any sanitizers in the coverage build.
ENV SANITIZER_FLAGS_coverage ""
@@ -144,15 +176,12 @@
# TODO: remove after tpm2 catchup.
ENV FUZZER_LDFLAGS ""
-ENV PRECOMPILED_DIR="/usr/lib/precompiled"
-RUN mkdir $PRECOMPILED_DIR
-
WORKDIR $SRC
# TODO: switch to -b stable once we can.
RUN git clone https://github.com/AFLplusplus/AFLplusplus.git aflplusplus && \
cd aflplusplus && \
- git checkout aeb7d7048371cd91ab9280c3958f1c35e5d5e758
+ git checkout 2102264acf5c271b7560a82771b3af8136af9354
RUN cd $SRC && \
curl -L -O https://github.com/google/honggfuzz/archive/oss-fuzz.tar.gz && \
@@ -161,12 +190,14 @@
tar -xzv --strip-components=1 -f $SRC/oss-fuzz.tar.gz && \
rm -rf examples $SRC/oss-fuzz.tar.gz
-COPY compile compile_afl compile_dataflow compile_libfuzzer compile_honggfuzz \
- compile_go_fuzzer precompile_honggfuzz srcmap write_labels.py /usr/local/bin/
+COPY cargo compile compile_afl compile_dataflow compile_libfuzzer compile_honggfuzz \
+ compile_go_fuzzer precompile_honggfuzz precompile_afl debug_afl srcmap \
+ write_labels.py bazel_build_fuzz_tests /usr/local/bin/
COPY detect_repo.py /opt/cifuzz/
COPY ossfuzz_coverage_runner.go $GOPATH
RUN precompile_honggfuzz
+RUN precompile_afl
CMD ["compile"]
diff --git a/infra/base-images/base-builder/bazel_build_fuzz_tests b/infra/base-images/base-builder/bazel_build_fuzz_tests
new file mode 100755
index 0000000..86740ee
--- /dev/null
+++ b/infra/base-images/base-builder/bazel_build_fuzz_tests
@@ -0,0 +1,80 @@
+#!/bin/bash -eu
+#
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+: "${BAZEL_FUZZ_TEST_TAG:=fuzz-test}"
+: "${BAZEL_FUZZ_TEST_EXCLUDE_TAG:=no-oss-fuzz}"
+: "${BAZEL_PACKAGE_SUFFIX:=_oss_fuzz}"
+: "${BAZEL_TOOL:=bazel}"
+: "${BAZEL_EXTRA_BUILD_FLAGS:=}"
+
+if [[ -z "${BAZEL_FUZZ_TEST_QUERY:-}" ]]; then
+ BAZEL_FUZZ_TEST_QUERY="
+ let all_fuzz_tests = attr(tags, \"${BAZEL_FUZZ_TEST_TAG}\", \"//...\") in
+ \$all_fuzz_tests - attr(tags, \"${BAZEL_FUZZ_TEST_EXCLUDE_TAG}\", \$all_fuzz_tests)
+ "
+fi
+
+echo "Using Bazel query to find fuzz targets: ${BAZEL_FUZZ_TEST_QUERY}"
+
+declare -r OSS_FUZZ_TESTS=(
+ $(bazel query "${BAZEL_FUZZ_TEST_QUERY}" | sed "s/$/${BAZEL_PACKAGE_SUFFIX}/")
+)
+
+echo "Found ${#OSS_FUZZ_TESTS[@]} fuzz test packages:"
+for oss_fuzz_test in "${OSS_FUZZ_TESTS[@]}"; do
+ echo " ${oss_fuzz_test}"
+done
+
+declare -r BAZEL_BUILD_FLAGS=(
+ "-c" "opt"
+ "--//fuzzing:cc_engine=@rules_fuzzing_oss_fuzz//:oss_fuzz_engine" \
+ "--@rules_fuzzing//fuzzing:cc_engine_instrumentation=oss-fuzz" \
+ "--@rules_fuzzing//fuzzing:cc_engine_sanitizer=none" \
+ "--linkopt=-lc++" \
+ "--action_env=CC=${CC}" "--action_env=CXX=${CXX}" \
+ ${BAZEL_EXTRA_BUILD_FLAGS[*]}
+)
+
+echo "Building the fuzz tests with the following Bazel options:"
+echo " ${BAZEL_BUILD_FLAGS[@]}"
+
+${BAZEL_TOOL} build "${BAZEL_BUILD_FLAGS[@]}" "${OSS_FUZZ_TESTS[@]}"
+
+echo "Extracting the fuzz test packages in the output directory."
+for oss_fuzz_archive in $(find bazel-bin/ -name "*${BAZEL_PACKAGE_SUFFIX}.tar"); do
+ tar -xvf "${oss_fuzz_archive}" -C "${OUT}"
+done
+
+if [ "$SANITIZER" = "coverage" ]; then
+ echo "Collecting the repository source files for coverage tracking."
+ declare -r COVERAGE_SOURCES="${OUT}/proc/self/cwd"
+ mkdir -p "${COVERAGE_SOURCES}"
+ declare -r RSYNC_FILTER_ARGS=(
+ "--include" "*.h"
+ "--include" "*.cc"
+ "--include" "*.hpp"
+ "--include" "*.cpp"
+ "--include" "*.c"
+ "--include" "*.inc"
+ "--include" "*/"
+ "--exclude" "*"
+ )
+ rsync -avLk "${RSYNC_FILTER_ARGS[@]}" \
+ "$(bazel info execution_root)/" \
+ "${COVERAGE_SOURCES}/"
+fi
diff --git a/infra/base-images/base-builder/cargo b/infra/base-images/base-builder/cargo
new file mode 100755
index 0000000..bed8e76
--- /dev/null
+++ b/infra/base-images/base-builder/cargo
@@ -0,0 +1,51 @@
+#!/bin/bash -eu
+# Copyright 2020 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This is a wrapper around calling cargo
+# This just expands RUSTFLAGS in case of a coverage build
+# We need this until https://github.com/rust-lang/cargo/issues/5450 is merged
+# because cargo uses relative paths for the current crate
+# and absolute paths for its dependencies
+#
+################################################################################
+
+if [ "$SANITIZER" = "coverage" ] && [ $1 = "build" ]
+then
+ crate_src_abspath=`cargo metadata --no-deps --format-version 1 | jq -r '.workspace_root'`
+ export RUSTFLAGS="$RUSTFLAGS --remap-path-prefix src=$crate_src_abspath/src"
+fi
+
+if [ "$SANITIZER" = "coverage" ] && [ $1 = "fuzz" ]
+then
+ # hack to turn cargo fuzz build into cargo build so as to get coverage
+ # cargo fuzz adds "--target" "x86_64-unknown-linux-gnu"
+ (
+ # go into fuzz directory if not already the case
+ cd fuzz || true
+ fuzz_src_abspath=`pwd`
+ export RUSTFLAGS="$RUSTFLAGS --remap-path-prefix fuzz_targets=$fuzz_src_abspath/fuzz_targets"
+ # we do not want to trigger debug assertions and stops
+ export RUSTFLAGS="$RUSTFLAGS -C debug-assertions=no"
+ # do not optimize with --release, leading to Malformed instrumentation profile data
+ cargo build --bins
+ # copies the build output in the expected target directory
+ cd `cargo metadata --format-version 1 --no-deps | jq -r '.target_directory'`
+ mkdir -p x86_64-unknown-linux-gnu/release
+ cp -r debug/* x86_64-unknown-linux-gnu/release/
+ )
+ exit 0
+fi
+
+/rust/bin/cargo "$@"
diff --git a/infra/base-images/base-builder/compile b/infra/base-images/base-builder/compile
index 2bf20b1..78453c9 100755
--- a/infra/base-images/base-builder/compile
+++ b/infra/base-images/base-builder/compile
@@ -22,6 +22,21 @@
exit 1
fi
+if [ "$FUZZING_LANGUAGE" = "jvm" ]; then
+ if [ "$FUZZING_ENGINE" != "libfuzzer" ]; then
+ echo "ERROR: JVM projects can be fuzzed with libFuzzer engine only."
+ exit 1
+ fi
+ if [ "$SANITIZER" != "address" ]; then
+ echo "ERROR: JVM projects can be fuzzed with AddressSanitizer only."
+ exit 1
+ fi
+ if [ "$ARCHITECTURE" != "x86_64" ]; then
+ echo "ERROR: JVM projects can be fuzzed on x86_64 architecture only."
+ exit 1
+ fi
+fi
+
if [ "$FUZZING_LANGUAGE" = "python" ]; then
if [ "$FUZZING_ENGINE" != "libfuzzer" ]; then
echo "ERROR: Python projects can be fuzzed with libFuzzer engine only."
@@ -46,7 +61,8 @@
export CFLAGS="-m32 $CFLAGS"
cp -R /usr/i386/lib/* /usr/lib
fi
-if [[ $FUZZING_ENGINE != "none" ]]; then
+# JVM projects are fuzzed with Jazzer, which has libFuzzer built in.
+if [[ $FUZZING_ENGINE != "none" ]] && [[ $FUZZING_LANGUAGE != "jvm" ]]; then
# compile script might override environment, use . to call it.
. compile_${FUZZING_ENGINE}
fi
@@ -87,6 +103,11 @@
else
export RUSTFLAGS="--cfg fuzzing -Cdebuginfo=1 -Cforce-frame-pointers"
fi
+if [ "$SANITIZER" = "coverage" ]
+then
+ # link to C++ from comment in f5098035eb1a14aa966c8651d88ea3d64323823d
+ export RUSTFLAGS="$RUSTFLAGS -Zinstrument-coverage -C link-arg=-lc++"
+fi
# Add Rust libfuzzer flags.
# See https://github.com/rust-fuzz/libfuzzer/blob/master/build.rs#L12.
@@ -113,6 +134,11 @@
# Copy latest llvm-symbolizer in $OUT for stack symbolization.
cp $(which llvm-symbolizer) $OUT/
+# Copy Jazzer to $OUT if needed.
+if [ "$FUZZING_LANGUAGE" = "jvm" ]; then
+ cp $(which jazzer_agent_deploy.jar) $(which jazzer_driver) $(which jazzer_driver_asan) $OUT/
+fi
+
echo "---------------------------------------------------------------"
echo "CC=$CC"
echo "CXX=$CXX"
@@ -124,7 +150,7 @@
# We need to preserve source code files for generating a code coverage report.
# We need exact files that were compiled, so copy both $SRC and $WORK dirs.
-COPY_SOURCES_CMD="cp -rL --parents $SRC $WORK /usr/include /usr/local/include $GOPATH $OUT"
+COPY_SOURCES_CMD="cp -rL --parents $SRC $WORK /usr/include /usr/local/include $GOPATH $OSSFUZZ_RUSTPATH $OUT"
if [ "${BUILD_UID-0}" -ne "0" ]; then
adduser -u $BUILD_UID --disabled-password --gecos '' builder
diff --git a/infra/base-images/base-builder/compile_afl b/infra/base-images/base-builder/compile_afl
index 318eca4..dc66244 100644
--- a/infra/base-images/base-builder/compile_afl
+++ b/infra/base-images/base-builder/compile_afl
@@ -15,43 +15,78 @@
#
################################################################################
-echo "Compiling afl++"
+# afl++ configuration options.
+# The 'env|grep' setup ensures we do not trigger the linter.
+# The variables need to be set to "1" here - or before running this script.
-# Build and copy afl++ tools necessary for fuzzing.
+# AFL++ settings.
+export AFL_LLVM_MODE_WORKAROUND=0
+export AFL_ENABLE_DICTIONARY=0
+
+# Start compiling afl++.
+echo "Copying precompiled afl++"
+
+# Copy afl++ tools necessary for fuzzing.
pushd $SRC/aflplusplus > /dev/null
-# Unset CFLAGS and CXXFLAGS while building AFL since we don't want to slow it
-# down with sanitizers.
-INITIAL_CXXFLAGS=$CXXFLAGS
-INITIAL_CFLAGS=$CFLAGS
-unset CXXFLAGS
-unset CFLAGS
-make clean
-AFL_NO_X86=1 PYTHON_INCLUDE=/ make
-CFLAGS=$INITIAL_CFLAGS
-CXXFLAGS=$INITIAL_CXXFLAGS
-
-# Build afl++ driver with existing CFLAGS, CXXFLAGS.
-make -C utils/aflpp_driver
-cp libAFLDriver.a $LIB_FUZZING_ENGINE
+cp -f libAFLDriver.a $LIB_FUZZING_ENGINE
# Some important projects include libraries, copy those even when they don't
# start with "afl-". Use "sort -u" to avoid a warning about duplicates.
ls afl-* *.txt *.a *.o *.so | sort -u | xargs cp -t $OUT
-popd > /dev/null
-
export CC="$SRC/aflplusplus/afl-clang-fast"
export CXX="$SRC/aflplusplus/afl-clang-fast++"
# Set sane afl++ environment defaults:
# Be quiet, otherwise this can break some builds.
export AFL_QUIET=1
-# Several targets run their own tools, so ensure its working.
-export AFL_MAP_SIZE=4194304
# No leak errors during builds.
-export ASAN_OPTIONS="detect_leaks=0:symbolize=0"
-#
-# Placeholder for the upcoming afl++ build options roulette
-#
+export ASAN_OPTIONS="detect_leaks=0:symbolize=0:detect_odr_violation=0:abort_on_error=1"
+
+# AFL compile option roulette. It is OK if they all happen together.
+
+# 40% chance to perform CMPLOG
+rm -f "$OUT/afl_cmplog.txt"
+test $(($RANDOM % 10)) -lt 4 && {
+ export AFL_LLVM_CMPLOG=1
+ touch "$OUT/afl_cmplog.txt"
+}
+
+# 10% chance to perform LAF_INTEL
+test $(($RANDOM % 10)) -lt 1 && {
+ export AFL_LLVM_LAF_ALL=1
+}
+
+# If the targets wants a dictionary - then create one.
+test "$AFL_ENABLE_DICTIONARY" = "1" && {
+ export AFL_LLVM_DICT2FILE="$OUT/afl++.dict"
+}
+
+# In case afl-clang-fast ever breaks, this is a workaround:
+test "$AFL_LLVM_MODE_WORKAROUND" = "1" && {
+ export CC=clang
+ export CXX=clang++
+ WORKAROUND_FLAGS=-fsanitize-coverage=trace-pc-guard
+ # We can still do CMPLOG light:
+ test -e "$OUT/afl_cmplog.txt" && {
+ WORKAROUND_FLAGS="$WORKAROUND_FLAGS",trace-cmp
+ }
+ export CFLAGS="$CFLAGS $WORKAROUND_FLAGS"
+ export CXXFLAGS="$CXXFLAGS $WORKAROUND_FLAGS"
+ unset AFL_LLVM_LAF_ALL
+ unset AFL_LLVM_DICT2FILE
+ unset AFL_ENABLE_DICTIONARY
+ # We need to create a new fuzzer lib however.
+ ar ru libAFLDrivernew.a afl-compiler-rt.o utils/aflpp_driver/aflpp_driver.o
+ cp -f libAFLDrivernew.a $LIB_FUZZING_ENGINE
+}
+
+# Provide a way to document the afl++ options used in this build:
+echo
+echo afl++ target compilation setup:
+env | grep AFL_ | tee "$OUT/afl_options.txt"
+echo
+
+popd > /dev/null
echo " done."
diff --git a/infra/base-images/base-builder/compile_go_fuzzer b/infra/base-images/base-builder/compile_go_fuzzer
index 8f8cde7..2342800 100755
--- a/infra/base-images/base-builder/compile_go_fuzzer
+++ b/infra/base-images/base-builder/compile_go_fuzzer
@@ -18,27 +18,35 @@
path=$1
function=$2
fuzzer=$3
-tags=""
+tags="-tags gofuzz"
if [[ $# -eq 4 ]]; then
tags="-tags $4"
fi
+# makes directory change temporary
+(
+cd $GOPATH/src/$path || true
+# in the case we are in the right directory, with go.mod but no go.sum
+go mod tidy || true
+# project was downloaded with go get if go list fails
+go list $tags $path || { cd $GOPATH/pkg/mod/ && cd `echo $path | cut -d/ -f1-3 | awk '{print $1"@*"}'`; }
+# project does not have go.mod if go list fails again
+go list $tags $path || { go mod init $path && go mod tidy ;}
+
if [[ $SANITIZER = *coverage* ]]; then
- cd $GOPATH/src/$path
- fuzzed_package=`go list $tags -f '{{.Name}}'`
+ fuzzed_package=`go list $tags -f '{{.Name}}' $path`
+ abspath=`go list $tags -f {{.Dir}} $path`
+ cd $abspath
cp $GOPATH/ossfuzz_coverage_runner.go ./"${function,,}"_test.go
sed -i -e 's/FuzzFunction/'$function'/' ./"${function,,}"_test.go
sed -i -e 's/mypackagebeingfuzzed/'$fuzzed_package'/' ./"${function,,}"_test.go
sed -i -e 's/TestFuzzCorpus/Test'$function'Corpus/' ./"${function,,}"_test.go
- echo "#!/bin/sh" > $OUT/$fuzzer
- echo "cd $path" >> $OUT/$fuzzer
- # The fuzzer may be in a subdirectory, but we want the coverage report for the whole repository
fuzzed_repo=`echo $path | cut -d/ -f-3`
- echo "go test -run Test${function}Corpus -v $tags -coverpkg $fuzzed_repo/... -coverprofile \$1 " >> $OUT/$fuzzer
- chmod +x $OUT/$fuzzer
-
- cd -
+ abspath_repo=`go list -m $tags -f {{.Dir}} $fuzzed_repo || go list $tags -f {{.Dir}} $fuzzed_repo`
+ # give equivalence to absolute paths in another file, as go test -cover uses golangish pkg.Dir
+ echo "s=$fuzzed_repo"="$abspath_repo"= > $OUT/$fuzzer.gocovpath
+ go test -run Test${function}Corpus -v $tags -coverpkg $fuzzed_repo/... -c -o $OUT/$fuzzer $path
else
# Compile and instrument all Go files relevant to this fuzz target.
echo "Running go-fuzz $tags -func $function -o $fuzzer.a $path"
@@ -47,3 +55,4 @@
# Link Go code ($fuzzer.a) with fuzzing engine to produce fuzz target binary.
$CXX $CXXFLAGS $LIB_FUZZING_ENGINE $fuzzer.a -o $OUT/$fuzzer
fi
+)
diff --git a/infra/base-images/base-builder/compile_honggfuzz b/infra/base-images/base-builder/compile_honggfuzz
index 362a0a5..f86e842 100755
--- a/infra/base-images/base-builder/compile_honggfuzz
+++ b/infra/base-images/base-builder/compile_honggfuzz
@@ -17,8 +17,8 @@
echo "Skipping compilation; using precompiled honggfuzz"
-cp $PRECOMPILED_DIR/honggfuzz.a $LIB_FUZZING_ENGINE
-cp $PRECOMPILED_DIR/honggfuzz $OUT/
+cp $SRC/honggfuzz/honggfuzz.a $LIB_FUZZING_ENGINE
+cp $SRC/honggfuzz/honggfuzz $OUT/
# Custom coverage flags, roughly in sync with:
# https://github.com/google/honggfuzz/blob/oss-fuzz/hfuzz_cc/hfuzz-cc.c
diff --git a/infra/base-images/base-builder/compile_libfuzzer b/infra/base-images/base-builder/compile_libfuzzer
index 00f2d63..3fd7f39 100755
--- a/infra/base-images/base-builder/compile_libfuzzer
+++ b/infra/base-images/base-builder/compile_libfuzzer
@@ -16,16 +16,7 @@
################################################################################
echo -n "Compiling libFuzzer to $LIB_FUZZING_ENGINE... "
-mkdir -p $WORK/libfuzzer
-pushd $WORK/libfuzzer > /dev/null
-
-# Use -fPIC to allow preloading (LD_PRELOAD).
-$CXX $CXXFLAGS -std=c++11 -O2 -fPIC $SANITIZER_FLAGS -fno-sanitize=vptr \
- -c $SRC/libfuzzer/*.cpp -I$SRC/libfuzzer
-ar r $LIB_FUZZING_ENGINE_DEPRECATED $WORK/libfuzzer/*.o
-popd > /dev/null
-rm -rf $WORK/libfuzzer
-# Override variable as libFuzzer builds do not link directly against an
-# engine library, but use -fsanitize=fuzzer to instruct clang to do so.
export LIB_FUZZING_ENGINE="-fsanitize=fuzzer"
+cp /usr/local/lib/clang/*/lib/linux/libclang_rt.fuzzer-$ARCHITECTURE.a \
+ $LIB_FUZZING_ENGINE_DEPRECATED
echo " done."
diff --git a/infra/base-images/base-builder/debug_afl b/infra/base-images/base-builder/debug_afl
new file mode 100755
index 0000000..c53dae8
--- /dev/null
+++ b/infra/base-images/base-builder/debug_afl
@@ -0,0 +1,40 @@
+#!/bin/bash
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# Source this file for afl++ debug sessions.
+apt-get update
+apt-get install -y strace gdb vim joe psmisc
+
+pushd $SRC/aflplusplus > /dev/null
+git checkout dev
+git pull
+test -n "$1" && { git checkout "$1" ; git pull ; }
+CFLAGS_SAVE="$CFLAGS"
+CXXFLAGS_SAVE="$CXXFLAGS"
+unset CFLAGS
+unset CXXFLAGS
+make
+export CFLAGS="$CFLAGS_SAVE"
+export CXXFLAGS="$CXXFLAGS_SAVE"
+popd > /dev/null
+
+export ASAN_OPTIONS="detect_leaks=0:symbolize=0:detect_odr_violation=0:abort_on_error=1"
+export AFL_LLVM_LAF_ALL=1
+export AFL_LLVM_CMPLOG=1
+touch "$OUT/afl_cmplog.txt"
+export AFL_LLVM_DICT2FILE=$OUT/afl++.dict
+ulimit -c unlimited
diff --git a/infra/base-images/base-builder/detect_repo.py b/infra/base-images/base-builder/detect_repo.py
index 8969e97..e677e10 100644
--- a/infra/base-images/base-builder/detect_repo.py
+++ b/infra/base-images/base-builder/detect_repo.py
@@ -107,20 +107,25 @@
return None
-def check_for_repo_name(repo_path, repo_name):
- """Check to see if the repo_name matches the remote repository repo name.
+def check_for_repo_name(repo_path, expected_repo_name):
+ """Returns True if the repo at |repo_path| repo_name matches
+ |expected_repo_name|.
Args:
- repo_path: The directory of the git repo.
- repo_name: The name of the target git repo.
+ repo_path: The directory of a git repo.
+ expected_repo_name: The name of the target git repo.
"""
if not os.path.exists(os.path.join(repo_path, '.git')):
return False
- out, _ = execute(['git', 'config', '--get', 'remote.origin.url'],
- location=repo_path)
- out = out.split('/')[-1].replace('.git', '').rstrip()
- return out == repo_name
+ repo_url, _ = execute(['git', 'config', '--get', 'remote.origin.url'],
+ location=repo_path)
+ # Handle two common cases:
+ # https://github.com/google/syzkaller/
+ # https://github.com/google/syzkaller.git
+ repo_url = repo_url.replace('.git', '').rstrip().rstrip('/')
+ actual_repo_name = repo_url.split('/')[-1]
+ return actual_repo_name == expected_repo_name
def check_for_commit(repo_path, commit):
diff --git a/infra/base-images/base-builder/detect_repo_test.py b/infra/base-images/base-builder/detect_repo_test.py
index 21f64af..0243b3a 100644
--- a/infra/base-images/base-builder/detect_repo_test.py
+++ b/infra/base-images/base-builder/detect_repo_test.py
@@ -23,6 +23,7 @@
import sys
import tempfile
import unittest
+from unittest import mock
import detect_repo
@@ -36,6 +37,33 @@
# pylint: enable=wrong-import-position
+class TestCheckForRepoName(unittest.TestCase):
+ """Tests for check_for_repo_name."""
+
+ @mock.patch('os.path.exists', return_value=True)
+ @mock.patch('detect_repo.execute',
+ return_value=('https://github.com/google/syzkaller/', None))
+ def test_go_get_style_url(self, _, __):
+ """Tests that check_for_repo_name works on repos that were downloaded using
+ go get."""
+ self.assertTrue(detect_repo.check_for_repo_name('fake-path', 'syzkaller'))
+
+ @mock.patch('os.path.exists', return_value=True)
+ @mock.patch('detect_repo.execute',
+ return_value=('https://github.com/google/syzkaller', None))
+ def test_missing_git_and_slash_url(self, _, __):
+ """Tests that check_for_repo_name works on repos who's URLs do not end in
+ ".git" or "/"."""
+ self.assertTrue(detect_repo.check_for_repo_name('fake-path', 'syzkaller'))
+
+ @mock.patch('os.path.exists', return_value=True)
+ @mock.patch('detect_repo.execute',
+ return_value=('https://github.com/google/syzkaller.git', None))
+ def test_normal_style_repo_url(self, _, __):
+ """Tests that check_for_repo_name works on normally cloned repos."""
+ self.assertTrue(detect_repo.check_for_repo_name('fake-path', 'syzkaller'))
+
+
@unittest.skipIf(not os.getenv('INTEGRATION_TESTS'),
'INTEGRATION_TESTS=1 not set')
class DetectRepoIntegrationTest(unittest.TestCase):
diff --git a/infra/base-images/base-builder/precompile_afl b/infra/base-images/base-builder/precompile_afl
new file mode 100755
index 0000000..d6e71f2
--- /dev/null
+++ b/infra/base-images/base-builder/precompile_afl
@@ -0,0 +1,35 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+echo "Precompiling AFLplusplus"
+
+pushd $SRC/aflplusplus > /dev/null
+make clean
+# Unset CFLAGS and CXXFLAGS while building AFL since we don't want to slow it
+# down with sanitizers.
+SAVE_CXXFLAGS=$CXXFLAGS
+SAVE_CFLAGS=$CFLAGS
+unset CXXFLAGS
+unset CFLAGS
+export AFL_IGNORE_UNKNOWN_ENVS=1
+make clean
+AFL_NO_X86=1 PYTHON_INCLUDE=/ make
+make -C utils/aflpp_driver
+
+popd > /dev/null
+
+echo "Done."
diff --git a/infra/base-images/base-builder/precompile_honggfuzz b/infra/base-images/base-builder/precompile_honggfuzz
index 2565bb8..df6bb2b 100755
--- a/infra/base-images/base-builder/precompile_honggfuzz
+++ b/infra/base-images/base-builder/precompile_honggfuzz
@@ -15,7 +15,7 @@
#
################################################################################
-echo -n "Precompiling honggfuzz to $PRECOMPILED_DIR..."
+echo "Precompiling honggfuzz"
export BUILD_OSSFUZZ_STATIC=true
PACKAGES=(
@@ -37,10 +37,9 @@
# libhfuzz.a will be added by CC/CXX linker directly during linking,
# but it's defined here to satisfy the build infrastructure
-ar rcs $PRECOMPILED_DIR/honggfuzz.a libhfuzz/*.o libhfcommon/*.o
-cp honggfuzz $PRECOMPILED_DIR/
+ar rcs honggfuzz.a libhfuzz/*.o libhfcommon/*.o
popd > /dev/null
apt-get remove -y --purge ${PACKAGES[@]}
apt-get autoremove -y
-echo " done."
+echo "Done."
diff --git a/infra/base-images/base-clang/Dockerfile b/infra/base-images/base-clang/Dockerfile
index 928e793..3c16a8f 100644
--- a/infra/base-images/base-clang/Dockerfile
+++ b/infra/base-images/base-clang/Dockerfile
@@ -25,7 +25,8 @@
chmod +x cmake-$CMAKE_VERSION-Linux-x86_64.sh && \
./cmake-$CMAKE_VERSION-Linux-x86_64.sh --skip-license --prefix="/usr/local" && \
rm cmake-$CMAKE_VERSION-Linux-x86_64.sh && \
- SUDO_FORCE_REMOVE=yes apt-get remove --purge -y wget sudo
+ SUDO_FORCE_REMOVE=yes apt-get remove --purge -y wget sudo && \
+ rm -rf /usr/local/doc/cmake /usr/local/bin/cmake-gui
COPY checkout_build_install_llvm.sh /root/
# Keep all steps in the same script to decrease the number of intermediate
diff --git a/infra/base-images/base-clang/checkout_build_install_llvm.sh b/infra/base-images/base-clang/checkout_build_install_llvm.sh
index c5d97d5..f6e8ca9 100755
--- a/infra/base-images/base-clang/checkout_build_install_llvm.sh
+++ b/infra/base-images/base-clang/checkout_build_install_llvm.sh
@@ -15,10 +15,14 @@
#
################################################################################
-NPROC=16 # See issue #4270. The compiler crashes on GCB instance with 32 vCPUs.
+# See issue #4270. The compiler crashes on GCB instance with 32 vCPUs, so when
+# we compile on GCB we want 16 cores. But locally we want more (so use nproc /
+# 2).
+NPROC=$(expr $(nproc) / 2)
-LLVM_DEP_PACKAGES="build-essential make cmake ninja-build git python3 g++-multilib binutils-dev"
-apt-get install -y $LLVM_DEP_PACKAGES
+# zlib1g-dev is needed for llvm-profdata to handle coverage data from rust compiler
+LLVM_DEP_PACKAGES="build-essential make cmake ninja-build git python3 g++-multilib binutils-dev zlib1g-dev"
+apt-get install -y $LLVM_DEP_PACKAGES --no-install-recommends
# Checkout
CHECKOUT_RETRIES=10
@@ -60,7 +64,7 @@
# Use chromium's clang revision
mkdir $SRC/chromium_tools
cd $SRC/chromium_tools
-git clone https://chromium.googlesource.com/chromium/src/tools/clang
+git clone https://chromium.googlesource.com/chromium/src/tools/clang --depth 1
cd clang
LLVM_SRC=$SRC/llvm-project
@@ -89,11 +93,9 @@
git -C $LLVM_SRC checkout $LLVM_REVISION
echo "Using LLVM revision: $LLVM_REVISION"
-# Build & install. We build clang in two stages because gcc can't build a
-# static version of libcxxabi
-# (see https://github.com/google/oss-fuzz/issues/2164).
+# Build & install.
mkdir -p $WORK/llvm-stage2 $WORK/llvm-stage1
-cd $WORK/llvm-stage1
+python3 $SRC/chromium_tools/clang/scripts/update.py --output-dir $WORK/llvm-stage1
TARGET_TO_BUILD=
case $(uname -m) in
@@ -111,9 +113,6 @@
PROJECTS_TO_BUILD="libcxx;libcxxabi;compiler-rt;clang;lld"
-cmake_llvm
-ninja -j $NPROC
-
cd $WORK/llvm-stage2
export CC=$WORK/llvm-stage1/bin/clang
export CXX=$WORK/llvm-stage1/bin/clang++
@@ -175,3 +174,54 @@
rm -rf $SRC/chromium_tools
apt-get remove --purge -y $LLVM_DEP_PACKAGES
apt-get autoremove -y
+
+# Delete unneeded parts of LLVM to reduce image size.
+# See https://github.com/google/oss-fuzz/issues/5170
+LLVM_TOOLS_TMPDIR=/tmp/llvm-tools
+mkdir $LLVM_TOOLS_TMPDIR
+# Move binaries with llvm- prefix that we want into LLVM_TOOLS_TMPDIR
+mv \
+ /usr/local/bin/llvm-ar \
+ /usr/local/bin/llvm-as \
+ /usr/local/bin/llvm-config \
+ /usr/local/bin/llvm-cov \
+ /usr/local/bin/llvm-objcopy \
+ /usr/local/bin/llvm-profdata \
+ /usr/local/bin/llvm-ranlib \
+ /usr/local/bin/llvm-symbolizer \
+ /usr/local/bin/llvm-undname \
+ $LLVM_TOOLS_TMPDIR
+# Delete remaining llvm- binaries.
+rm -rf /usr/local/bin/llvm-*
+# Restore the llvm- binaries we want to keep.
+mv $LLVM_TOOLS_TMPDIR/* /usr/local/bin/
+rm -rf $LLVM_TOOLS_TMPDIR
+
+# Remove binaries from LLVM buld that we don't need.
+rm -f \
+ /usr/local/bin/bugpoint \
+ /usr/local/bin/llc \
+ /usr/local/bin/lli \
+ /usr/local/bin/clang-check \
+ /usr/local/bin/clang-refactor \
+ /usr/local/bin/clang-offload-wrapper \
+ /usr/local/bin/clang-offload-bundler \
+ /usr/local/bin/clang-check \
+ /usr/local/bin/clang-refactor \
+ /usr/local/bin/c-index-test \
+ /usr/local/bin/clang-rename \
+ /usr/local/bin/clang-scan-deps \
+ /usr/local/bin/clang-extdef-mapping \
+ /usr/local/bin/diagtool \
+ /usr/local/bin/sanstats \
+ /usr/local/bin/dsymutil \
+ /usr/local/bin/verify-uselistorder \
+ /usr/local/bin/clang-format
+
+# Remove unneeded clang libs, CMake files from LLVM build, lld libs, and the
+# libraries.
+# Note: we need fuzzer_no_main libraries for atheris. Don't delete.
+rm -rf \
+ /usr/local/lib/libclang* \
+ /usr/local/lib/liblld* \
+ /usr/local/lib/cmake/
diff --git a/infra/base-images/base-runner/Dockerfile b/infra/base-images/base-runner/Dockerfile
old mode 100644
new mode 100755
index f0a264f..f847de0
--- a/infra/base-images/base-runner/Dockerfile
+++ b/infra/base-images/base-runner/Dockerfile
@@ -14,30 +14,40 @@
#
################################################################################
+# Build rust stuff in its own image. We only need the resulting binaries.
+# Keeping the rust toolchain in the image wastes 1 GB.
+FROM gcr.io/oss-fuzz-base/base-image as temp-runner-binary-builder
+
+RUN apt-get update && apt-get install -y cargo
+RUN cargo install rustfilt
+
# Using multi-stage build to copy some LLVM binaries needed in the runner image.
FROM gcr.io/oss-fuzz-base/base-clang AS base-clang
+# Real image that will be used later.
FROM gcr.io/oss-fuzz-base/base-image
+COPY --from=temp-runner-binary-builder /root/.cargo/bin/rustfilt /usr/local/bin
+
# Copy the binaries needed for code coverage and crash symbolization.
COPY --from=base-clang /usr/local/bin/llvm-cov \
/usr/local/bin/llvm-profdata \
/usr/local/bin/llvm-symbolizer \
/usr/local/bin/
-# TODO(metzman): Install libc6-i386 lib32gcc1 instead of libc6-dev-i386 for
-# consistency with ClusterFuzz image and to reduce size.
RUN apt-get update && apt-get install -y \
binutils \
file \
fonts-dejavu \
git \
- libc6-dev-i386 \
+ lib32gcc1 \
+ libc6-i386 \
libcap2 \
python3 \
python3-pip \
+ unzip \
wget \
- zip
+ zip --no-install-recommends
RUN git clone https://chromium.googlesource.com/chromium/src/tools/code_coverage /opt/code_coverage && \
pip3 install -r /opt/code_coverage/requirements.txt
@@ -66,7 +76,20 @@
ENV PATH $PATH:/root/.go/bin:$GOPATH/bin
# Set up Golang coverage modules.
-RUN go get github.com/google/oss-fuzz/infra/go/coverage/...
+COPY gocoverage $GOPATH/gocoverage
+RUN cd $GOPATH/gocoverage && go install ./...
+
+# Install OpenJDK 15 and trim its size by removing unused components.
+ENV JAVA_HOME=/usr/lib/jvm/java-15-openjdk-amd64
+ENV JVM_LD_LIBRARY_PATH=$JAVA_HOME/lib/server
+ENV PATH=$PATH:$JAVA_HOME/bin
+
+RUN wget https://download.java.net/java/GA/jdk15.0.2/0d1cfde4252546c6931946de8db48ee2/7/GPL/openjdk-15.0.2_linux-x64_bin.tar.gz -O /tmp/openjdk-15.0.2_linux-x64_bin.tar.gz && \
+ cd /tmp && \
+ mkdir -p $JAVA_HOME && \
+ tar -xzv --strip-components=1 -f openjdk-15.0.2_linux-x64_bin.tar.gz --directory $JAVA_HOME && \
+ rm -f openjdk-15.0.2_linux-x64_bin.tar.gz && \
+ rm -rf $JAVA_HOME/jmods $JAVA_HOME/lib/src.zip
# Do this last to make developing these files easier/faster due to caching.
COPY bad_build_check \
@@ -75,12 +98,11 @@
coverage_helper \
dataflow_tracer.py \
download_corpus \
- minijail0 \
+ rcfilt \
reproduce \
run_fuzzer \
- run_minijail \
parse_options.py \
targets_list \
test_all.py \
- test_one \
+ test_one.py \
/usr/local/bin/
diff --git a/infra/base-images/base-runner/bad_build_check b/infra/base-images/base-runner/bad_build_check
index a57a482..01f8fbb 100755
--- a/infra/base-images/base-runner/bad_build_check
+++ b/infra/base-images/base-runner/bad_build_check
@@ -301,6 +301,12 @@
local result=0
local CALL_INSN=
+ if [ "${FUZZING_LANGUAGE:-}" = "jvm" ]; then
+ # Sanitizer runtime is linked into the Jazzer driver, so this check does not
+ # apply.
+ return 0
+ fi
+
if [ "${FUZZING_LANGUAGE:-}" = "python" ]; then
# Sanitizer runtime is loaded via LD_PRELOAD, so this check does not apply.
return 0
@@ -312,7 +318,7 @@
else
case $(uname -m) in
x86_64)
- CALL_INSN="callq\s+[0-9a-f]+\s+<"
+ CALL_INSN="callq?\s+[0-9a-f]+\s+<"
;;
aarch64)
CALL_INSN="bl\s+[0-9a-f]+\s+<"
@@ -328,6 +334,7 @@
local MSAN_CALLS=$(objdump -dC $FUZZER | egrep "${CALL_INSN}__msan" -c)
local UBSAN_CALLS=$(objdump -dC $FUZZER | egrep "${CALL_INSN}__ubsan" -c)
+
if [[ "$SANITIZER" = address ]]; then
check_asan_build $FUZZER $ASAN_CALLS $DFSAN_CALLS $MSAN_CALLS $UBSAN_CALLS
result=$?
@@ -340,6 +347,9 @@
elif [[ "$SANITIZER" = undefined ]]; then
check_ubsan_build $FUZZER $ASAN_CALLS $DFSAN_CALLS $MSAN_CALLS $UBSAN_CALLS
result=$?
+ elif [[ "$SANITIZER" = thread ]]; then
+ # TODO(metzman): Implement this.
+ result=0
fi
return $result
@@ -376,6 +386,12 @@
local FUZZER=$1
local FUZZER_NAME=$(basename $FUZZER)
+ if [ "${FUZZING_LANGUAGE:-}" = "jvm" ]; then
+ # The native dependencies of a JVM project are not packaged, but loaded
+ # dynamically at runtime and thus cannot be checked here.
+ return 0;
+ fi
+
if [ "${FUZZING_LANGUAGE:-}" = "python" ]; then
FUZZER=${FUZZER}.pkg
fi
diff --git a/infra/base-images/base-runner/coverage b/infra/base-images/base-runner/coverage
index 2fcf9e9..a86b00d 100755
--- a/infra/base-images/base-runner/coverage
+++ b/infra/base-images/base-runner/coverage
@@ -114,13 +114,15 @@
function run_go_fuzz_target {
local target=$1
- cd $GOPATH/src
echo "Running go target $target"
export FUZZ_CORPUS_DIR="/corpus/${target}/"
export FUZZ_PROFILE_NAME="$DUMPS_DIR/$target.perf"
- bash $OUT/$target $DUMPS_DIR/$target.profdata &> $LOGS_DIR/$target.log
+ $OUT/$target -test.coverprofile $DUMPS_DIR/$target.profdata &> $LOGS_DIR/$target.log
+ # translate from golangish paths to current absolute paths
+ cat $OUT/$target.gocovpath | while read i; do sed -i $i $DUMPS_DIR/$target.profdata; done
+ # cf PATH_EQUIVALENCE_ARGS
+ sed -i 's=/='$OUT'/=' $DUMPS_DIR/$target.profdata
$SYSGOPATH/bin/gocovsum $DUMPS_DIR/$target.profdata > $FUZZER_STATS_DIR/$target.json
- cd $OUT
}
export SYSGOPATH=$GOPATH
@@ -131,7 +133,7 @@
if [[ $FUZZING_LANGUAGE == "go" ]]; then
# Continue if not a fuzz target.
if [[ $FUZZING_ENGINE != "none" ]]; then
- grep "go test -run" $fuzz_target > /dev/null 2>&1 || continue
+ grep "FUZZ_CORPUS_DIR" $fuzz_target > /dev/null 2>&1 || continue
fi
run_go_fuzz_target $fuzz_target &
else
@@ -193,7 +195,7 @@
# Generate HTML report.
llvm-cov show -format=html -output-dir=$REPORT_ROOT_DIR \
- -Xdemangler c++filt -Xdemangler -n $LLVM_COV_ARGS
+ -Xdemangler rcfilt $LLVM_COV_ARGS
# Export coverage summary in JSON format.
llvm-cov export -summary-only $LLVM_COV_ARGS > $SUMMARY_FILE
diff --git a/infra/base-images/base-runner/gocoverage/go.mod b/infra/base-images/base-runner/gocoverage/go.mod
new file mode 100644
index 0000000..b0b5721
--- /dev/null
+++ b/infra/base-images/base-runner/gocoverage/go.mod
@@ -0,0 +1,8 @@
+module oss-fuzz.com/gocoverage
+
+go 1.14
+
+require (
+ github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5
+ golang.org/x/tools v0.1.0
+)
diff --git a/infra/base-images/base-runner/gocoverage/go.sum b/infra/base-images/base-runner/gocoverage/go.sum
new file mode 100644
index 0000000..3279af3
--- /dev/null
+++ b/infra/base-images/base-runner/gocoverage/go.sum
@@ -0,0 +1,30 @@
+github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5 h1:zIaiqGYDQwa4HVx5wGRTXbx38Pqxjemn4BP98wpzpXo=
+github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.0 h1:po9/4sTYwZU9lPhi1tOrb4hCv3qrhiQ77LZfGa2OjwY=
+golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
diff --git a/infra/go/coverage/gocovmerge/LICENSE b/infra/base-images/base-runner/gocoverage/gocovmerge/LICENSE
similarity index 100%
rename from infra/go/coverage/gocovmerge/LICENSE
rename to infra/base-images/base-runner/gocoverage/gocovmerge/LICENSE
diff --git a/infra/go/coverage/gocovmerge/gocovmerge.go b/infra/base-images/base-runner/gocoverage/gocovmerge/gocovmerge.go
similarity index 100%
rename from infra/go/coverage/gocovmerge/gocovmerge.go
rename to infra/base-images/base-runner/gocoverage/gocovmerge/gocovmerge.go
diff --git a/infra/base-images/base-runner/gocoverage/gocovsum/gocovsum.go b/infra/base-images/base-runner/gocoverage/gocovsum/gocovsum.go
new file mode 100644
index 0000000..973b7ae
--- /dev/null
+++ b/infra/base-images/base-runner/gocoverage/gocovsum/gocovsum.go
@@ -0,0 +1,147 @@
+package main
+
+import (
+ "encoding/json"
+ "flag"
+ "fmt"
+ "log"
+
+ "go/ast"
+ "go/parser"
+ "go/token"
+
+ "golang.org/x/tools/cover"
+)
+
+type CoverageTotal struct {
+ Count int `json:"count"`
+ Covered int `json:"covered"`
+ Uncovered int `json:"notcovered"`
+ Percent float64 `json:"percent"`
+}
+
+type CoverageTotals struct {
+ Functions CoverageTotal `json:"functions,omitempty"`
+ Lines CoverageTotal `json:"lines,omitempty"`
+ Regions CoverageTotal `json:"regions,omitempty"`
+ Instantiations CoverageTotal `json:"instantiations,omitempty"`
+ Branches CoverageTotal `json:"branches,omitempty"`
+}
+
+type CoverageFile struct {
+ Summary CoverageTotals `json:"summary,omitempty"`
+ Filename string `json:"filename,omitempty"`
+}
+
+type CoverageData struct {
+ Totals CoverageTotals `json:"totals,omitempty"`
+ Files []CoverageFile `json:"files,omitempty"`
+}
+
+type PositionInterval struct {
+ start token.Position
+ end token.Position
+}
+
+type CoverageSummary struct {
+ Data []CoverageData `json:"data,omitempty"`
+ Type string `json:"type,omitempty"`
+ Version string `json:"version,omitempty"`
+}
+
+func isFunctionCovered(s token.Position, e token.Position, blocks []cover.ProfileBlock) bool {
+ for _, b := range blocks {
+ if b.StartLine >= s.Line && b.StartLine <= e.Line && b.EndLine >= s.Line && b.EndLine <= e.Line {
+ if b.Count > 0 {
+ return true
+ }
+ }
+ }
+ return false
+}
+
+func computePercent(s *CoverageTotals) {
+ s.Regions.Percent = float64(100*s.Regions.Covered) / float64(s.Regions.Count)
+ s.Lines.Percent = float64(100*s.Lines.Covered) / float64(s.Lines.Count)
+ s.Functions.Percent = float64(100*s.Functions.Covered) / float64(s.Functions.Count)
+}
+
+func main() {
+ flag.Parse()
+
+ if len(flag.Args()) != 1 {
+ log.Fatalf("needs exactly one argument")
+ }
+ profiles, err := cover.ParseProfiles(flag.Args()[0])
+ if err != nil {
+ log.Fatalf("failed to parse profiles: %v", err)
+ }
+ r := CoverageSummary{}
+ r.Type = "oss-fuzz.go.coverage.json.export"
+ r.Version = "2.0.1"
+ r.Data = make([]CoverageData, 1)
+ for _, p := range profiles {
+ fset := token.NewFileSet() // positions are relative to fset
+ f, err := parser.ParseFile(fset, p.FileName, nil, 0)
+ if err != nil {
+ panic(err)
+ }
+ fileCov := CoverageFile{}
+ fileCov.Filename = p.FileName
+ ast.Inspect(f, func(n ast.Node) bool {
+ switch x := n.(type) {
+ case *ast.FuncLit:
+ startf := fset.Position(x.Pos())
+ endf := fset.Position(x.End())
+ fileCov.Summary.Functions.Count++
+ if isFunctionCovered(startf, endf, p.Blocks) {
+ fileCov.Summary.Functions.Covered++
+ } else {
+ fileCov.Summary.Functions.Uncovered++
+ }
+ case *ast.FuncDecl:
+ startf := fset.Position(x.Pos())
+ endf := fset.Position(x.End())
+ fileCov.Summary.Functions.Count++
+ if isFunctionCovered(startf, endf, p.Blocks) {
+ fileCov.Summary.Functions.Covered++
+ } else {
+ fileCov.Summary.Functions.Uncovered++
+ }
+ }
+ return true
+ })
+
+ for _, b := range p.Blocks {
+ fileCov.Summary.Regions.Count++
+ if b.Count > 0 {
+ fileCov.Summary.Regions.Covered++
+ } else {
+ fileCov.Summary.Regions.Uncovered++
+ }
+
+ fileCov.Summary.Lines.Count += b.NumStmt
+ if b.Count > 0 {
+ fileCov.Summary.Lines.Covered += b.NumStmt
+ } else {
+ fileCov.Summary.Lines.Uncovered += b.NumStmt
+ }
+ }
+ r.Data[0].Totals.Regions.Count += fileCov.Summary.Regions.Count
+ r.Data[0].Totals.Regions.Covered += fileCov.Summary.Regions.Covered
+ r.Data[0].Totals.Regions.Uncovered += fileCov.Summary.Regions.Uncovered
+ r.Data[0].Totals.Lines.Count += fileCov.Summary.Lines.Count
+ r.Data[0].Totals.Lines.Covered += fileCov.Summary.Lines.Covered
+ r.Data[0].Totals.Lines.Uncovered += fileCov.Summary.Lines.Uncovered
+ r.Data[0].Totals.Functions.Count += fileCov.Summary.Functions.Count
+ r.Data[0].Totals.Functions.Covered += fileCov.Summary.Functions.Covered
+ r.Data[0].Totals.Functions.Uncovered += fileCov.Summary.Functions.Uncovered
+
+ computePercent(&fileCov.Summary)
+ r.Data[0].Files = append(r.Data[0].Files, fileCov)
+ }
+
+ computePercent(&r.Data[0].Totals)
+ o, _ := json.Marshal(r)
+ fmt.Printf(string(o))
+}
diff --git a/infra/go/coverage/pprof-merge/LICENSE b/infra/base-images/base-runner/gocoverage/pprof-merge/LICENSE
similarity index 100%
rename from infra/go/coverage/pprof-merge/LICENSE
rename to infra/base-images/base-runner/gocoverage/pprof-merge/LICENSE
diff --git a/infra/go/coverage/pprof-merge/main.go b/infra/base-images/base-runner/gocoverage/pprof-merge/main.go
similarity index 100%
rename from infra/go/coverage/pprof-merge/main.go
rename to infra/base-images/base-runner/gocoverage/pprof-merge/main.go
diff --git a/infra/base-images/base-runner/minijail0 b/infra/base-images/base-runner/minijail0
deleted file mode 100755
index 369e0bb..0000000
--- a/infra/base-images/base-runner/minijail0
+++ /dev/null
Binary files differ
diff --git a/infra/base-images/base-runner/rcfilt b/infra/base-images/base-runner/rcfilt
new file mode 100755
index 0000000..1c62110
--- /dev/null
+++ b/infra/base-images/base-runner/rcfilt
@@ -0,0 +1,21 @@
+#!/bin/bash -u
+# Copyright 2020 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Symbol demangling for both C++ and Rust
+#
+################################################################################
+
+# simply pipe
+rustfilt | c++filt -n
diff --git a/infra/base-images/base-runner/run_fuzzer b/infra/base-images/base-runner/run_fuzzer
index 6464ddc..b9bc8d9 100755
--- a/infra/base-images/base-runner/run_fuzzer
+++ b/infra/base-images/base-runner/run_fuzzer
@@ -98,22 +98,29 @@
if [[ "$FUZZING_ENGINE" = afl ]]; then
# Set afl++ environment options.
- export ASAN_OPTIONS="$ASAN_OPTIONS:abort_on_error=1:symbolize=0"
+ export ASAN_OPTIONS="$ASAN_OPTIONS:abort_on_error=1:symbolize=0:detect_odr_violation=0:"
export MSAN_OPTIONS="$MSAN_OPTIONS:exit_code=86:symbolize=0"
export UBSAN_OPTIONS="$UBSAN_OPTIONS:symbolize=0"
export AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1
export AFL_SKIP_CPUFREQ=1
export AFL_NO_AFFINITY=1
export AFL_FAST_CAL=1
- export AFL_MAP_SIZE=4194304
# If $OUT/afl_cmplog.txt is present this means the target was compiled for
# CMPLOG. So we have to add the proper parameters to afl-fuzz. `-l 2` is
# CMPLOG level 2, which will colorize larger files but not huge files and
# not enable transform analysis unless there have been several cycles without
# any finds.
- test -e $OUT/afl_cmplog.txt && AFL_FUZZER_ARGS="$AFL_FUZZER_ARGS -l 2 -c $OUT/$FUZZER"
+ test -e "$OUT/afl_cmplog.txt" && AFL_FUZZER_ARGS="$AFL_FUZZER_ARGS -l 2 -c $OUT/$FUZZER"
+ # If $OUT/afl++.dict we load it as a dictionary for afl-fuzz.
+ test -e "$OUT/afl++.dict" && AFL_FUZZER_ARGS="$AFL_FUZZER_ARGS -x $OUT/afl++.dict"
+ # Ensure timeout is a bit large than 1sec as some of the OSS-Fuzz fuzzers
+ # are slower than this.
+ AFL_FUZZER_ARGS="$AFL_FUZZER_ARGS -t 5000+"
# AFL expects at least 1 file in the input dir.
echo input > ${CORPUS_DIR}/input
+ echo afl++ setup:
+ env|grep AFL_
+ cat "$OUT/afl_options.txt"
CMD_LINE="$OUT/afl-fuzz $AFL_FUZZER_ARGS -i $CORPUS_DIR -o $FUZZER_OUT $(get_dictionary) $* -- $OUT/$FUZZER"
elif [[ "$FUZZING_ENGINE" = honggfuzz ]]; then
diff --git a/infra/base-images/base-runner/run_minijail b/infra/base-images/base-runner/run_minijail
deleted file mode 100755
index bf950b1..0000000
--- a/infra/base-images/base-runner/run_minijail
+++ /dev/null
@@ -1,59 +0,0 @@
-#!/bin/bash -eu
-# Copyright 2017 Google Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-################################################################################
-
-rm -rf /tmp/chroot
-mkdir /tmp/chroot
-
-mkdir /tmp/chroot/lib
-mkdir /tmp/chroot/lib64
-mkdir /tmp/chroot/lib32
-
-mkdir /tmp/chroot/usr
-mkdir /tmp/chroot/usr/lib
-mkdir /tmp/chroot/usr/lib32
-
-mkdir /tmp/chroot/dev
-mknod -m 666 /tmp/chroot/dev/null c 1 3
-mknod -m 666 /tmp/chroot/dev/urandom c 1 9
-
-mkdir /tmp/chroot/proc
-mkdir /tmp/chroot/tmp
-
-mkdir /tmp/chroot/bin
-cp /bin/sh /tmp/chroot/bin/sh
-cp $(which llvm-symbolizer) /tmp/chroot/bin/llvm-symbolizer
-
-FULL_EXE_PATH=$(readlink -f $1)
-EXE_DIR=$(dirname $FULL_EXE_PATH)
-mkdir -p /tmp/chroot/$EXE_DIR
-
-shift
-
-echo 'Running:'
-echo minijail0 -U -m \"0 $UID 1\" -T static \
- -c 0 -n -v -p -l -I \
- -k proc,/proc,proc,1 -P /tmp/chroot \
- -b /lib,/lib,0 -b /lib64,/lib64,0 -b /lib32,/lib32,0 -b /usr/lib,/usr/lib,0 \
- -b /usr/lib32,/usr/lib32,0 -b /tmp,/tmp,1 \
- -b $EXE_DIR,$EXE_DIR,0 $FULL_EXE_PATH $@
-
-minijail0 -U -m "0 $UID 1" -T static \
- -c 0 -n -v -p -l -I \
- -k proc,/proc,proc,1 -P /tmp/chroot \
- -b /lib,/lib,0 -b /lib64,/lib64,0 -b /lib32,/lib32,0 -b /usr/lib,/usr/lib,0 \
- -b /usr/lib32,/usr/lib32,0 -b /tmp,/tmp,1 \
- -b $EXE_DIR,$EXE_DIR,0 $FULL_EXE_PATH $@
diff --git a/infra/base-images/base-runner/test_all.py b/infra/base-images/base-runner/test_all.py
index 360da03..925ebde 100755
--- a/infra/base-images/base-runner/test_all.py
+++ b/infra/base-images/base-runner/test_all.py
@@ -78,11 +78,16 @@
continue
if filename.startswith('afl-'):
continue
+ if filename.startswith('jazzer_'):
+ continue
if not os.path.isfile(path):
continue
if not os.stat(path).st_mode & EXECUTABLE:
continue
- if fuzzing_language != 'python' and not is_elf(path):
+ # Fuzz targets are expected to be ELF binaries for languages other than
+ # Python and Java.
+ if (fuzzing_language != 'python' and fuzzing_language != 'jvm' and
+ not is_elf(path)):
continue
if os.getenv('FUZZING_ENGINE') != 'none':
with open(path, 'rb') as file_handle:
diff --git a/infra/base-images/base-runner/test_one b/infra/base-images/base-runner/test_one
deleted file mode 100755
index 23b7fd9..0000000
--- a/infra/base-images/base-runner/test_one
+++ /dev/null
@@ -1,58 +0,0 @@
-#!/bin/bash -u
-# Copyright 2020 Google Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-################################################################################
-
-# Wrapper around bad_build_check that moves the /out directory to /tmp/not-out.
-# This is useful when bad_build_check isn't called from test_all which does the
-# same thing.
-
-function main {
- # Move the directory the fuzzer is located in to somewhere that doesn't exist
- # on the builder to make it more likely that hardcoding /out fails here (since
- # it will fail on ClusterFuzz).
- local fuzzer=$1
- fuzzer=$(realpath $fuzzer)
- local initial_fuzzer_dir=$(dirname $fuzzer)
-
- local tmp_fuzzer_dir=/tmp/not-out
- rm -rf $tmp_fuzzer_dir
- mkdir $tmp_fuzzer_dir
- # Move the contents of $initial_fuzzer_dir rather than the directory itself in
- # case it is a mount.
- mv $initial_fuzzer_dir/* $tmp_fuzzer_dir
- fuzzer="$tmp_fuzzer_dir/$(basename $fuzzer)"
-
- # Change OUT to the temporary fuzzer dir.
- local initial_out=$OUT
- export OUT=$tmp_fuzzer_dir
-
- bad_build_check $fuzzer
- returncode=$?
-
- # Restore OUT and $initial_fuzzer_dir
- export OUT=$initial_out
- mv $tmp_fuzzer_dir/* $initial_fuzzer_dir
-
- return $returncode
-}
-
-if [ $# -ne 1 ]; then
- echo "Usage: $0 <fuzz_target_binary>"
- exit 1
-fi
-
-main $1
-exit $?
diff --git a/infra/base-images/base-runner/test_one.py b/infra/base-images/base-runner/test_one.py
new file mode 100755
index 0000000..9bdb75f
--- /dev/null
+++ b/infra/base-images/base-runner/test_one.py
@@ -0,0 +1,43 @@
+#!/usr/bin/env python3
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+"""Does bad_build_check on a fuzz target in $OUT."""
+import os
+import sys
+
+import test_all
+
+
+def test_one(fuzz_target):
+ """Does bad_build_check on one fuzz target. Returns True on success."""
+ with test_all.use_different_out_dir():
+ fuzz_target_path = os.path.join(os.environ['OUT'], fuzz_target)
+ return test_all.do_bad_build_check(fuzz_target_path).returncode == 0
+
+
+def main():
+ """Does bad_build_check on one fuzz target. Returns 1 on failure, 0 on
+ success."""
+ if len(sys.argv) != 2:
+ print('Usage: %d <fuzz_target>', sys.argv[0])
+ return 1
+
+ fuzz_target_binary = sys.argv[1]
+ return 0 if test_one(fuzz_target_binary) else 1
+
+
+if __name__ == '__main__':
+ sys.exit(main())
diff --git a/infra/base-images/base-sanitizer-libs-builder/msan_build.py b/infra/base-images/base-sanitizer-libs-builder/msan_build.py
index 928b1a5..5ea00ab 100755
--- a/infra/base-images/base-sanitizer-libs-builder/msan_build.py
+++ b/infra/base-images/base-sanitizer-libs-builder/msan_build.py
@@ -73,7 +73,9 @@
dpkg_host_architecture = wrapper_utils.DpkgHostArchitecture()
wrapper_utils.CreateSymlinks(
- compiler_wrapper_path, bin_dir, [
+ compiler_wrapper_path,
+ bin_dir,
+ [
'clang',
'clang++',
# Not all build rules respect $CC/$CXX, so make additional symlinks.
@@ -101,41 +103,35 @@
env['DPKG_GENSYMBOLS_CHECK_LEVEL'] = '0'
# debian/rules can set DPKG_GENSYMBOLS_CHECK_LEVEL explicitly, so override it.
- gen_symbols_wrapper = (
- '#!/bin/sh\n'
- 'export DPKG_GENSYMBOLS_CHECK_LEVEL=0\n'
- '/usr/bin/dpkg-gensymbols "$@"\n')
+ gen_symbols_wrapper = ('#!/bin/sh\n'
+ 'export DPKG_GENSYMBOLS_CHECK_LEVEL=0\n'
+ '/usr/bin/dpkg-gensymbols "$@"\n')
- wrapper_utils.InstallWrapper(bin_dir, 'dpkg-gensymbols',
- gen_symbols_wrapper)
+ wrapper_utils.InstallWrapper(bin_dir, 'dpkg-gensymbols', gen_symbols_wrapper)
# Install no-op strip binaries.
- no_op_strip = ('#!/bin/sh\n'
- 'exit 0\n')
- wrapper_utils.InstallWrapper(
- bin_dir, 'strip', no_op_strip,
- [dpkg_host_architecture + '-strip'])
+ no_op_strip = ('#!/bin/sh\n' 'exit 0\n')
+ wrapper_utils.InstallWrapper(bin_dir, 'strip', no_op_strip,
+ [dpkg_host_architecture + '-strip'])
env['PATH'] = bin_dir + ':' + os.environ['PATH']
# nocheck doesn't disable override_dh_auto_test. So we have this hack to try
# to disable "make check" or "make test" invocations.
- make_wrapper = (
- '#!/bin/bash\n'
- 'if [ "$1" = "test" ] || [ "$1" = "check" ]; then\n'
- ' exit 0\n'
- 'fi\n'
- '/usr/bin/make "$@"\n')
- wrapper_utils.InstallWrapper(bin_dir, 'make',
- make_wrapper)
+ make_wrapper = ('#!/bin/bash\n'
+ 'if [ "$1" = "test" ] || [ "$1" = "check" ]; then\n'
+ ' exit 0\n'
+ 'fi\n'
+ '/usr/bin/make "$@"\n')
+ wrapper_utils.InstallWrapper(bin_dir, 'make', make_wrapper)
# Prevent entire build from failing because of bugs/uninstrumented in tools
# that are part of the build.
msan_log_dir = os.path.join(work_dir, 'msan')
os.mkdir(msan_log_dir)
msan_log_path = os.path.join(msan_log_dir, 'log')
- env['MSAN_OPTIONS'] = (
- 'halt_on_error=0:exitcode=0:report_umrs=0:log_path=' + msan_log_path)
+ env['MSAN_OPTIONS'] = ('halt_on_error=0:exitcode=0:report_umrs=0:log_path=' +
+ msan_log_path)
# Increase maximum stack size to prevent tests from failing.
limit = 128 * 1024 * 1024
@@ -207,7 +203,7 @@
target_file_path = os.path.join(output_directory, rel_file_path)
extracted.append(target_file_path)
-
+
if os.path.lexists(target_file_path):
os.remove(target_file_path)
@@ -215,8 +211,8 @@
link_path = os.readlink(file_path)
if os.path.isabs(link_path):
# Make absolute links relative.
- link_path = os.path.relpath(
- link_path, os.path.join('/', rel_directory))
+ link_path = os.path.relpath(link_path,
+ os.path.join('/', rel_directory))
os.symlink(link_path, target_file_path)
else:
@@ -244,8 +240,8 @@
def PatchRpath(path, output_directory):
"""Patch rpath to be relative to $ORIGIN."""
try:
- rpaths = subprocess.check_output(
- ['patchelf', '--print-rpath', path]).strip()
+ rpaths = subprocess.check_output(['patchelf', '--print-rpath',
+ path]).strip()
except subprocess.CalledProcessError:
return
@@ -262,15 +258,13 @@
processed_rpath.append(rpath)
continue
- processed_rpath.append(os.path.join(
- '$ORIGIN',
- os.path.relpath(rpath, rel_directory)))
+ processed_rpath.append(
+ os.path.join('$ORIGIN', os.path.relpath(rpath, rel_directory)))
processed_rpath = ':'.join(processed_rpath)
print('Patching rpath for', path, 'to', processed_rpath)
subprocess.check_call(
- ['patchelf', '--force-rpath', '--set-rpath',
- processed_rpath, path])
+ ['patchelf', '--force-rpath', '--set-rpath', processed_rpath, path])
def _CollectDependencies(apt_cache, pkg, cache, dependencies):
@@ -331,7 +325,11 @@
class MSanBuilder(object):
"""MSan builder."""
- def __init__(self, debug=False, log_path=None, work_dir=None, no_track_origins=False):
+ def __init__(self,
+ debug=False,
+ log_path=None,
+ work_dir=None,
+ no_track_origins=False):
self.debug = debug
self.log_path = log_path
self.work_dir = work_dir
@@ -396,19 +394,24 @@
extracted_paths = ExtractLibraries(deb_paths, self.work_dir,
extract_directory)
for extracted_path in extracted_paths:
- if not os.path.islink(extracted_path):
- PatchRpath(extracted_path, extract_directory)
+ if os.path.islink(extracted_path):
+ continue
+ if os.path.basename(extracted_path) == 'llvm-symbolizer':
+ continue
+ PatchRpath(extracted_path, extract_directory)
def main():
parser = argparse.ArgumentParser('msan_build.py', description='MSan builder.')
parser.add_argument('package_names', nargs='+', help='Name of the packages.')
parser.add_argument('output_dir', help='Output directory.')
- parser.add_argument('--create-subdirs', action='store_true',
+ parser.add_argument('--create-subdirs',
+ action='store_true',
help=('Create subdirectories in the output '
'directory for each package.'))
parser.add_argument('--work-dir', help='Work directory.')
- parser.add_argument('--no-build-deps', action='store_true',
+ parser.add_argument('--no-build-deps',
+ action='store_true',
help='Don\'t build dependencies.')
parser.add_argument('--debug', action='store_true', help='Enable debug mode.')
parser.add_argument('--log-path', help='Log path for debugging.')
@@ -445,7 +448,8 @@
for package_name in package_names:
print('\t', package_name)
- with MSanBuilder(debug=args.debug, log_path=args.log_path,
+ with MSanBuilder(debug=args.debug,
+ log_path=args.log_path,
work_dir=args.work_dir,
no_track_origins=args.no_track_origins) as builder:
for package_name in package_names:
diff --git a/infra/bisector.py b/infra/bisector.py
index dc4a470..1438d0d 100644
--- a/infra/bisector.py
+++ b/infra/bisector.py
@@ -189,6 +189,8 @@
bisect_repo_manager = repo_manager.RepoManager(
os.path.join(host_src_dir, os.path.basename(repo_path)))
+ bisect_repo_manager.fetch_all_remotes()
+
commit_list = bisect_repo_manager.get_commit_list(new_commit, old_commit)
old_idx = len(commit_list) - 1
diff --git a/infra/build/functions/build_and_run_coverage.py b/infra/build/functions/build_and_run_coverage.py
index 71d7338..cc2de5a 100644
--- a/infra/build/functions/build_and_run_coverage.py
+++ b/infra/build/functions/build_and_run_coverage.py
@@ -48,7 +48,7 @@
UPLOAD_URL_FORMAT = 'gs://' + COVERAGE_BUCKET_NAME + '/{project}/{type}/{date}'
# Languages from project.yaml that have code coverage support.
-LANGUAGES_WITH_COVERAGE_SUPPORT = ['c', 'c++', 'go']
+LANGUAGES_WITH_COVERAGE_SUPPORT = ['c', 'c++', 'go', 'rust']
def usage():
diff --git a/infra/build/functions/requirements.txt b/infra/build/functions/requirements.txt
index 8d07d82..a60a032 100644
--- a/infra/build/functions/requirements.txt
+++ b/infra/build/functions/requirements.txt
@@ -16,7 +16,7 @@
Brotli==1.0.9
hiredis==1.1.0
-PyYaml==5.2
+PyYaml==5.4
PyGithub==1.51
grpcio==1.29.0
google-auth==1.21.1
diff --git a/infra/build/functions/update_build_status.py b/infra/build/functions/update_build_status.py
index b5f9552..af65a41 100644
--- a/infra/build/functions/update_build_status.py
+++ b/infra/build/functions/update_build_status.py
@@ -195,7 +195,10 @@
last_coverage_build_successful):
"""Upload badges of given project."""
badge = 'building'
- if not last_coverage_build_successful:
+ # last_coverage_build_successful is False if there was an unsuccessful build
+ # and None if the target does not support coverage (e.g. Python or Java
+ # targets).
+ if last_coverage_build_successful is False:
badge = 'coverage_failing'
if not last_build_successful:
badge = 'failing'
@@ -289,12 +292,16 @@
futures = []
with ndb.Client().context():
for project in Project.query():
- if (project.name not in project_build_statuses or
- project.name not in coverage_build_statuses):
+ if project.name not in project_build_statuses:
continue
+ # Certain projects (e.g. JVM and Python) do not have any coverage
+ # builds, but should still receive a badge.
+ coverage_build_status = None
+ if project.name in coverage_build_statuses:
+ coverage_build_status = coverage_build_statuses[project.name]
futures.append(
executor.submit(update_build_badges, project.name,
project_build_statuses[project.name],
- coverage_build_statuses[project.name]))
+ coverage_build_status))
concurrent.futures.wait(futures)
diff --git a/infra/build_specified_commit.py b/infra/build_specified_commit.py
index 9f29e42..b2130ea 100644
--- a/infra/build_specified_commit.py
+++ b/infra/build_specified_commit.py
@@ -200,6 +200,7 @@
# Re-copy /src for a clean checkout every time.
copy_src_from_docker(build_data.project_name,
os.path.dirname(host_src_path))
+ build_repo_manager.fetch_all_remotes()
projects_dir = os.path.join('projects', build_data.project_name)
dockerfile_path = os.path.join(projects_dir, 'Dockerfile')
diff --git a/infra/build_specified_commit_test.py b/infra/build_specified_commit_test.py
index 916b318..a865045 100644
--- a/infra/build_specified_commit_test.py
+++ b/infra/build_specified_commit_test.py
@@ -95,6 +95,10 @@
def test_detect_main_repo_from_name(self):
"""Test the detect main repo function from build specific commit module."""
for example_repo in test_repos.TEST_REPOS:
+ if example_repo.project_name == 'gonids':
+ # It's unclear how this test ever passed, but we can't infer the repo
+ # because gonids doesn't really check it out, it uses "go get".
+ continue
repo_origin, repo_name = build_specified_commit.detect_main_repo(
example_repo.project_name, repo_name=example_repo.git_repo_name)
self.assertEqual(repo_origin, example_repo.git_url)
diff --git a/infra/ci/build.py b/infra/ci/build.py
index f71799b..addeb78 100755
--- a/infra/ci/build.py
+++ b/infra/ci/build.py
@@ -32,7 +32,7 @@
DEFAULT_SANITIZERS = ['address', 'undefined']
# Languages from project.yaml that have code coverage support.
-LANGUAGES_WITH_COVERAGE_SUPPORT = ['c', 'c++', 'go']
+LANGUAGES_WITH_COVERAGE_SUPPORT = ['c', 'c++', 'go', 'rust']
def get_changed_files_output():
diff --git a/infra/ci/requirements.txt b/infra/ci/requirements.txt
index 48d2ae7..f0a8be0 100644
--- a/infra/ci/requirements.txt
+++ b/infra/ci/requirements.txt
@@ -4,5 +4,5 @@
pylint==2.5.3
pytest==6.2.1
pytest-xdist==2.2.0
-PyYAML==5.3.1
+PyYAML==5.4
yapf==0.30.0
diff --git a/infra/cifuzz/actions/build_fuzzers/action.yml b/infra/cifuzz/actions/build_fuzzers/action.yml
index 2919db4..835b7b4 100644
--- a/infra/cifuzz/actions/build_fuzzers/action.yml
+++ b/infra/cifuzz/actions/build_fuzzers/action.yml
@@ -5,6 +5,10 @@
oss-fuzz-project-name:
description: 'Name of the corresponding OSS-Fuzz project.'
required: true
+ language:
+ description: 'Programming language project is written in.'
+ required: false
+ default: 'c++'
dry-run:
description: 'If set, run the action without actually reporting a failure.'
default: false
@@ -20,13 +24,20 @@
build-integration-path:
description: "The path to the the project's build integration."
required: false
+ bad-build-check:
+ description: "Whether or not OSS-Fuzz's check for bad builds should be done."
+ required: false
+ default: true
runs:
using: 'docker'
image: '../../../build_fuzzers.Dockerfile'
env:
OSS_FUZZ_PROJECT_NAME: ${{ inputs.oss-fuzz-project-name }}
+ LANGUAGE: ${{ inputs.language }}
DRY_RUN: ${{ inputs.dry-run}}
ALLOWED_BROKEN_TARGETS_PERCENTAGE: ${{ inputs.allowed-broken-targets-percentage}}
SANITIZER: ${{ inputs.sanitizer }}
PROJECT_SRC_PATH: ${{ inputs.project-src-path }}
BUILD_INTEGRATION_PATH: ${{ inputs.build-integration-path }}
+ LOW_DISK_SPACE: 'True'
+ BAD_BUILD_CHECK: ${{ inputs.bad-build-check }}
diff --git a/infra/cifuzz/actions/run_fuzzers/action.yml b/infra/cifuzz/actions/run_fuzzers/action.yml
index 582133c..d1c03c8 100644
--- a/infra/cifuzz/actions/run_fuzzers/action.yml
+++ b/infra/cifuzz/actions/run_fuzzers/action.yml
@@ -5,6 +5,10 @@
oss-fuzz-project-name:
description: 'The OSS-Fuzz project name.'
required: true
+ language:
+ description: 'Programming language project is written in.'
+ required: false
+ default: 'c++'
fuzz-seconds:
description: 'The total time allotted for fuzzing in seconds.'
required: true
@@ -31,6 +35,7 @@
image: '../../../run_fuzzers.Dockerfile'
env:
OSS_FUZZ_PROJECT_NAME: ${{ inputs.oss-fuzz-project-name }}
+ LANGUAGE: ${{ inputs.language }}
FUZZ_SECONDS: ${{ inputs.fuzz-seconds }}
DRY_RUN: ${{ inputs.dry-run}}
SANITIZER: ${{ inputs.sanitizer }}
@@ -39,3 +44,4 @@
# for running because we use it to distinguish OSS-Fuzz from non-OSS-Fuzz.
# We should do something explicit instead.
BUILD_INTEGRATION_PATH: ${{ inputs.build-integration-path }}
+ LOW_DISK_SPACE: 'True'
diff --git a/infra/cifuzz/affected_fuzz_targets_test.py b/infra/cifuzz/affected_fuzz_targets_test.py
index 72e6d26..05f27c0 100644
--- a/infra/cifuzz/affected_fuzz_targets_test.py
+++ b/infra/cifuzz/affected_fuzz_targets_test.py
@@ -30,15 +30,15 @@
EXAMPLE_FILE_CHANGED = 'test.txt'
-TEST_FILES_PATH = os.path.join(os.path.dirname(os.path.abspath(__file__)),
- 'test_files')
+TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.abspath(__file__)),
+ 'test_data')
class RemoveUnaffectedFuzzTargets(unittest.TestCase):
"""Tests remove_unaffected_fuzzers."""
- TEST_FUZZER_1 = os.path.join(TEST_FILES_PATH, 'out', 'example_crash_fuzzer')
- TEST_FUZZER_2 = os.path.join(TEST_FILES_PATH, 'out', 'example_nocrash_fuzzer')
+ TEST_FUZZER_1 = os.path.join(TEST_DATA_PATH, 'out', 'example_crash_fuzzer')
+ TEST_FUZZER_2 = os.path.join(TEST_DATA_PATH, 'out', 'example_nocrash_fuzzer')
# yapf: disable
@parameterized.parameterized.expand([
diff --git a/infra/cifuzz/build_fuzzers.py b/infra/cifuzz/build_fuzzers.py
index a4342a4..78180b5 100644
--- a/infra/cifuzz/build_fuzzers.py
+++ b/infra/cifuzz/build_fuzzers.py
@@ -20,6 +20,7 @@
import affected_fuzz_targets
import continuous_integration
+import docker
# pylint: disable=wrong-import-position,import-error
sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
@@ -77,7 +78,8 @@
def build_fuzzers(self):
"""Moves the source code we want to fuzz into the project builder and builds
the fuzzers from that source code. Returns True on success."""
- docker_args = get_common_docker_args(self.config.sanitizer)
+ docker_args = get_common_docker_args(self.config.sanitizer,
+ self.config.language)
container = utils.get_container_name()
if container:
@@ -93,7 +95,7 @@
self.handle_msan_prebuild(container)
docker_args.extend([
- 'gcr.io/oss-fuzz/' + self.config.project_name,
+ docker.get_project_image_name(self.config.project_name),
'/bin/bash',
'-c',
])
@@ -118,8 +120,7 @@
helper.docker_run([
'--volumes-from', container, '-e',
'WORK={work_dir}'.format(work_dir=self.work_dir),
- 'gcr.io/oss-fuzz-base/base-sanitizer-libs-builder', 'patch_build.py',
- '/out'
+ docker.MSAN_LIBS_BUILDER_TAG, 'patch_build.py', '/out'
])
def handle_msan_prebuild(self, container):
@@ -127,8 +128,8 @@
returns docker arguments to use that directory for MSAN libs."""
logging.info('Copying MSAN libs.')
helper.docker_run([
- '--volumes-from', container, 'gcr.io/oss-fuzz-base/msan-libs-builder',
- 'bash', '-c', 'cp -r /msan {work_dir}'.format(work_dir=self.work_dir)
+ '--volumes-from', container, docker.MSAN_LIBS_BUILDER_TAG, 'bash', '-c',
+ 'cp -r /msan {work_dir}'.format(work_dir=self.work_dir)
])
def build(self):
@@ -185,7 +186,7 @@
return builder.build()
-def get_common_docker_args(sanitizer):
+def get_common_docker_args(sanitizer, language):
"""Returns a list of common docker arguments."""
return [
'--cap-add',
@@ -199,12 +200,13 @@
'-e',
'CIFUZZ=True',
'-e',
- 'FUZZING_LANGUAGE=c++', # FIXME: Add proper support.
+ 'FUZZING_LANGUAGE=' + language,
]
def check_fuzzer_build(out_dir,
- sanitizer='address',
+ sanitizer,
+ language,
allowed_broken_targets_percentage=None):
"""Checks the integrity of the built fuzzers.
@@ -222,7 +224,7 @@
logging.error('No fuzzers found in out directory: %s.', out_dir)
return False
- command = get_common_docker_args(sanitizer)
+ command = get_common_docker_args(sanitizer, language)
if allowed_broken_targets_percentage is not None:
command += [
@@ -236,7 +238,7 @@
command += ['-e', 'OUT=' + out_dir, '--volumes-from', container]
else:
command += ['-v', '%s:/out' % out_dir]
- command.extend(['-t', 'gcr.io/oss-fuzz-base/base-runner', 'test_all.py'])
+ command.extend(['-t', docker.BASE_RUNNER_TAG, 'test_all.py'])
exit_code = helper.docker_run(command)
logging.info('check fuzzer build exit code: %d', exit_code)
if exit_code:
diff --git a/infra/cifuzz/build_fuzzers_entrypoint.py b/infra/cifuzz/build_fuzzers_entrypoint.py
index 9c4b982..04f5620 100644
--- a/infra/cifuzz/build_fuzzers_entrypoint.py
+++ b/infra/cifuzz/build_fuzzers_entrypoint.py
@@ -72,10 +72,16 @@
return returncode
out_dir = os.path.join(config.workspace, 'out')
+
+ if not config.bad_build_check:
+ # If we've gotten to this point and we don't need to do bad_build_check,
+ # then the build has succeeded.
+ returncode = 0
# yapf: disable
- if build_fuzzers.check_fuzzer_build(
+ elif build_fuzzers.check_fuzzer_build(
out_dir,
- sanitizer=config.sanitizer,
+ config.sanitizer,
+ config.language,
allowed_broken_targets_percentage=config.allowed_broken_targets_percentage
):
# yapf: enable
diff --git a/infra/cifuzz/build_fuzzers_test.py b/infra/cifuzz/build_fuzzers_test.py
index 2d27356..2987788 100644
--- a/infra/cifuzz/build_fuzzers_test.py
+++ b/infra/cifuzz/build_fuzzers_test.py
@@ -36,9 +36,9 @@
# https://github.com/google/oss-fuzz/tree/master/projects/example project.
EXAMPLE_PROJECT = 'example'
-# Location of files used for testing.
-TEST_FILES_PATH = os.path.join(os.path.dirname(os.path.abspath(__file__)),
- 'test_files')
+# Location of data used for testing.
+TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.abspath(__file__)),
+ 'test_data')
# An example fuzzer that triggers an crash.
# Binary is a copy of the example project's do_stuff_fuzzer and can be
@@ -251,10 +251,13 @@
class CheckFuzzerBuildTest(unittest.TestCase):
"""Tests the check_fuzzer_build function in the cifuzz module."""
+ SANITIZER = 'address'
+ LANGUAGE = 'c++'
+
def setUp(self):
self.tmp_dir_obj = tempfile.TemporaryDirectory()
self.test_files_path = os.path.join(self.tmp_dir_obj.name, 'test_files')
- shutil.copytree(TEST_FILES_PATH, self.test_files_path)
+ shutil.copytree(TEST_DATA_PATH, self.test_files_path)
def tearDown(self):
self.tmp_dir_obj.cleanup()
@@ -262,23 +265,31 @@
def test_correct_fuzzer_build(self):
"""Checks check_fuzzer_build function returns True for valid fuzzers."""
test_fuzzer_dir = os.path.join(self.test_files_path, 'out')
- self.assertTrue(build_fuzzers.check_fuzzer_build(test_fuzzer_dir))
+ self.assertTrue(
+ build_fuzzers.check_fuzzer_build(test_fuzzer_dir, self.SANITIZER,
+ self.LANGUAGE))
def test_not_a_valid_fuzz_path(self):
"""Tests that False is returned when a bad path is given."""
- self.assertFalse(build_fuzzers.check_fuzzer_build('not/a/valid/path'))
+ self.assertFalse(
+ build_fuzzers.check_fuzzer_build('not/a/valid/path', self.SANITIZER,
+ self.LANGUAGE))
def test_not_a_valid_fuzzer(self):
"""Checks a directory that exists but does not have fuzzers is False."""
- self.assertFalse(build_fuzzers.check_fuzzer_build(self.test_files_path))
+ self.assertFalse(
+ build_fuzzers.check_fuzzer_build(self.test_files_path, self.SANITIZER,
+ self.LANGUAGE))
@mock.patch('helper.docker_run')
def test_allow_broken_fuzz_targets_percentage(self, mocked_docker_run):
"""Tests that ALLOWED_BROKEN_TARGETS_PERCENTAGE is set when running
docker if passed to check_fuzzer_build."""
mocked_docker_run.return_value = 0
- test_fuzzer_dir = os.path.join(TEST_FILES_PATH, 'out')
+ test_fuzzer_dir = os.path.join(TEST_DATA_PATH, 'out')
build_fuzzers.check_fuzzer_build(test_fuzzer_dir,
+ self.SANITIZER,
+ self.LANGUAGE,
allowed_broken_targets_percentage='0')
self.assertIn('-e ALLOWED_BROKEN_TARGETS_PERCENTAGE=0',
' '.join(mocked_docker_run.call_args[0][0]))
diff --git a/infra/cifuzz/cifuzz-base/Dockerfile b/infra/cifuzz/cifuzz-base/Dockerfile
index 0aee3b2..e0599db 100644
--- a/infra/cifuzz/cifuzz-base/Dockerfile
+++ b/infra/cifuzz/cifuzz-base/Dockerfile
@@ -14,25 +14,19 @@
#
################################################################################
+# Don't bother with a slimmer base image.
+# When we pull base-builder to build project builder image we need to pull
+# ubuntu:16.04 anyway. So in the long run we probably would waste time if
+# we pulled something like alpine here instead.
FROM ubuntu:16.04
-RUN apt-get update && apt-get install -y git \
- apt-transport-https \
- ca-certificates \
- curl \
- gnupg2 \
- software-properties-common \
- python3
+RUN apt-get update && \
+ apt-get install ca-certificates wget python3 git-core --no-install-recommends -y && \
+ wget https://download.docker.com/linux/ubuntu/dists/xenial/pool/stable/amd64/docker-ce-cli_20.10.5~3-0~ubuntu-xenial_amd64.deb -O /tmp/docker-ce.deb && \
+ dpkg -i /tmp/docker-ce.deb && rm /tmp/docker-ce.deb && \
+ apt-get remove wget -y --purge
-RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - && apt-key fingerprint 0EBFCD88
-RUN add-apt-repository \
- "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
- xenial \
- stable"
-
-RUN apt-get update && apt-get install docker-ce docker-ce-cli containerd.io -y
-
ENV OSS_FUZZ_ROOT=/opt/oss-fuzz
ADD . ${OSS_FUZZ_ROOT}
RUN rm -rf ${OSS_FUZZ_ROOT}/infra
\ No newline at end of file
diff --git a/infra/cifuzz/config_utils.py b/infra/cifuzz/config_utils.py
index fd18714..ad2cd36 100644
--- a/infra/cifuzz/config_utils.py
+++ b/infra/cifuzz/config_utils.py
@@ -18,14 +18,16 @@
import os
import json
+import environment
+
def _get_project_repo_name():
- return os.path.basename(os.getenv('GITHUB_REPOSITORY', ''))
+ return os.path.basename(environment.get('GITHUB_REPOSITORY', ''))
def _get_pr_ref(event):
if event == 'pull_request':
- return os.getenv('GITHUB_REF')
+ return environment.get('GITHUB_REF')
return None
@@ -40,7 +42,7 @@
def _is_dry_run():
"""Returns True if configured to do a dry run."""
- return os.getenv('DRY_RUN', 'false').lower() == 'true'
+ return environment.get_bool('DRY_RUN', 'false')
def get_project_src_path(workspace):
@@ -62,6 +64,19 @@
return os.path.join(workspace, path)
+DEFAULT_LANGUAGE = 'c++'
+
+
+def _get_language():
+ """Returns the project language."""
+ # Get language from environment. We took this approach because the convenience
+ # given to OSS-Fuzz users by not making them specify the language again (and
+ # getting it from the project.yaml) is outweighed by the complexity in
+ # implementing this. A lot of the complexity comes from our unittests not
+ # setting a proper projet at this point.
+ return os.getenv('LANGUAGE', DEFAULT_LANGUAGE)
+
+
# pylint: disable=too-few-public-methods,too-many-instance-attributes
@@ -81,14 +96,22 @@
self.dry_run = _is_dry_run()
self.sanitizer = _get_sanitizer()
self.build_integration_path = os.getenv('BUILD_INTEGRATION_PATH')
+ self.language = _get_language()
event_path = os.getenv('GITHUB_EVENT_PATH')
self.is_github = bool(event_path)
logging.debug('Is github: %s.', self.is_github)
+ # TODO(metzman): Parse env like we do in ClusterFuzz.
+ self.low_disk_space = environment.get('LOW_DISK_SPACE', False)
+
+ @property
+ def is_internal(self):
+ """Returns True if this is an OSS-Fuzz project."""
+ return not self.build_integration_path
@property
def platform(self):
"""Returns the platform CIFuzz is runnning on."""
- if self.build_integration_path:
+ if not self.is_internal:
return self.Platform.EXTERNAL_GITHUB
if self.is_github:
return self.Platform.INTERNAL_GITHUB
@@ -149,6 +172,7 @@
self.allowed_broken_targets_percentage = os.getenv(
'ALLOWED_BROKEN_TARGETS_PERCENTAGE')
+ self.bad_build_check = environment.get_bool('BAD_BUILD_CHECK', 'true')
# TODO(metzman): Use better system for interpreting env vars. What if env
# var is set to '0'?
diff --git a/infra/cifuzz/config_utils_test.py b/infra/cifuzz/config_utils_test.py
index 71e7450..6f87bd4 100644
--- a/infra/cifuzz/config_utils_test.py
+++ b/infra/cifuzz/config_utils_test.py
@@ -13,19 +13,38 @@
# limitations under the License.
"""Module for getting the configuration CIFuzz needs to run."""
import os
-import sys
import unittest
import config_utils
-
-# pylint: disable=wrong-import-position,import-error
-sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
-
import test_helpers
# pylint: disable=no-self-use
+class BaseConfigTest(unittest.TestCase):
+ """Tests for BaseConfig."""
+
+ def setUp(self):
+ test_helpers.patch_environ(self)
+
+ def _create_config(self):
+ return config_utils.BuildFuzzersConfig()
+
+ def test_language_default(self):
+ """Tests that the correct default language is set."""
+ os.environ['BUILD_INTEGRATION_PATH'] = '/path'
+ config = self._create_config()
+ self.assertEqual(config.language, 'c++')
+
+ def test_language(self):
+ """Tests that the correct language is set."""
+ os.environ['BUILD_INTEGRATION_PATH'] = '/path'
+ language = 'python'
+ os.environ['LANGUAGE'] = language
+ config = self._create_config()
+ self.assertEqual(config.language, language)
+
+
class BuildFuzzersConfigTest(unittest.TestCase):
"""Tests for BuildFuzzersConfig."""
diff --git a/infra/cifuzz/coverage.py b/infra/cifuzz/coverage.py
index b5c6fbf..9a179c5 100644
--- a/infra/cifuzz/coverage.py
+++ b/infra/cifuzz/coverage.py
@@ -115,7 +115,7 @@
LATEST_REPORT_INFO_PATH,
project_name + '.json')
latest_cov_info = get_json_from_url(latest_report_info_url)
- if not latest_cov_info is None:
+ if latest_cov_info is None:
logging.error('Could not get the coverage report json from url: %s.',
latest_report_info_url)
return None
diff --git a/infra/cifuzz/coverage_test.py b/infra/cifuzz/coverage_test.py
index 57120f5..1b24d79 100644
--- a/infra/cifuzz/coverage_test.py
+++ b/infra/cifuzz/coverage_test.py
@@ -21,8 +21,8 @@
# pylint: disable=protected-access
-TEST_FILES_PATH = os.path.join(os.path.dirname(os.path.abspath(__file__)),
- 'test_files')
+TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.abspath(__file__)),
+ 'test_data')
PROJECT_NAME = 'curl'
REPO_PATH = '/src/curl'
@@ -31,7 +31,7 @@
FUZZ_TARGET_COV_JSON_FILENAME = 'example_curl_fuzzer_cov.json'
INVALID_TARGET = 'not-a-fuzz-target'
-with open(os.path.join(TEST_FILES_PATH,
+with open(os.path.join(TEST_DATA_PATH,
PROJECT_COV_JSON_FILENAME),) as cov_file_handle:
PROJECT_COV_INFO = json.loads(cov_file_handle.read())
@@ -39,19 +39,28 @@
class GetFuzzerStatsDirUrlTest(unittest.TestCase):
"""Tests _get_fuzzer_stats_dir_url."""
- @mock.patch('coverage.get_json_from_url', return_value={})
+ @mock.patch('coverage.get_json_from_url',
+ return_value={
+ 'fuzzer_stats_dir':
+ 'gs://oss-fuzz-coverage/systemd/fuzzer_stats/20210303'
+ })
def test_get_valid_project(self, mocked_get_json_from_url):
"""Tests that a project's coverage report can be downloaded and parsed.
NOTE: This test relies on the PROJECT_NAME repo's coverage report.
The "example" project was not used because it has no coverage reports.
"""
- coverage._get_fuzzer_stats_dir_url(PROJECT_NAME)
+ result = coverage._get_fuzzer_stats_dir_url(PROJECT_NAME)
(url,), _ = mocked_get_json_from_url.call_args
self.assertEqual(
'https://storage.googleapis.com/oss-fuzz-coverage/'
'latest_report_info/curl.json', url)
+ expected_result = (
+ 'https://storage.googleapis.com/oss-fuzz-coverage/systemd/fuzzer_stats/'
+ '20210303')
+ self.assertEqual(result, expected_result)
+
def test_get_invalid_project(self):
"""Tests that passing a bad project returns None."""
self.assertIsNone(coverage._get_fuzzer_stats_dir_url('not-a-proj'))
@@ -98,7 +107,7 @@
def test_valid_target(self):
"""Tests that covered files can be retrieved from a coverage report."""
- with open(os.path.join(TEST_FILES_PATH,
+ with open(os.path.join(TEST_DATA_PATH,
FUZZ_TARGET_COV_JSON_FILENAME),) as file_handle:
fuzzer_cov_info = json.loads(file_handle.read())
@@ -106,7 +115,7 @@
return_value=fuzzer_cov_info):
file_list = self.coverage_getter.get_files_covered_by_target(FUZZ_TARGET)
- curl_files_list_path = os.path.join(TEST_FILES_PATH,
+ curl_files_list_path = os.path.join(TEST_DATA_PATH,
'example_curl_file_list.json')
with open(curl_files_list_path) as file_handle:
expected_file_list = json.loads(file_handle.read())
@@ -152,5 +161,34 @@
self.assertFalse(coverage.is_file_covered(file_coverage))
+class GetLatestCovReportInfo(unittest.TestCase):
+ """Tests that _get_latest_cov_report_info works as intended."""
+
+ PROJECT = 'project'
+ LATEST_REPORT_INFO_URL = ('https://storage.googleapis.com/oss-fuzz-coverage/'
+ 'latest_report_info/project.json')
+
+ @mock.patch('logging.error')
+ @mock.patch('coverage.get_json_from_url', return_value={'coverage': 1})
+ def test_get_latest_cov_report_info(self, mocked_get_json_from_url,
+ mocked_error):
+ """Tests that _get_latest_cov_report_info works as intended."""
+ result = coverage._get_latest_cov_report_info(self.PROJECT)
+ self.assertEqual(result, {'coverage': 1})
+ mocked_error.assert_not_called()
+ mocked_get_json_from_url.assert_called_with(self.LATEST_REPORT_INFO_URL)
+
+ @mock.patch('logging.error')
+ @mock.patch('coverage.get_json_from_url', return_value=None)
+ def test_get_latest_cov_report_info_fail(self, _, mocked_error):
+ """Tests that _get_latest_cov_report_info works as intended when we can't
+ get latest report info."""
+ result = coverage._get_latest_cov_report_info('project')
+ self.assertIsNone(result)
+ mocked_error.assert_called_with(
+ 'Could not get the coverage report json from url: %s.',
+ self.LATEST_REPORT_INFO_URL)
+
+
if __name__ == '__main__':
unittest.main()
diff --git a/infra/cifuzz/docker.py b/infra/cifuzz/docker.py
new file mode 100644
index 0000000..eb993e2
--- /dev/null
+++ b/infra/cifuzz/docker.py
@@ -0,0 +1,38 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Module for dealing with docker."""
+import os
+import sys
+
+# pylint: disable=wrong-import-position,import-error
+sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
+
+import utils
+
+BASE_BUILDER_TAG = 'gcr.io/oss-fuzz-base/base-builder'
+BASE_RUNNER_TAG = 'gcr.io/oss-fuzz-base/base-runner'
+MSAN_LIBS_BUILDER_TAG = 'gcr.io/oss-fuzz-base/msan-libs-builder'
+PROJECT_TAG_PREFIX = 'gcr.io/oss-fuzz/'
+
+
+def get_project_image_name(project):
+ """Returns the name of the project builder image for |project_name|."""
+ return PROJECT_TAG_PREFIX + project
+
+
+def delete_images(images):
+ """Deletes |images|."""
+ command = ['docker', 'rmi', '-f'] + images
+ utils.execute(command)
+ utils.execute(['docker', 'builder', 'prune', '-f'])
diff --git a/infra/cifuzz/environment.py b/infra/cifuzz/environment.py
new file mode 100644
index 0000000..4cc0f84
--- /dev/null
+++ b/infra/cifuzz/environment.py
@@ -0,0 +1,54 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Module for dealing with env vars."""
+
+import ast
+import os
+
+
+def _eval_value(value_string):
+ """Returns evaluated value."""
+ try:
+ return ast.literal_eval(value_string)
+ except: # pylint: disable=bare-except
+ # String fallback.
+ return value_string
+
+
+def get(env_var, default_value=None):
+ """Returns an environment variable value."""
+ value_string = os.getenv(env_var)
+ if value_string is None:
+ return default_value
+
+ return _eval_value(value_string)
+
+
+def get_bool(env_var, default_value=None):
+ """Returns a boolean environment variable value. This is needed because a lot
+ of CIFuzz users specified 'false' for dry-run. So we need to special case
+ this."""
+ value = get(env_var, default_value)
+ if not isinstance(value, str):
+ return bool(value)
+
+ lower_value = value.lower()
+ allowed_values = {'true', 'false'}
+ if lower_value not in allowed_values:
+ raise Exception(('Bool env var {env_var} value {value} is invalid. '
+ 'Must be one of {allowed_values}').format(
+ env_var=env_var,
+ value=value,
+ allowed_values=allowed_values))
+ return lower_value == 'true'
diff --git a/infra/cifuzz/fuzz_target.py b/infra/cifuzz/fuzz_target.py
index 7bccfa4..c623bf6 100644
--- a/infra/cifuzz/fuzz_target.py
+++ b/infra/cifuzz/fuzz_target.py
@@ -16,10 +16,13 @@
import logging
import os
import re
+import shutil
import stat
import subprocess
import sys
+import docker
+
# pylint: disable=wrong-import-position,import-error
sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
import utils
@@ -28,6 +31,8 @@
format='%(asctime)s - %(name)s - %(levelname)s - %(message)s',
level=logging.DEBUG)
+# Use a fixed seed for determinism. Use len_control=0 since we don't have enough
+# time fuzzing for len_control to make sense (probably).
LIBFUZZER_OPTIONS = '-seed=1337 -len_control=0'
# The number of reproduce attempts for a crash.
@@ -78,6 +83,7 @@
self.out_dir = out_dir
self.clusterfuzz_deployment = clusterfuzz_deployment
self.config = config
+ self.latest_corpus_path = None
def fuzz(self):
"""Starts the fuzz target run for the length of time specified by duration.
@@ -98,8 +104,7 @@
command += [
'-e', 'FUZZING_ENGINE=libfuzzer', '-e',
'SANITIZER=' + self.config.sanitizer, '-e', 'CIFUZZ=True', '-e',
- 'RUN_FUZZER_MODE=interactive', 'gcr.io/oss-fuzz-base/base-runner',
- 'bash', '-c'
+ 'RUN_FUZZER_MODE=interactive', docker.BASE_RUNNER_TAG, 'bash', '-c'
]
run_fuzzer_command = 'run_fuzzer {fuzz_target} {options}'.format(
@@ -107,10 +112,10 @@
options=LIBFUZZER_OPTIONS + ' -max_total_time=' + str(self.duration))
# If corpus can be downloaded use it for fuzzing.
- latest_corpus_path = self.clusterfuzz_deployment.download_corpus(
+ self.latest_corpus_path = self.clusterfuzz_deployment.download_corpus(
self.target_name, self.out_dir)
- if latest_corpus_path:
- run_fuzzer_command = run_fuzzer_command + ' ' + latest_corpus_path
+ if self.latest_corpus_path:
+ run_fuzzer_command = run_fuzzer_command + ' ' + self.latest_corpus_path
command.append(run_fuzzer_command)
logging.info('Running command: %s', ' '.join(command))
@@ -136,10 +141,37 @@
if not testcase:
logging.error(b'No testcase found in stacktrace: %s.', stderr)
return FuzzResult(None, None)
+
+ utils.binary_print(b'Fuzzer: %s. Detected bug:\n%s' %
+ (self.target_name.encode(), stderr))
if self.is_crash_reportable(testcase):
+ # We found a bug in the fuzz target and we will report it.
return FuzzResult(testcase, stderr)
+
+ # We found a bug but we won't report it.
return FuzzResult(None, None)
+ def free_disk_if_needed(self):
+ """Deletes things that are no longer needed from fuzzing this fuzz target to
+ save disk space if needed."""
+ if not self.config.low_disk_space:
+ return
+ logging.info(
+ 'Deleting corpus, seed corpus and fuzz target of %s to save disk.',
+ self.target_name)
+
+ # Delete the seed corpus, corpus, and fuzz target.
+ if self.latest_corpus_path and os.path.exists(self.latest_corpus_path):
+ # Use ignore_errors=True to fix
+ # https://github.com/google/oss-fuzz/issues/5383.
+ shutil.rmtree(self.latest_corpus_path, ignore_errors=True)
+
+ os.remove(self.target_path)
+ target_seed_corpus_path = self.target_path + '_seed_corpus.zip'
+ if os.path.exists(target_seed_corpus_path):
+ os.remove(target_seed_corpus_path)
+ logging.info('Done deleting.')
+
def is_reproducible(self, testcase, target_path):
"""Checks if the testcase reproduces.
@@ -176,8 +208,7 @@
]
command += [
- '-t', 'gcr.io/oss-fuzz-base/base-runner', 'reproduce', self.target_name,
- '-runs=100'
+ '-t', docker.BASE_RUNNER_TAG, 'reproduce', self.target_name, '-runs=100'
]
logging.info('Running reproduce command: %s.', ' '.join(command))
@@ -246,7 +277,6 @@
logging.info('The crash is reproducible. The crash doesn\'t reproduce '
'on old builds. This code change probably introduced the '
'crash.')
-
return True
logging.info('The crash is reproducible on old builds '
diff --git a/infra/cifuzz/fuzz_target_test.py b/infra/cifuzz/fuzz_target_test.py
index 8a506fa..8bec234 100644
--- a/infra/cifuzz/fuzz_target_test.py
+++ b/infra/cifuzz/fuzz_target_test.py
@@ -148,8 +148,7 @@
def test_valid_error_string(self):
"""Tests that get_testcase returns the correct testcase give an error."""
testcase_path = os.path.join(os.path.dirname(os.path.abspath(__file__)),
- 'test_files',
- 'example_crash_fuzzer_output.txt')
+ 'test_data', 'example_crash_fuzzer_output.txt')
with open(testcase_path, 'rb') as test_fuzz_output:
parsed_testcase = self.test_target.get_testcase(test_fuzz_output.read())
self.assertEqual(
diff --git a/infra/cifuzz/run_fuzzers.py b/infra/cifuzz/run_fuzzers.py
index 2a2a89e..513cfb6 100644
--- a/infra/cifuzz/run_fuzzers.py
+++ b/infra/cifuzz/run_fuzzers.py
@@ -91,7 +91,9 @@
"""Fuzzes with |fuzz_target_obj| and returns the result."""
# TODO(metzman): Make children implement this so that the batch runner can
# do things differently.
- return fuzz_target_obj.fuzz()
+ result = fuzz_target_obj.fuzz()
+ fuzz_target_obj.free_disk_if_needed()
+ return result
@property
def quit_on_bug_found(self):
@@ -100,9 +102,12 @@
raise NotImplementedError('Child class must implement method')
def get_fuzz_target_artifact(self, target, artifact_name):
- """Returns the path of a fuzzing |artifact| named |artifact_name| for
- |target|."""
- artifact_name = target.target_name + '-' + artifact_name
+ """Returns the path of a fuzzing artifact named |artifact_name| for
+ |fuzz_target|."""
+ artifact_name = '{target_name}-{sanitizer}-{artifact_name}'.format(
+ target_name=target.target_name,
+ sanitizer=self.config.sanitizer,
+ artifact_name=artifact_name)
return os.path.join(self.artifacts_dir, artifact_name)
def create_fuzz_target_obj(self, target_path, run_seconds):
@@ -140,12 +145,9 @@
target.target_name)
continue
- # We found a bug in the fuzz target.
- utils.binary_print(b'Fuzzer: %s. Detected bug:\n%s' %
- (target.target_name.encode(), result.stacktrace))
-
# TODO(metzman): Do this with filestore.
- testcase_artifact_path = self.get_fuzz_target_artifact(target, 'testcase')
+ testcase_artifact_path = self.get_fuzz_target_artifact(
+ target, os.path.basename(result.testcase))
shutil.move(result.testcase, testcase_artifact_path)
bug_summary_artifact_path = self.get_fuzz_target_artifact(
target, 'bug-summary.txt')
diff --git a/infra/cifuzz/run_fuzzers_entrypoint.py b/infra/cifuzz/run_fuzzers_entrypoint.py
index f810e38..46e208d 100644
--- a/infra/cifuzz/run_fuzzers_entrypoint.py
+++ b/infra/cifuzz/run_fuzzers_entrypoint.py
@@ -11,11 +11,12 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-"""Runs specific OSS-Fuzz project's fuzzers for CI tools."""
+"""Runs a specific OSS-Fuzz project's fuzzers for CI tools."""
import logging
import sys
import config_utils
+import docker
import run_fuzzers
# pylint: disable=c-extension-no-member
@@ -26,6 +27,21 @@
level=logging.DEBUG)
+def delete_unneeded_docker_images(config):
+ """Deletes unneeded docker images if running in an environment with low
+ disk space."""
+ if not config.low_disk_space:
+ return
+ logging.info('Deleting builder docker images to save disk space.')
+ project_image = docker.get_project_image_name(config.project_name)
+ images = [
+ project_image,
+ docker.BASE_RUNNER_TAG,
+ docker.MSAN_LIBS_BUILDER_TAG,
+ ]
+ docker.delete_images(images)
+
+
def main():
"""Runs OSS-Fuzz project's fuzzers for CI tools.
This is the entrypoint for the run_fuzzers github action.
@@ -62,6 +78,7 @@
logging.error('This script needs to be run within Github actions.')
return returncode
+ delete_unneeded_docker_images(config)
# Run the specified project's fuzzers from the build.
result = run_fuzzers.run_fuzzers(config)
if result == run_fuzzers.RunFuzzersResult.ERROR:
diff --git a/infra/cifuzz/run_fuzzers_test.py b/infra/cifuzz/run_fuzzers_test.py
index 847ddf3..b265990 100644
--- a/infra/cifuzz/run_fuzzers_test.py
+++ b/infra/cifuzz/run_fuzzers_test.py
@@ -37,13 +37,13 @@
EXAMPLE_PROJECT = 'example'
# Location of files used for testing.
-TEST_FILES_PATH = os.path.join(os.path.dirname(os.path.abspath(__file__)),
- 'test_files')
+TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.abspath(__file__)),
+ 'test_data')
-MEMORY_FUZZER_DIR = os.path.join(TEST_FILES_PATH, 'memory')
+MEMORY_FUZZER_DIR = os.path.join(TEST_DATA_PATH, 'memory')
MEMORY_FUZZER = 'curl_fuzzer_memory'
-UNDEFINED_FUZZER_DIR = os.path.join(TEST_FILES_PATH, 'undefined')
+UNDEFINED_FUZZER_DIR = os.path.join(TEST_DATA_PATH, 'undefined')
UNDEFINED_FUZZER = 'curl_fuzzer_undefined'
FUZZ_SECONDS = 10
@@ -227,7 +227,8 @@
target.target_name = target_name
fuzz_target_artifact = runner.get_fuzz_target_artifact(
target, artifact_name)
- expected_fuzz_target_artifact = 'artifacts-dir/target_name-artifact-name'
+ expected_fuzz_target_artifact = (
+ 'artifacts-dir/target_name-address-artifact-name')
self.assertEqual(fuzz_target_artifact, expected_fuzz_target_artifact)
@@ -263,7 +264,7 @@
magic_mock.target_name = 'target1'
mocked_create_fuzz_target_obj.return_value = magic_mock
self.assertTrue(runner.run_fuzz_targets())
- self.assertIn('target1-testcase', os.listdir(runner.artifacts_dir))
+ self.assertIn('target1-address-testcase', os.listdir(runner.artifacts_dir))
self.assertEqual(mocked_run_fuzz_target.call_count, 1)
@@ -279,7 +280,7 @@
def test_run_fuzz_targets_quits(self, mocked_create_fuzz_target_obj,
mocked_run_fuzz_target,
mocked_get_fuzz_targets):
- """Tests that run_fuzz_targets quits on the first crash it finds."""
+ """Tests that run_fuzz_targets doesn't quit on the first crash it finds."""
workspace = 'workspace'
out_path = os.path.join(workspace, 'out')
self.fs.create_dir(out_path)
@@ -290,8 +291,8 @@
mocked_get_fuzz_targets.return_value = ['target1', 'target2']
runner.initialize()
- testcase1 = os.path.join(workspace, 'testcase1')
- testcase2 = os.path.join(workspace, 'testcase2')
+ testcase1 = os.path.join(workspace, 'testcase-aaa')
+ testcase2 = os.path.join(workspace, 'testcase-bbb')
self.fs.create_file(testcase1)
self.fs.create_file(testcase2)
stacktrace = b'stacktrace'
@@ -312,7 +313,8 @@
magic_mock.target_name = 'target1'
mocked_create_fuzz_target_obj.return_value = magic_mock
self.assertTrue(runner.run_fuzz_targets())
- self.assertIn('target1-testcase', os.listdir(runner.artifacts_dir))
+ self.assertIn('target1-address-testcase-aaa',
+ os.listdir(runner.artifacts_dir))
self.assertEqual(mocked_run_fuzz_target.call_count, 2)
@@ -333,7 +335,7 @@
side_effect=[True, False]):
with tempfile.TemporaryDirectory() as tmp_dir:
workspace = os.path.join(tmp_dir, 'workspace')
- shutil.copytree(TEST_FILES_PATH, workspace)
+ shutil.copytree(TEST_DATA_PATH, workspace)
config = _create_config(fuzz_seconds=FUZZ_SECONDS,
workspace=workspace,
project_name=EXAMPLE_PROJECT)
@@ -349,17 +351,17 @@
def test_old_bug_found(self, _):
"""Tests run_fuzzers with a bug found in OSS-Fuzz before."""
config = _create_config(fuzz_seconds=FUZZ_SECONDS,
- workspace=TEST_FILES_PATH,
+ workspace=TEST_DATA_PATH,
project_name=EXAMPLE_PROJECT)
with tempfile.TemporaryDirectory() as tmp_dir:
workspace = os.path.join(tmp_dir, 'workspace')
- shutil.copytree(TEST_FILES_PATH, workspace)
+ shutil.copytree(TEST_DATA_PATH, workspace)
config = _create_config(fuzz_seconds=FUZZ_SECONDS,
- workspace=TEST_FILES_PATH,
+ workspace=TEST_DATA_PATH,
project_name=EXAMPLE_PROJECT)
result = run_fuzzers.run_fuzzers(config)
self.assertEqual(result, run_fuzzers.RunFuzzersResult.NO_BUG_FOUND)
- build_dir = os.path.join(TEST_FILES_PATH, 'out', self.BUILD_DIR_NAME)
+ build_dir = os.path.join(TEST_DATA_PATH, 'out', self.BUILD_DIR_NAME)
self.assertTrue(os.path.exists(build_dir))
self.assertNotEqual(0, len(os.listdir(build_dir)))
diff --git a/infra/cifuzz/stack_parser.py b/infra/cifuzz/stack_parser.py
index 0077caa..69c44bc 100644
--- a/infra/cifuzz/stack_parser.py
+++ b/infra/cifuzz/stack_parser.py
@@ -13,6 +13,8 @@
# limitations under the License.
"""Module for parsing stacks from fuzz targets."""
+import logging
+
# From clusterfuzz: src/python/crash_analysis/crash_analyzer.py
# Used to get the beginning of the stacktrace.
STACKTRACE_TOOL_MARKERS = [
@@ -51,25 +53,33 @@
parsed_output_file_path: The location to store the parsed output.
"""
# Get index of key file points.
+ begin_stack = None
for marker in STACKTRACE_TOOL_MARKERS:
marker_index = fuzzer_output.find(marker)
- if marker_index:
+ if marker_index != -1:
begin_stack = marker_index
break
- end_stack = -1
+ if begin_stack is None:
+ logging.error(
+ b'Could not find a begin stack marker (%s) in fuzzer output:\n%s',
+ STACKTRACE_TOOL_MARKERS, fuzzer_output)
+ return
+
+ end_stack = None
for marker in STACKTRACE_END_MARKERS:
marker_index = fuzzer_output.find(marker)
- if marker_index:
+ if marker_index != -1:
end_stack = marker_index + len(marker)
break
- if begin_stack is None or end_stack is None:
+ if end_stack is None:
+ logging.error(
+ b'Could not find an end stack marker (%s) in fuzzer output:\n%s',
+ STACKTRACE_END_MARKERS, fuzzer_output)
return
summary_str = fuzzer_output[begin_stack:end_stack]
- if not summary_str:
- return
# Write sections of fuzzer output to specific files.
with open(parsed_output_file_path, 'ab') as summary_handle:
diff --git a/infra/cifuzz/stack_parser_test.py b/infra/cifuzz/stack_parser_test.py
index 9b05710..faf601f 100644
--- a/infra/cifuzz/stack_parser_test.py
+++ b/infra/cifuzz/stack_parser_test.py
@@ -14,7 +14,9 @@
"""Tests for stack_parser."""
import os
import unittest
+from unittest import mock
+import parameterized
from pyfakefs import fake_filesystem_unittest
import stack_parser
@@ -23,9 +25,9 @@
# https://github.com/google/oss-fuzz/tree/master/projects/example project.
EXAMPLE_PROJECT = 'example'
-# Location of files used for testing.
-TEST_FILES_PATH = os.path.join(os.path.dirname(os.path.abspath(__file__)),
- 'test_files')
+# Location of data used for testing.
+TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.abspath(__file__)),
+ 'test_data')
class ParseOutputTest(fake_filesystem_unittest.TestCase):
@@ -33,33 +35,42 @@
def setUp(self):
self.setUpPyfakefs()
+ self.maxDiff = None # pylint: disable=invalid-name
- def test_parse_valid_output(self):
+ @parameterized.parameterized.expand([('example_crash_fuzzer_output.txt',
+ 'example_crash_fuzzer_bug_summary.txt'),
+ ('msan_crash_fuzzer_output.txt',
+ 'msan_crash_fuzzer_bug_summary.txt')])
+ def test_parse_valid_output(self, fuzzer_output_file, bug_summary_file):
"""Checks that the parse fuzzer output can correctly parse output."""
# Read the fuzzer output from disk.
- fuzzer_output_path = os.path.join(TEST_FILES_PATH,
- 'example_crash_fuzzer_output.txt')
+ fuzzer_output_path = os.path.join(TEST_DATA_PATH, fuzzer_output_file)
self.fs.add_real_file(fuzzer_output_path)
with open(fuzzer_output_path, 'rb') as fuzzer_output_handle:
fuzzer_output = fuzzer_output_handle.read()
bug_summary_path = '/bug-summary.txt'
- stack_parser.parse_fuzzer_output(fuzzer_output, bug_summary_path)
+ with mock.patch('logging.info') as mocked_info:
+ stack_parser.parse_fuzzer_output(fuzzer_output, bug_summary_path)
+ mocked_info.assert_not_called()
+
with open(bug_summary_path) as bug_summary_handle:
bug_summary = bug_summary_handle.read()
# Compare the bug to the expected one.
- expected_bug_summary_path = os.path.join(TEST_FILES_PATH,
- 'bug_summary_example.txt')
+ expected_bug_summary_path = os.path.join(TEST_DATA_PATH, bug_summary_file)
self.fs.add_real_file(expected_bug_summary_path)
with open(expected_bug_summary_path) as expected_bug_summary_handle:
expected_bug_summary = expected_bug_summary_handle.read()
+
self.assertEqual(expected_bug_summary, bug_summary)
def test_parse_invalid_output(self):
"""Checks that no files are created when an invalid input was given."""
artifact_path = '/bug-summary.txt'
- stack_parser.parse_fuzzer_output(b'not a valid output_string',
- artifact_path)
+ with mock.patch('logging.error') as mocked_error:
+ stack_parser.parse_fuzzer_output(b'not a valid output_string',
+ artifact_path)
+ assert mocked_error.call_count
self.assertFalse(os.path.exists(artifact_path))
diff --git a/infra/cifuzz/test_files/bug_summary_example.txt b/infra/cifuzz/test_data/example_crash_fuzzer_bug_summary.txt
similarity index 100%
rename from infra/cifuzz/test_files/bug_summary_example.txt
rename to infra/cifuzz/test_data/example_crash_fuzzer_bug_summary.txt
diff --git a/infra/cifuzz/test_files/example_crash_fuzzer_output.txt b/infra/cifuzz/test_data/example_crash_fuzzer_output.txt
similarity index 100%
rename from infra/cifuzz/test_files/example_crash_fuzzer_output.txt
rename to infra/cifuzz/test_data/example_crash_fuzzer_output.txt
diff --git a/infra/cifuzz/test_files/example_curl_cov.json b/infra/cifuzz/test_data/example_curl_cov.json
similarity index 100%
rename from infra/cifuzz/test_files/example_curl_cov.json
rename to infra/cifuzz/test_data/example_curl_cov.json
diff --git a/infra/cifuzz/test_files/example_curl_file_list.json b/infra/cifuzz/test_data/example_curl_file_list.json
similarity index 100%
rename from infra/cifuzz/test_files/example_curl_file_list.json
rename to infra/cifuzz/test_data/example_curl_file_list.json
diff --git a/infra/cifuzz/test_files/example_curl_fuzzer_cov.json b/infra/cifuzz/test_data/example_curl_fuzzer_cov.json
similarity index 100%
rename from infra/cifuzz/test_files/example_curl_fuzzer_cov.json
rename to infra/cifuzz/test_data/example_curl_fuzzer_cov.json
diff --git a/infra/cifuzz/test_files/external-project/Makefile b/infra/cifuzz/test_data/external-project/Makefile
similarity index 100%
rename from infra/cifuzz/test_files/external-project/Makefile
rename to infra/cifuzz/test_data/external-project/Makefile
diff --git a/infra/cifuzz/test_files/external-project/do_stuff_fuzzer.cpp b/infra/cifuzz/test_data/external-project/do_stuff_fuzzer.cpp
similarity index 100%
rename from infra/cifuzz/test_files/external-project/do_stuff_fuzzer.cpp
rename to infra/cifuzz/test_data/external-project/do_stuff_fuzzer.cpp
diff --git a/infra/cifuzz/test_files/external-project/do_stuff_fuzzer.dict b/infra/cifuzz/test_data/external-project/do_stuff_fuzzer.dict
similarity index 100%
rename from infra/cifuzz/test_files/external-project/do_stuff_fuzzer.dict
rename to infra/cifuzz/test_data/external-project/do_stuff_fuzzer.dict
diff --git a/infra/cifuzz/test_files/external-project/my_api.cpp b/infra/cifuzz/test_data/external-project/my_api.cpp
similarity index 100%
rename from infra/cifuzz/test_files/external-project/my_api.cpp
rename to infra/cifuzz/test_data/external-project/my_api.cpp
diff --git a/infra/cifuzz/test_files/external-project/my_api.h b/infra/cifuzz/test_data/external-project/my_api.h
similarity index 100%
rename from infra/cifuzz/test_files/external-project/my_api.h
rename to infra/cifuzz/test_data/external-project/my_api.h
diff --git a/infra/cifuzz/test_files/external-project/oss-fuzz/Dockerfile b/infra/cifuzz/test_data/external-project/oss-fuzz/Dockerfile
similarity index 100%
rename from infra/cifuzz/test_files/external-project/oss-fuzz/Dockerfile
rename to infra/cifuzz/test_data/external-project/oss-fuzz/Dockerfile
diff --git a/infra/cifuzz/test_files/external-project/oss-fuzz/build.sh b/infra/cifuzz/test_data/external-project/oss-fuzz/build.sh
similarity index 100%
rename from infra/cifuzz/test_files/external-project/oss-fuzz/build.sh
rename to infra/cifuzz/test_data/external-project/oss-fuzz/build.sh
diff --git a/infra/cifuzz/test_files/external-project/standalone_fuzz_target_runner.cpp b/infra/cifuzz/test_data/external-project/standalone_fuzz_target_runner.cpp
similarity index 100%
rename from infra/cifuzz/test_files/external-project/standalone_fuzz_target_runner.cpp
rename to infra/cifuzz/test_data/external-project/standalone_fuzz_target_runner.cpp
diff --git a/infra/cifuzz/test_files/memory/out/curl_fuzzer_memory b/infra/cifuzz/test_data/memory/out/curl_fuzzer_memory
similarity index 100%
rename from infra/cifuzz/test_files/memory/out/curl_fuzzer_memory
rename to infra/cifuzz/test_data/memory/out/curl_fuzzer_memory
Binary files differ
diff --git a/infra/cifuzz/test_data/msan_crash_fuzzer_bug_summary.txt b/infra/cifuzz/test_data/msan_crash_fuzzer_bug_summary.txt
new file mode 100644
index 0000000..b55e9c6
--- /dev/null
+++ b/infra/cifuzz/test_data/msan_crash_fuzzer_bug_summary.txt
@@ -0,0 +1,22 @@
+MemorySanitizer: use-of-uninitialized-value
+#0 0x52675f in LLVMFuzzerTestOneInput /src/cifuzz-example/do_stuff_fuzzer.cpp:13:7
+#1 0x45a431 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
+#2 0x45ba46 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:792:3
+#3 0x45bed9 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:845:3
+#4 0x44a4bc in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:906:6
+#5 0x474432 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
+#6 0x7eff5562683f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)
+#7 0x41eab8 in _start (out/do_stuff_fuzzer+0x41eab8)
+
+DEDUP_TOKEN: LLVMFuzzerTestOneInput--fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)--fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&)
+Uninitialized value was created by a heap allocation
+#0 0x4d57ad in malloc /src/llvm-project/compiler-rt/lib/msan/msan_interceptors.cpp:901:3
+#1 0x437c07 in operator new(unsigned long) (out/do_stuff_fuzzer+0x437c07)
+#2 0x45ba46 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:792:3
+#3 0x45bed9 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:845:3
+#4 0x44a4bc in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:906:6
+#5 0x474432 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
+#6 0x7eff5562683f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)
+DEDUP_TOKEN: malloc--operator new(unsigned long)--fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&)
+
+SUMMARY:
\ No newline at end of file
diff --git a/infra/cifuzz/test_data/msan_crash_fuzzer_output.txt b/infra/cifuzz/test_data/msan_crash_fuzzer_output.txt
new file mode 100644
index 0000000..c803bfb
--- /dev/null
+++ b/infra/cifuzz/test_data/msan_crash_fuzzer_output.txt
@@ -0,0 +1,39 @@
+Dictionary: 3 entries
+INFO: Running with entropic power schedule (0xFF, 100).
+INFO: Seed: 1337
+INFO: Loaded 1 modules (184 inline 8-bit counters): 184 [0x829300, 0x8293b8),
+INFO: Loaded 1 PC tables (184 PCs): 184 [0x5dc910,0x5dd490),
+INFO: 5 files found in /tmp/do_stuff_fuzzer_corpus
+INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
+==13==WARNING: MemorySanitizer: use-of-uninitialized-value
+#0 0x52675f in LLVMFuzzerTestOneInput /src/cifuzz-example/do_stuff_fuzzer.cpp:13:7
+#1 0x45a431 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
+#2 0x45ba46 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:792:3
+#3 0x45bed9 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:845:3
+#4 0x44a4bc in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:906:6
+#5 0x474432 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
+#6 0x7eff5562683f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)
+#7 0x41eab8 in _start (out/do_stuff_fuzzer+0x41eab8)
+
+DEDUP_TOKEN: LLVMFuzzerTestOneInput--fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)--fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&)
+Uninitialized value was created by a heap allocation
+#0 0x4d57ad in malloc /src/llvm-project/compiler-rt/lib/msan/msan_interceptors.cpp:901:3
+#1 0x437c07 in operator new(unsigned long) (out/do_stuff_fuzzer+0x437c07)
+#2 0x45ba46 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:792:3
+#3 0x45bed9 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:845:3
+#4 0x44a4bc in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:906:6
+#5 0x474432 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
+#6 0x7eff5562683f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)
+DEDUP_TOKEN: malloc--operator new(unsigned long)--fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&)
+
+SUMMARY: MemorySanitizer: use-of-uninitialized-value /src/cifuzz-example/do_stuff_fuzzer.cpp:13:7 in LLVMFuzzerTestOneInput
+Unique heap origins: 65
+Stack depot allocated bytes: 4424
+Unique origin histories: 29
+History depot allocated bytes: 696
+Exiting
+MS: 0 ; base unit: 0000000000000000000000000000000000000000
+
+
+artifact_prefix='./'; Test unit written to ./crash-da39a3ee5e6b4b0d3255bfef95601890afd80709
+Base64:
diff --git a/infra/cifuzz/test_files/out/example_crash_fuzzer b/infra/cifuzz/test_data/out/example_crash_fuzzer
similarity index 100%
rename from infra/cifuzz/test_files/out/example_crash_fuzzer
rename to infra/cifuzz/test_data/out/example_crash_fuzzer
Binary files differ
diff --git a/infra/cifuzz/test_files/out/example_nocrash_fuzzer b/infra/cifuzz/test_data/out/example_nocrash_fuzzer
similarity index 100%
rename from infra/cifuzz/test_files/out/example_nocrash_fuzzer
rename to infra/cifuzz/test_data/out/example_nocrash_fuzzer
Binary files differ
diff --git a/infra/cifuzz/test_files/undefined/out/curl_fuzzer_undefined b/infra/cifuzz/test_data/undefined/out/curl_fuzzer_undefined
similarity index 100%
rename from infra/cifuzz/test_files/undefined/out/curl_fuzzer_undefined
rename to infra/cifuzz/test_data/undefined/out/curl_fuzzer_undefined
Binary files differ
diff --git a/infra/go/coverage/gocovsum/gocovsum.go b/infra/go/coverage/gocovsum/gocovsum.go
deleted file mode 100644
index 2066006..0000000
--- a/infra/go/coverage/gocovsum/gocovsum.go
+++ /dev/null
@@ -1,126 +0,0 @@
-package main
-
-import (
- "encoding/json"
- "flag"
- "fmt"
- "log"
-
- "go/ast"
- "go/parser"
- "go/token"
- "os"
- "path"
-
- "golang.org/x/tools/cover"
-)
-
-type CoverageTotal struct {
- Count int `json:"count"`
- Covered int `json:"covered"`
- Uncovered int `json:"notcovered"`
- Percent float64 `json:"percent"`
-}
-
-type CoverageTotals struct {
- Functions CoverageTotal `json:"functions,omitempty"`
- Lines CoverageTotal `json:"lines,omitempty"`
- Regions CoverageTotal `json:"regions,omitempty"`
-}
-
-type CoverageData struct {
- Totals CoverageTotals `json:"totals,omitempty"`
-}
-
-type PositionInterval struct {
- start token.Position
- end token.Position
-}
-
-type CoverageSummary struct {
- Data []CoverageData `json:"data,omitempty"`
- Type string `json:"type,omitempty"`
- Version string `json:"version,omitempty"`
-}
-
-func isFunctionCovered(s token.Position, e token.Position, blocks []cover.ProfileBlock) bool {
- for _, b := range blocks {
- if b.StartLine >= s.Line && b.StartLine <= e.Line && b.EndLine >= s.Line && b.EndLine <= e.Line {
- if b.Count > 0 {
- return true
- }
- }
- }
- return false
-}
-
-func main() {
- flag.Parse()
-
- if len(flag.Args()) != 1 {
- log.Fatalf("needs exactly one argument")
- }
- profiles, err := cover.ParseProfiles(flag.Args()[0])
- if err != nil {
- log.Fatalf("failed to parse profiles: %v", err)
- }
- r := CoverageSummary{}
- r.Type = "oss-fuzz.go.coverage.json.export"
- r.Version = "1.0.0"
- r.Data = make([]CoverageData, 1)
- gopath := os.Getenv("GOPATH")
- if len(gopath) == 0 {
- gopath = os.Getenv("HOME") + "/go"
- }
- for _, p := range profiles {
- fset := token.NewFileSet() // positions are relative to fset
- f, err := parser.ParseFile(fset, path.Join(gopath, "src", p.FileName), nil, 0)
- if err != nil {
- panic(err)
- }
- ast.Inspect(f, func(n ast.Node) bool {
- switch x := n.(type) {
- case *ast.FuncLit:
- startf := fset.Position(x.Pos())
- endf := fset.Position(x.End())
- r.Data[0].Totals.Functions.Count++
- if isFunctionCovered(startf, endf, p.Blocks) {
- r.Data[0].Totals.Functions.Covered++
- } else {
- r.Data[0].Totals.Functions.Uncovered++
- }
- case *ast.FuncDecl:
- startf := fset.Position(x.Pos())
- endf := fset.Position(x.End())
- r.Data[0].Totals.Functions.Count++
- if isFunctionCovered(startf, endf, p.Blocks) {
- r.Data[0].Totals.Functions.Covered++
- } else {
- r.Data[0].Totals.Functions.Uncovered++
- }
- }
- return true
- })
-
- for _, b := range p.Blocks {
- r.Data[0].Totals.Regions.Count++
- if b.Count > 0 {
- r.Data[0].Totals.Regions.Covered++
- } else {
- r.Data[0].Totals.Regions.Uncovered++
- }
-
- r.Data[0].Totals.Lines.Count += b.NumStmt
- if b.Count > 0 {
- r.Data[0].Totals.Lines.Covered += b.NumStmt
- } else {
- r.Data[0].Totals.Lines.Uncovered += b.NumStmt
- }
- }
- }
- r.Data[0].Totals.Regions.Percent = float64(100*r.Data[0].Totals.Regions.Covered) / float64(r.Data[0].Totals.Regions.Count)
- r.Data[0].Totals.Lines.Percent = float64(100*r.Data[0].Totals.Lines.Covered) / float64(r.Data[0].Totals.Lines.Count)
- r.Data[0].Totals.Functions.Percent = float64(100*r.Data[0].Totals.Functions.Covered) / float64(r.Data[0].Totals.Functions.Count)
- o, _ := json.Marshal(r)
- fmt.Printf(string(o))
-}
diff --git a/infra/go/coverage/pprof-merge/go.mod b/infra/go/coverage/pprof-merge/go.mod
deleted file mode 100644
index 5d5b514..0000000
--- a/infra/go/coverage/pprof-merge/go.mod
+++ /dev/null
@@ -1,5 +0,0 @@
-module github.com/rakyll/pprof-merge
-
-go 1.13
-
-require github.com/google/pprof v0.0.0-20190908185732-236ed259b199
diff --git a/infra/helper.py b/infra/helper.py
index 8a0a640..e24df4d 100755
--- a/infra/helper.py
+++ b/infra/helper.py
@@ -22,7 +22,6 @@
import argparse
import datetime
import errno
-import multiprocessing
import os
import pipes
import re
@@ -59,15 +58,61 @@
PROJECT_LANGUAGE_REGEX = re.compile(r'\s*language\s*:\s*([^\s]+)')
# Languages from project.yaml that have code coverage support.
-LANGUAGES_WITH_COVERAGE_SUPPORT = ['c', 'c++', 'go']
+LANGUAGES_WITH_COVERAGE_SUPPORT = ['c', 'c++', 'go', 'rust']
+
+# pylint: disable=too-many-lines
-def main(): # pylint: disable=too-many-branches,too-many-return-statements,too-many-statements
+def main(): # pylint: disable=too-many-branches,too-many-return-statements
"""Get subcommand from program arguments and do it."""
os.chdir(OSS_FUZZ_DIR)
if not os.path.exists(BUILD_DIR):
os.mkdir(BUILD_DIR)
+ args = parse_args()
+
+ # We have different default values for `sanitizer` depending on the `engine`.
+ # Some commands do not have `sanitizer` argument, so `hasattr` is necessary.
+ if hasattr(args, 'sanitizer') and not args.sanitizer:
+ if args.engine == 'dataflow':
+ args.sanitizer = 'dataflow'
+ else:
+ args.sanitizer = 'address'
+
+ if args.command == 'generate':
+ return generate(args)
+ if args.command == 'build_image':
+ return build_image(args)
+ if args.command == 'build_fuzzers':
+ return build_fuzzers(args)
+ if args.command == 'check_build':
+ return check_build(args)
+ if args.command == 'download_corpora':
+ return download_corpora(args)
+ if args.command == 'run_fuzzer':
+ return run_fuzzer(args)
+ if args.command == 'coverage':
+ return coverage(args)
+ if args.command == 'reproduce':
+ return reproduce(args)
+ if args.command == 'shell':
+ return shell(args)
+ if args.command == 'pull_images':
+ return pull_images(args)
+
+ return 0
+
+
+def parse_args(args=None):
+ """Parses args using argparser and returns parsed args."""
+ # Use default argument None for args so that in production, argparse does its
+ # normal behavior, but unittesting is easier.
+ parser = get_parser()
+ return parser.parse_args(args)
+
+
+def get_parser(): # pylint: disable=too-many-statements
+ """Returns an argparse parser."""
parser = argparse.ArgumentParser('helper.py', description='oss-fuzz helpers')
subparsers = parser.add_subparsers(dest='command')
@@ -112,8 +157,9 @@
_add_engine_args(
check_build_parser,
choices=['libfuzzer', 'afl', 'honggfuzz', 'dataflow', 'none'])
- _add_sanitizer_args(check_build_parser,
- choices=['address', 'memory', 'undefined', 'dataflow'])
+ _add_sanitizer_args(
+ check_build_parser,
+ choices=['address', 'memory', 'undefined', 'dataflow', 'thread'])
_add_environment_args(check_build_parser)
check_build_parser.add_argument('project_name', help='name of the project')
check_build_parser.add_argument('fuzzer_name',
@@ -189,39 +235,7 @@
_add_environment_args(shell_parser)
subparsers.add_parser('pull_images', help='Pull base images.')
-
- args = parser.parse_args()
-
- # We have different default values for `sanitizer` depending on the `engine`.
- # Some commands do not have `sanitizer` argument, so `hasattr` is necessary.
- if hasattr(args, 'sanitizer') and not args.sanitizer:
- if args.engine == 'dataflow':
- args.sanitizer = 'dataflow'
- else:
- args.sanitizer = 'address'
-
- if args.command == 'generate':
- return generate(args)
- if args.command == 'build_image':
- return build_image(args)
- if args.command == 'build_fuzzers':
- return build_fuzzers(args)
- if args.command == 'check_build':
- return check_build(args)
- if args.command == 'download_corpora':
- return download_corpora(args)
- if args.command == 'run_fuzzer':
- return run_fuzzer(args)
- if args.command == 'coverage':
- return coverage(args)
- if args.command == 'reproduce':
- return reproduce(args)
- if args.command == 'shell':
- return shell(args)
- if args.command == 'pull_images':
- return pull_images(args)
-
- return 0
+ return parser
def is_base_image(image_name):
@@ -335,7 +349,7 @@
def _add_sanitizer_args(parser,
choices=('address', 'memory', 'undefined', 'coverage',
- 'dataflow')):
+ 'dataflow', 'thread')):
"""Add common sanitizer args."""
parser.add_argument(
'--sanitizer',
@@ -632,7 +646,7 @@
]
if args.fuzzer_name:
- run_args += ['test_one', os.path.join('/out', args.fuzzer_name)]
+ run_args += ['test_one.py', args.fuzzer_name]
else:
run_args.append('test_all.py')
@@ -672,14 +686,14 @@
fuzz_target=fuzz_target)
command = ['gsutil', 'ls', corpus_backup_url]
- corpus_listing = subprocess.Popen(command,
- stdout=subprocess.PIPE,
- stderr=subprocess.PIPE)
- output, error = corpus_listing.communicate()
+ # Don't capture stderr. We want it to print in real time, in case gsutil is
+ # asking for two-factor authentication.
+ corpus_listing = subprocess.Popen(command, stdout=subprocess.PIPE)
+ output, _ = corpus_listing.communicate()
# Some fuzz targets (e.g. new ones) may not have corpus yet, just skip those.
if corpus_listing.returncode:
- print('WARNING: corpus for {0} not found:\n{1}'.format(fuzz_target, error),
+ print('WARNING: corpus for {0} not found:\n'.format(fuzz_target),
file=sys.stderr)
return
@@ -736,7 +750,7 @@
print('Downloading corpora for %s project to %s' %
(args.project_name, corpus_dir))
- thread_pool = ThreadPool(multiprocessing.cpu_count())
+ thread_pool = ThreadPool()
return all(thread_pool.map(_download_for_single_target, fuzz_targets))
@@ -956,9 +970,11 @@
'FUZZING_ENGINE=' + args.engine,
'SANITIZER=' + args.sanitizer,
'ARCHITECTURE=' + args.architecture,
- 'FUZZING_LANGUAGE=' + _get_project_language(args.project_name),
]
+ if args.project_name != 'base-runner-debug':
+ env.append('FUZZING_LANGUAGE=' + _get_project_language(args.project_name))
+
if args.e:
env += args.e
diff --git a/infra/helper_test.py b/infra/helper_test.py
new file mode 100644
index 0000000..d899a83
--- /dev/null
+++ b/infra/helper_test.py
@@ -0,0 +1,35 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Tests for helper.py"""
+
+import unittest
+from unittest import mock
+
+import helper
+
+
+class TestShell(unittest.TestCase):
+ """Tests 'shell' command."""
+
+ @mock.patch('helper.docker_run')
+ @mock.patch('helper.build_image_impl')
+ def test_base_runner_debug(self, mocked_build_image_impl, _):
+ """Tests that shell base-runner-debug works as intended."""
+ image_name = 'base-runner-debug'
+ unparsed_args = ['shell', image_name]
+ args = helper.parse_args(unparsed_args)
+ args.sanitizer = 'address'
+ result = helper.shell(args)
+ mocked_build_image_impl.assert_called_with(image_name)
+ self.assertEqual(result, 0)
diff --git a/infra/presubmit.py b/infra/presubmit.py
index bd5e9c3..90b4f90 100755
--- a/infra/presubmit.py
+++ b/infra/presubmit.py
@@ -104,6 +104,7 @@
'c',
'c++',
'go',
+ 'jvm',
'python',
'rust',
]
@@ -381,8 +382,9 @@
def run_tests(_=None, parallel=False):
"""Runs all unit tests."""
- success = run_nonbuild_tests(parallel)
- return success and run_build_tests()
+ nonbuild_success = run_nonbuild_tests(parallel)
+ build_success = run_build_tests()
+ return nonbuild_success and build_success
def get_all_files():
diff --git a/infra/repo_manager.py b/infra/repo_manager.py
index a5781b8..a0b97b3 100644
--- a/infra/repo_manager.py
+++ b/infra/repo_manager.py
@@ -127,6 +127,14 @@
return out.strip()
+ def fetch_all_remotes(self):
+ """Fetch all remotes for checkouts that track a single branch."""
+ self.git([
+ 'config', 'remote.origin.fetch', '+refs/heads/*:refs/remotes/origin/*'
+ ],
+ check_result=True)
+ self.git(['remote', 'update'], check_result=True)
+
def get_commit_list(self, newest_commit, oldest_commit=None):
"""Gets the list of commits(inclusive) between the old and new commits.
diff --git a/infra/testcases/curl_test_data b/infra/testcases/curl_test_data
deleted file mode 100644
index ed4b54e..0000000
--- a/infra/testcases/curl_test_data
+++ /dev/null
Binary files differ
diff --git a/infra/testcases/libarchive_test_data b/infra/testcases/libarchive_test_data
deleted file mode 100644
index 928bfec..0000000
--- a/infra/testcases/libarchive_test_data
+++ /dev/null
Binary files differ
diff --git a/infra/testcases/ndpi_test_data b/infra/testcases/ndpi_test_data
deleted file mode 100644
index 010af86..0000000
--- a/infra/testcases/ndpi_test_data
+++ /dev/null
Binary files differ
diff --git a/infra/testcases/usrsctp_test_data b/infra/testcases/usrsctp_test_data
deleted file mode 100644
index fa90322..0000000
--- a/infra/testcases/usrsctp_test_data
+++ /dev/null
Binary files differ
diff --git a/infra/testcases/yara_test_data b/infra/testcases/yara_test_data
deleted file mode 100644
index e2a0b94..0000000
--- a/infra/testcases/yara_test_data
+++ /dev/null
@@ -1 +0,0 @@
-rule N{condition:for 1r in r(r
\ No newline at end of file
diff --git a/infra/utils_test.py b/infra/utils_test.py
index a56295c..aa6ec7b 100644
--- a/infra/utils_test.py
+++ b/infra/utils_test.py
@@ -24,7 +24,7 @@
EXAMPLE_PROJECT = 'example'
TEST_OUT_DIR = os.path.join(os.path.dirname(os.path.abspath(__file__)),
- 'cifuzz', 'test_files', 'out')
+ 'cifuzz', 'test_data', 'out')
class IsFuzzTargetLocalTest(unittest.TestCase):
diff --git a/oss-fuzz.iml b/oss-fuzz.iml
deleted file mode 100644
index 20f48fa..0000000
--- a/oss-fuzz.iml
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module type="PYTHON_MODULE" version="4">
- <component name="NewModuleRootManager" inherit-compiler-output="true">
- <exclude-output />
- <content url="file://$MODULE_DIR$" />
- <orderEntry type="jdk" jdkName="Python 2.7" jdkType="Python SDK" />
- <orderEntry type="sourceFolder" forTests="false" />
- </component>
-</module>
\ No newline at end of file
diff --git a/projects/bad_example/build.sh b/projects/bad_example/build.sh
index eb08bd6..88a7caa 100755
--- a/projects/bad_example/build.sh
+++ b/projects/bad_example/build.sh
@@ -22,7 +22,7 @@
$LIB_FUZZING_ENGINE ./libz.a
-# The latest two examples won't for for coverage build, bail out.
+# The latest two examples won't work for coverage build, bail out.
if [[ $SANITIZER = *coverage* ]]; then
exit 0
fi
diff --git a/projects/bazel-rules-fuzzing-test/build.sh b/projects/bazel-rules-fuzzing-test/build.sh
index 07b2a73..056e16b 100644
--- a/projects/bazel-rules-fuzzing-test/build.sh
+++ b/projects/bazel-rules-fuzzing-test/build.sh
@@ -17,36 +17,6 @@
################################################################################
# This is an example build script for projects using the rules_fuzzing library
-# for Bazel. Use it as a starting point for your own integration.
+# for Bazel.
-# An easy way to build all the relevant fuzz tests for a project is to use a
-# "bazel query" command. Here, we are collecting all fuzz test targets (which
-# are tagged with "fuzz-test" by default). Here we also have a basic opt-out
-# mechanism through the "no-oss-fuzz" tag. You can use additional filtering
-# logic in your own integrations.
-declare -r QUERY='
- let all_fuzz_tests = attr(tags, "fuzz-test", "//...") in
- $all_fuzz_tests - attr(tags, "no-oss-fuzz", $all_fuzz_tests)
-'
-
-# The fuzzing rules provide a special `<name>_oss_fuzz` target that creates a
-# TAR archive with all the fuzz test artifacts (binary, corpus, dictionary,
-# etc.) using the layout expected by OSS-Fuzz. We derive the OSS-Fuzz package
-# targets from the fuzz test names using the "sed" command below.
-declare -r PACKAGE_SUFFIX="_oss_fuzz"
-declare -r OSS_FUZZ_TESTS="$(bazel query "${QUERY}" | sed "s/$/${PACKAGE_SUFFIX}/")"
-
-# We now build all the OSS-Fuzz packages using the compiler toolchain provided
-# by OSS-Fuzz through $CC and $CXX. The `--config=oss-fuzz` flag takes care of
-# using the correct instrumentation and fuzzing engine derived from the OSS-Fuzz
-# environment.
-bazel build -c opt --config=oss-fuzz --linkopt=-lc++ \
- --action_env=CC="${CC}" --action_env=CXX="${CXX}" \
- ${OSS_FUZZ_TESTS[*]}
-
-# Finally, we extract the contents of the OSS-Fuzz packages directly into the
-# $OUT/ directory. Recall that the packages already contain all the artifacts in
-# the format expected by OSS-Fuzz.
-for oss_fuzz_archive in $(find bazel-bin/ -name "*${PACKAGE_SUFFIX}.tar"); do
- tar -xvf "${oss_fuzz_archive}" -C "${OUT}"
-done
+bazel_build_fuzz_tests
diff --git a/projects/bignum-fuzzer/Dockerfile b/projects/bignum-fuzzer/Dockerfile
index ba08d04..6b74836 100644
--- a/projects/bignum-fuzzer/Dockerfile
+++ b/projects/bignum-fuzzer/Dockerfile
@@ -16,11 +16,8 @@
FROM gcr.io/oss-fuzz-base/base-builder
RUN apt-get update && apt-get install -y software-properties-common python-software-properties wget curl sudo mercurial autoconf bison texinfo libboost-all-dev cmake
-RUN add-apt-repository -y ppa:gophers/archive && apt-get update && apt-get install -y golang-1.9-go
-RUN ln -s /usr/lib/go-1.9/bin/go /usr/bin/go
RUN wget https://www.bytereef.org/software/mpdecimal/releases/mpdecimal-2.5.0.tar.gz
-RUN git clone --recursive https://github.com/golang/go
RUN git clone --depth 1 https://github.com/guidovranken/bignum-fuzzer
RUN git clone --depth 1 https://github.com/openssl/openssl
RUN hg clone https://gmplib.org/repo/gmp/ libgmp/
diff --git a/projects/bignum-fuzzer/build.sh b/projects/bignum-fuzzer/build.sh
index 699c3fa..8c29baf 100755
--- a/projects/bignum-fuzzer/build.sh
+++ b/projects/bignum-fuzzer/build.sh
@@ -15,17 +15,6 @@
#
################################################################################
-# Compile latest Go
-cd go/src
-./make.bash
-cd $SRC
-
-# Remove previous Go install (used for bootstrapping)
-apt-get remove golang-1.9-go -y
-rm /usr/bin/go
-
-export PATH=`realpath $SRC/go/bin`:$PATH
-
# Install Rust nightly
#curl https://sh.rustup.rs -sSf | sh -s -- -y
#source $HOME/.cargo/env
diff --git a/projects/bind9/project.yaml b/projects/bind9/project.yaml
index ef26dfe..82ff413 100644
--- a/projects/bind9/project.yaml
+++ b/projects/bind9/project.yaml
@@ -2,6 +2,7 @@
language: c
primary_contact: "bind9-dev@isc.org"
auto_ccs:
+ - "artem@isc.org"
- "dfronza@isc.org"
- "each@isc.org"
- "marka@isc.org"
@@ -9,7 +10,7 @@
- "michal@isc.org"
- "mnowak@isc.org"
- "ondrej@isc.org"
- - "wpk@isc.org"
+ - "pspacek@isc.org"
sanitizers:
- address
- memory:
diff --git a/projects/botan/build.sh b/projects/botan/build.sh
index 0a3d534..b88e785 100755
--- a/projects/botan/build.sh
+++ b/projects/botan/build.sh
@@ -22,7 +22,7 @@
./configure.py --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" \
--disable-shared --disable-modules=locking_allocator \
--unsafe-fuzzer-mode --build-fuzzers=libfuzzer \
- --with-fuzzer-lib='FuzzingEngine'
+ --without-os-features=getrandom,getentropy --with-fuzzer-lib='FuzzingEngine'
make -j$(nproc) libs
make -j$(nproc) fuzzers
diff --git a/projects/bs4/project.yaml b/projects/bs4/project.yaml
index b541b62..2081650 100644
--- a/projects/bs4/project.yaml
+++ b/projects/bs4/project.yaml
@@ -1,7 +1,7 @@
homepage: "https://www.crummy.com/software/BeautifulSoup/"
main_repo: "https://code.launchpad.net/~leonardr/beautifulsoup/bs4"
language: python
-primary_contact: "leonardr@segfault.org"
+primary_contact: "leonard.richardson@gmail.com"
auto_ccs:
- "jvoisin@google.com"
- "ipudney@google.com"
diff --git a/projects/c-blosc2/build.sh b/projects/c-blosc2/build.sh
index 973f2cf..afe771d 100755
--- a/projects/c-blosc2/build.sh
+++ b/projects/c-blosc2/build.sh
@@ -16,6 +16,8 @@
################################################################################
# Build project
+export LDSHARED=lld
+
cmake . -DCMAKE_C_FLAGS="$CFLAGS" -DCMAKE_CXX_FLAGS="$CXXFLAGS" -DBUILD_FUZZERS=ON
make clean
make -j$(nproc)
diff --git a/projects/cairo/project.yaml b/projects/cairo/project.yaml
index 568d473..9a078de 100644
--- a/projects/cairo/project.yaml
+++ b/projects/cairo/project.yaml
@@ -1,9 +1,14 @@
homepage: https://gitlab.freedesktop.org/cairo/cairo
language: c
primary_contact: security-tps@google.com
+auto_ccs:
+ - "psychon@znc.in"
sanitizers:
- address
- undefined
-
+vendor_ccs:
+ - "jkew@mozilla.com"
+ - "jmuizelaar@mozilla.com"
+ - "twsmith@mozilla.com"
view_restrictions: none
main_repo: 'https://gitlab.freedesktop.org/cairo/cairo.git'
diff --git a/projects/capnproto/Dockerfile b/projects/capnproto/Dockerfile
new file mode 100644
index 0000000..dffaa45
--- /dev/null
+++ b/projects/capnproto/Dockerfile
@@ -0,0 +1,21 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y cmake zlib1g-dev
+RUN git clone --depth 1 https://github.com/capnproto/capnproto
+WORKDIR $SRC/capnproto
+COPY build.sh $SRC/
diff --git a/projects/capnproto/build.sh b/projects/capnproto/build.sh
new file mode 100755
index 0000000..176418d
--- /dev/null
+++ b/projects/capnproto/build.sh
@@ -0,0 +1,23 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# build project
+mkdir build
+cd build
+cmake -DBUILD_SHARED_LIBS=OFF ..
+make -j$(nproc)
+cp c++/src/capnp/*fuzzer* $OUT/
diff --git a/projects/capnproto/project.yaml b/projects/capnproto/project.yaml
new file mode 100644
index 0000000..e8cffba
--- /dev/null
+++ b/projects/capnproto/project.yaml
@@ -0,0 +1,8 @@
+homepage: "https://capnproto.org"
+language: c++
+primary_contact: "security@sandstorm.io"
+auto_ccs:
+ - "p.antoine@catenacyber.fr"
+sanitizers:
+ - address
+main_repo: 'https://github.com/capnproto/capnproto'
diff --git a/projects/capstone/build.sh b/projects/capstone/build.sh
index 35720ea..b0da123 100755
--- a/projects/capstone/build.sh
+++ b/projects/capstone/build.sh
@@ -32,6 +32,7 @@
sed -i -e 's/#print/print/' capstone/__init__.py
(
export CFLAGS=""
+ export AFL_NOOPT=1
python setup.py install
)
cd $SRC/capstone$branch/suite
diff --git a/projects/cascadia/Dockerfile b/projects/cascadia/Dockerfile
index 7c6f58d..094b5e1 100644
--- a/projects/cascadia/Dockerfile
+++ b/projects/cascadia/Dockerfile
@@ -15,7 +15,7 @@
################################################################################
FROM gcr.io/oss-fuzz-base/base-builder
-RUN go get github.com/andybalholm/cascadia
+RUN git clone https://github.com/andybalholm/cascadia
COPY build.sh $SRC/
-WORKDIR $SRC/
+WORKDIR $SRC/cascadia
diff --git a/projects/cctz/Dockerfile b/projects/cctz/Dockerfile
new file mode 100644
index 0000000..7882330
--- /dev/null
+++ b/projects/cctz/Dockerfile
@@ -0,0 +1,24 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y make autoconf libgtest-dev
+RUN git clone --depth 1 https://github.com/google/cctz
+WORKDIR $SRC/cctz
+
+COPY build.sh $SRC/
+COPY fuzz_* $SRC/
+
diff --git a/projects/cctz/build.sh b/projects/cctz/build.sh
new file mode 100755
index 0000000..b83b4f5
--- /dev/null
+++ b/projects/cctz/build.sh
@@ -0,0 +1,22 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+mkdir build && cd build
+cmake -DBUILD_TESTING=OFF ../
+make
+
+# Compile fuzzers
+cp $SRC/fuzz* .
+$CXX $CXXFLAGS $LIB_FUZZING_ENGINE ./fuzz_cctz.cc ./libcctz.a -I../include/ -o $OUT/fuzz_cctz
diff --git a/projects/cctz/fuzz_cctz.cc b/projects/cctz/fuzz_cctz.cc
new file mode 100644
index 0000000..2096152
--- /dev/null
+++ b/projects/cctz/fuzz_cctz.cc
@@ -0,0 +1,47 @@
+/* Copyright 2020 Google LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+#include <fuzzer/FuzzedDataProvider.h>
+
+#include <iostream>
+#include <string>
+
+#include "cctz/civil_time.h"
+#include "cctz/time_zone.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ FuzzedDataProvider fuzzed_data(data, size);
+
+ cctz::time_zone lax;
+ std::string tz = fuzzed_data.ConsumeRandomLengthString();
+ if (load_time_zone(tz, &lax)) {
+ std::chrono::system_clock::time_point tp;
+ std::string date_format = fuzzed_data.ConsumeRandomLengthString();
+ std::string parse_format = fuzzed_data.ConsumeRandomLengthString();
+ cctz::parse(parse_format, date_format, lax, &tp);
+
+ const auto t1 = cctz::convert(cctz::civil_second(
+ fuzzed_data.ConsumeIntegral<uint32_t>(),
+ fuzzed_data.ConsumeIntegral<uint32_t>(),
+ fuzzed_data.ConsumeIntegral<uint32_t>(),
+ fuzzed_data.ConsumeIntegral<uint32_t>(),
+ fuzzed_data.ConsumeIntegral<uint32_t>(),
+ fuzzed_data.ConsumeIntegral<uint32_t>()), lax);
+ std::string format = fuzzed_data.ConsumeRandomLengthString();
+ cctz::format(format, t1, lax);
+ }
+
+ return 0;
+}
diff --git a/projects/cctz/project.yaml b/projects/cctz/project.yaml
new file mode 100644
index 0000000..58562e6
--- /dev/null
+++ b/projects/cctz/project.yaml
@@ -0,0 +1,3 @@
+homepage: "https://github.com/google/cctz"
+language: c++
+primary_contact: "david@adalogics.com"
diff --git a/projects/cel-cpp/.bazelrc b/projects/cel-cpp/.bazelrc
new file mode 100644
index 0000000..f55fb55
--- /dev/null
+++ b/projects/cel-cpp/.bazelrc
@@ -0,0 +1,23 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# Force the use of Clang for C++ builds.
+build --action_env=CC=clang
+build --action_env=CXX=clang++
+
+build:oss-fuzz --@rules_fuzzing//fuzzing:cc_engine=@rules_fuzzing_oss_fuzz//:oss_fuzz_engine
+build:oss-fuzz --@rules_fuzzing//fuzzing:cc_engine_instrumentation=oss-fuzz
+build:oss-fuzz --@rules_fuzzing//fuzzing:cc_engine_sanitizer=none
diff --git a/projects/cel-cpp/BUILD b/projects/cel-cpp/BUILD
new file mode 100644
index 0000000..6fdd773
--- /dev/null
+++ b/projects/cel-cpp/BUILD
@@ -0,0 +1,23 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+load("@rules_fuzzing//fuzzing:cc_defs.bzl", "cc_fuzz_test")
+
+cc_fuzz_test(
+ name = "fuzz_parse",
+ deps = ["//parser"],
+ srcs = ["fuzz_parse.cc"],
+)
diff --git a/projects/cel-cpp/Dockerfile b/projects/cel-cpp/Dockerfile
new file mode 100644
index 0000000..6c4b67e
--- /dev/null
+++ b/projects/cel-cpp/Dockerfile
@@ -0,0 +1,27 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+
+RUN git clone --depth 1 https://github.com/google/cel-cpp/
+COPY build.sh $SRC/
+RUN mkdir $SRC/cel-cpp/fuzz/
+COPY BUILD fuzz*.cc $SRC/cel-cpp/fuzz/
+COPY WORKSPACE .bazelrc $SRC/
+RUN cat WORKSPACE >> $SRC/cel-cpp/WORKSPACE
+RUN cat .bazelrc >> $SRC/cel-cpp/.bazelrc
+RUN echo "4.0.0" > $SRC/cel-cpp/.bazelversion
+WORKDIR $SRC/cel-cpp
diff --git a/projects/cel-cpp/WORKSPACE b/projects/cel-cpp/WORKSPACE
new file mode 100644
index 0000000..bc59fa0
--- /dev/null
+++ b/projects/cel-cpp/WORKSPACE
@@ -0,0 +1,41 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
+
+http_archive(
+ name = "fuzzing_rules_python",
+ url = "https://github.com/bazelbuild/rules_python/releases/download/0.1.0/rules_python-0.1.0.tar.gz",
+ sha256 = "b6d46438523a3ec0f3cead544190ee13223a52f6a6765a29eae7b7cc24cc83a0",
+)
+
+http_archive(
+ name = "rules_fuzzing",
+ sha256 = "a5734cb42b1b69395c57e0bbd32ade394d5c3d6afbfe782b24816a96da24660d",
+ strip_prefix = "rules_fuzzing-0.1.1",
+ urls = ["https://github.com/bazelbuild/rules_fuzzing/archive/v0.1.1.zip"],
+ repo_mapping = {
+ "@rules_python": "@fuzzing_rules_python",
+ },
+)
+
+load("@rules_fuzzing//fuzzing:repositories.bzl", "rules_fuzzing_dependencies")
+
+rules_fuzzing_dependencies()
+
+load("@rules_fuzzing//fuzzing:init.bzl", "rules_fuzzing_init")
+
+rules_fuzzing_init()
diff --git a/projects/cel-cpp/build.sh b/projects/cel-cpp/build.sh
new file mode 100755
index 0000000..5a6315a
--- /dev/null
+++ b/projects/cel-cpp/build.sh
@@ -0,0 +1,32 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+declare -r QUERY='
+ let all_fuzz_tests = attr(tags, "fuzz-test", "//...") in
+ $all_fuzz_tests - attr(tags, "no-oss-fuzz", $all_fuzz_tests)
+'
+
+declare -r PACKAGE_SUFFIX="_oss_fuzz"
+declare -r OSS_FUZZ_TESTS="$(bazel query "${QUERY}" | sed "s/$/${PACKAGE_SUFFIX}/")"
+
+bazel build -c opt --config=oss-fuzz --linkopt=-lc++ \
+ --action_env=CC="${CC}" --action_env=CXX="${CXX}" \
+ ${OSS_FUZZ_TESTS[*]}
+
+for oss_fuzz_archive in $(find bazel-bin/ -name "*${PACKAGE_SUFFIX}.tar"); do
+ tar -xvf "${oss_fuzz_archive}" -C "${OUT}"
+done
diff --git a/projects/cel-cpp/fuzz_parse.cc b/projects/cel-cpp/fuzz_parse.cc
new file mode 100644
index 0000000..f4755d3
--- /dev/null
+++ b/projects/cel-cpp/fuzz_parse.cc
@@ -0,0 +1,34 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+#include <string>
+
+#include "parser/parser.h"
+
+#define MAX_RECURSION 0x100
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ std::string str (reinterpret_cast<const char*>(data), size);
+ try {
+ auto parse_status = google::api::expr::parser::Parse(str, "fuzzinput", MAX_RECURSION);
+ if (!parse_status.ok()) {
+ parse_status.status().message();
+ }
+ } catch (const std::exception& e) {
+ return 0;
+ }
+ return 0;
+}
diff --git a/projects/cel-cpp/project.yaml b/projects/cel-cpp/project.yaml
new file mode 100644
index 0000000..ad4bf90
--- /dev/null
+++ b/projects/cel-cpp/project.yaml
@@ -0,0 +1,11 @@
+homepage: "https://opensource.google/projects/cel"
+language: c++
+primary_contact: "kyessenov@gmail.com"
+auto_ccs :
+- "tswadell@google.com"
+- "p.antoine@catenacyber.fr"
+
+sanitizers:
+- address
+- memory
+main_repo: 'https://github.com/google/cel-cpp'
diff --git a/projects/cilium/Dockerfile b/projects/cilium/Dockerfile
new file mode 100644
index 0000000..89f2f00
--- /dev/null
+++ b/projects/cilium/Dockerfile
@@ -0,0 +1,26 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y wget
+RUN wget https://raw.githubusercontent.com/google/AFL/master/dictionaries/json.dict -O $OUT/fuzz.dict
+
+RUN git clone --depth 1 https://github.com/dvyukov/go-fuzz-corpus
+RUN zip $OUT/fuzz_seed_corpus.zip go-fuzz-corpus/json/corpus/*
+
+RUN git clone https://github.com/cilium/cilium/ cilium
+RUN cp $SRC/cilium/test/fuzzing/oss-fuzz-build.sh $SRC/build.sh
+WORKDIR $SRC/cilium
diff --git a/projects/civetweb/build.sh b/projects/civetweb/build.sh
index cd2caee..413dd5a 100755
--- a/projects/civetweb/build.sh
+++ b/projects/civetweb/build.sh
@@ -19,4 +19,4 @@
chmod +x ./fuzztest/build.sh
./fuzztest/build.sh
-mv civetweb_fuzz3 $OUT/
+mv civetweb_fuzz* $OUT/
diff --git a/projects/clamav/Dockerfile b/projects/clamav/Dockerfile
index c38ae91..0d4cc03 100644
--- a/projects/clamav/Dockerfile
+++ b/projects/clamav/Dockerfile
@@ -17,9 +17,20 @@
FROM gcr.io/oss-fuzz-base/base-builder
RUN apt-get update && apt-get install -y \
flex bison \
- automake autoconf pkg-config m4 libtool \
- libssl-dev \
- libcurl4-openssl-dev
+ python3-dev \
+ pkg-config
+
+#
+# Build static libs for dependencies
+#
+RUN python3 -m pip install mussels
+RUN git clone --depth 1 https://github.com/Cisco-Talos/clamav-mussels-cookbook.git
+
+RUN mkdir /mussels
+RUN cd ${SRC}/clamav-mussels-cookbook && \
+ msl build clamav_deps -t host-static -w /mussels/work -i /mussels/install
+
+# Collect clamav source & fuzz corpus
RUN git clone --depth 1 https://github.com/Cisco-Talos/clamav-devel.git
RUN git clone --depth 1 https://github.com/Cisco-Talos/clamav-fuzz-corpus.git
diff --git a/projects/clamav/build.sh b/projects/clamav/build.sh
index 0ab07e0..1f7e902 100755
--- a/projects/clamav/build.sh
+++ b/projects/clamav/build.sh
@@ -16,6 +16,7 @@
################################################################################
set -ex
+export GIT_DISCOVERY_ACROSS_FILESYSTEM=1
#
# Build the library.
@@ -24,37 +25,33 @@
mkdir -p ${WORK}/build
cd ${WORK}/build
-if [ -f "${SRC}/clamav-devel/autogen.sh" ]
-then
- /bin/chmod +x ${SRC}/clamav-devel/autogen.sh
- ${SRC}/clamav-devel/autogen.sh
-fi
-
-# Remove ltdl so clamav build doesn't detect it and add it as a dependency.
-apt remove -y libtool libltdl-dev libltdl7
-
#
# Run ./configure
#
-ac_cv_c_mmap_anonymous=no \
- ${SRC}/clamav-devel/configure \
- --disable-mempool \
- --enable-fuzz=yes \
- --with-libjson=no \
- --with-pcre=no \
- --enable-static=yes \
- --enable-shared=no \
- --disable-llvm \
- --host=x86_64-unknown-linux-gnu
+export CLAMAV_DEPENDENCIES=/mussels/install
+cmake ${SRC}/clamav-devel \
+ -DENABLE_FUZZ=ON \
+ -DHAVE_MMAP=OFF \
+ -DJSONC_INCLUDE_DIR="$CLAMAV_DEPENDENCIES/include/json-c" \
+ -DJSONC_LIBRARY="$CLAMAV_DEPENDENCIES/lib/libjson-c.a" \
+ -DENABLE_JSON_SHARED=OFF \
+ -DBZIP2_INCLUDE_DIR="$CLAMAV_DEPENDENCIES/include" \
+ -DBZIP2_LIBRARY_RELEASE="$CLAMAV_DEPENDENCIES/lib/libbz2_static.a" \
+ -DOPENSSL_ROOT_DIR="$CLAMAV_DEPENDENCIES" \
+ -DOPENSSL_INCLUDE_DIR="$CLAMAV_DEPENDENCIES/include" \
+ -DOPENSSL_CRYPTO_LIBRARY="$CLAMAV_DEPENDENCIES/lib/libcrypto.a" \
+ -DOPENSSL_SSL_LIBRARY="$CLAMAV_DEPENDENCIES/lib/libssl.a" \
+ -DZLIB_LIBRARY="$CLAMAV_DEPENDENCIES/lib/libssl.a" \
+ -DLIBXML2_INCLUDE_DIR="$CLAMAV_DEPENDENCIES/include" \
+ -DLIBXML2_LIBRARY="$CLAMAV_DEPENDENCIES/lib/libxml2.a" \
+ -DPCRE2_INCLUDE_DIR="$CLAMAV_DEPENDENCIES/include" \
+ -DPCRE2_LIBRARY="$CLAMAV_DEPENDENCIES/lib/libpcre2-8.a" \
+ -DZLIB_INCLUDE_DIR="$CLAMAV_DEPENDENCIES/include" \
+ -DZLIB_LIBRARY="$CLAMAV_DEPENDENCIES/lib/libz.a" \
+ -DCMAKE_INSTALL_PREFIX="install"
-# Build libclamav
-make clean
-make -j"$(nproc)"
-
-#
-# Build the fuzz targets.
-#
-make -j"$(nproc)" fuzz-all
+# Build libclamav and the fuzz targets
+make -j4
cp ./fuzz/clamav_* ${OUT}/.
#
diff --git a/projects/clamav/project.yaml b/projects/clamav/project.yaml
index d2c3f23..1f8f5d7 100644
--- a/projects/clamav/project.yaml
+++ b/projects/clamav/project.yaml
@@ -6,4 +6,7 @@
sanitizers:
- address
- undefined
+fuzzing_engines:
+ - libfuzzer
+ - afl
main_repo: 'https://github.com/Cisco-Talos/clamav-devel.git'
diff --git a/projects/clib/project.yaml b/projects/clib/project.yaml
index 1dad0da..bc58713 100644
--- a/projects/clib/project.yaml
+++ b/projects/clib/project.yaml
@@ -4,11 +4,4 @@
auto_ccs:
- "Adam@adalogics.com"
- "isty001@gmail.com"
-fuzzing_engines:
- - libfuzzer
- - honggfuzz
-sanitizers:
- - address
- - undefined
- - memory
main_repo: 'https://github.com/clibs/clib'
diff --git a/projects/cosign/Dockerfile b/projects/cosign/Dockerfile
new file mode 100644
index 0000000..f0282dd
--- /dev/null
+++ b/projects/cosign/Dockerfile
@@ -0,0 +1,21 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN git clone --depth 1 https://github.com/sigstore/cosign
+
+COPY build.sh $SRC/
+WORKDIR $SRC/cosign
diff --git a/projects/cosign/build.sh b/projects/cosign/build.sh
new file mode 100755
index 0000000..87d865d
--- /dev/null
+++ b/projects/cosign/build.sh
@@ -0,0 +1,19 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+
+compile_go_fuzzer github.com/sigstore/cosign/test FuzzGetPassword fuzz_getPassword gofuzz
diff --git a/projects/cosign/project.yaml b/projects/cosign/project.yaml
new file mode 100644
index 0000000..dc5735f
--- /dev/null
+++ b/projects/cosign/project.yaml
@@ -0,0 +1,8 @@
+homepage: https://sigstore.dev/
+language: go
+primary_contact: "priyawadhwa@google.com"
+main_repo: "https://github.com/sigstore/cosign"
+fuzzing_engines:
+ - libfuzzer
+sanitizers:
+ - address
diff --git a/projects/cryptofuzz/Dockerfile b/projects/cryptofuzz/Dockerfile
index fb668f2..7ed5d42 100644
--- a/projects/cryptofuzz/Dockerfile
+++ b/projects/cryptofuzz/Dockerfile
@@ -23,14 +23,9 @@
apt-get update && \
apt-get install -y software-properties-common python-software-properties make autoconf automake libtool build-essential cmake mercurial gyp ninja-build zlib1g-dev libsqlite3-dev bison flex texinfo
-# BoringSSL needs Go to build
-RUN add-apt-repository -y ppa:gophers/archive && apt-get update && apt-get install -y golang-1.9-go
-RUN ln -s /usr/lib/go-1.9/bin/go /usr/bin/go
-
RUN git clone --depth 1 https://github.com/guidovranken/cryptofuzz
RUN git clone --depth 1 https://github.com/guidovranken/cryptofuzz-corpora
RUN git clone --depth 1 https://github.com/openssl/openssl
-
RUN git clone --depth 1 https://boringssl.googlesource.com/boringssl
RUN git clone --depth 1 https://github.com/libressl-portable/portable libressl
RUN cd $SRC/libressl && ./update.sh
@@ -39,7 +34,6 @@
RUN wget https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.36.tar.bz2
RUN git clone --depth 1 -b oss-fuzz https://github.com/project-everest/hacl-star evercrypt
RUN git clone --depth 1 https://github.com/google/cityhash.git
-RUN git clone --depth 1 https://github.com/golang/go
RUN git clone --depth 1 https://github.com/randombit/botan.git
RUN git clone --depth 1 https://github.com/wolfSSL/wolfssl.git
RUN git clone --depth 1 https://github.com/ARMmbed/mbedtls.git
diff --git a/projects/cryptofuzz/build.sh b/projects/cryptofuzz/build.sh
index e363114..9aa3c94 100755
--- a/projects/cryptofuzz/build.sh
+++ b/projects/cryptofuzz/build.sh
@@ -18,6 +18,8 @@
# TODO(metzman): Switch this to LIB_FUZZING_ENGINE when it works.
# https://github.com/google/oss-fuzz/issues/2336
+export GO111MODULE=off
+
# Compile xxd
$CC $SRC/xxd.c -o /usr/bin/xxd
@@ -40,24 +42,6 @@
cd $SRC/cryptofuzz
python gen_repository.py
-if [[ $CFLAGS = *-m32* ]]
-then
- export GOARCH=386
- export CGO_ENABLED=1
-fi
-
-export GO111MODULE=off
-cd $SRC/go/src
-./make.bash
-export GOROOT=$(realpath $SRC/go)
-export GOPATH=$GOROOT/packages
-mkdir $GOPATH
-export PATH=$GOROOT/bin:$PATH
-export PATH=$GOROOT/packages/bin:$PATH
-
-apt-get remove golang-1.9-go -y
-rm /usr/bin/go
-
go get golang.org/x/crypto/blake2b
go get golang.org/x/crypto/blake2s
go get golang.org/x/crypto/md4
@@ -671,3 +655,4 @@
cp $SRC/cryptofuzz/cryptofuzz-dict.txt $OUT/cryptofuzz-boringssl-noasm.dict
# Copy seed corpus
cp $SRC/cryptofuzz-corpora/boringssl_latest.zip $OUT/cryptofuzz-boringssl-noasm_seed_corpus.zip
+
diff --git a/projects/cryptofuzz/project.yaml b/projects/cryptofuzz/project.yaml
index 659a309..59c3ac4 100644
--- a/projects/cryptofuzz/project.yaml
+++ b/projects/cryptofuzz/project.yaml
@@ -23,11 +23,8 @@
- "david@wolfssl.com"
- "kaleb@wolfssl.com"
- "jacob@wolfssl.com"
- - "jjones@mozilla.com"
- "sledru@mozilla.com"
- - "kjacobs@mozilla.com"
- "bbeurdouche@mozilla.com"
- - "tvandermerwe@mozilla.com"
- "matthias.st.pierre@gmail.com"
- "kaleb.himes@gmail.com"
- "polubelovam@gmail.com"
diff --git a/projects/dart/Dockerfile b/projects/dart/Dockerfile
new file mode 100644
index 0000000..d60afcb
--- /dev/null
+++ b/projects/dart/Dockerfile
@@ -0,0 +1,25 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt install -y g++-multilib git python curl
+
+RUN git clone --depth 1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
+ENV PATH="${SRC}/depot_tools:${PATH}"
+RUN mkdir dart-sdk && cd dart-sdk && fetch dart
+COPY build.sh $SRC
+COPY patch.diff $SRC
+WORKDIR $SRC/dart-sdk/sdk
diff --git a/projects/dart/build.sh b/projects/dart/build.sh
new file mode 100755
index 0000000..520b275
--- /dev/null
+++ b/projects/dart/build.sh
@@ -0,0 +1,21 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# build project
+git apply ../../patch.diff
+./tools/build.py --no-goma -j$(nproc) -m debug -a x64 --sanitizer=asan dart_libfuzzer
+cp out/DebugASANX64/*fuzzer $OUT/
diff --git a/projects/dart/patch.diff b/projects/dart/patch.diff
new file mode 100644
index 0000000..18729d5
--- /dev/null
+++ b/projects/dart/patch.diff
@@ -0,0 +1,13 @@
+diff --git a/runtime/bin/BUILD.gn b/runtime/bin/BUILD.gn
+index 1bc82252087..68e983b4902 100644
+--- a/runtime/bin/BUILD.gn
++++ b/runtime/bin/BUILD.gn
+@@ -1084,6 +1084,8 @@ if (defined(is_linux) && is_linux && defined(is_asan) && is_asan &&
+ extra_sources = [
+ "../vm/libfuzzer/dart_libfuzzer.cc",
+ "builtin.cc",
++ "dartdev_isolate.cc",
++ "dartdev_isolate.h",
+ "dfe.cc",
+ "dfe.h",
+ ]
diff --git a/projects/dart/project.yaml b/projects/dart/project.yaml
new file mode 100644
index 0000000..155fe23
--- /dev/null
+++ b/projects/dart/project.yaml
@@ -0,0 +1,9 @@
+homepage: "https://dart.dev"
+language: c++
+primary_contact: "scheglov@google.com"
+auto_ccs :
+- "p.antoine@catenacyber.fr"
+
+sanitizers:
+- address
+main_repo: 'https://github.com/dart-lang/sdk.git'
diff --git a/projects/dragonfly/Dockerfile b/projects/dragonfly/Dockerfile
index 2d04a8f..46870a6 100644
--- a/projects/dragonfly/Dockerfile
+++ b/projects/dragonfly/Dockerfile
@@ -30,4 +30,4 @@
github.com/willf/bitset
RUN git clone https://github.com/dragonflyoss/Dragonfly
COPY build.sh $SRC/
-WORKDIR $SRC/
+WORKDIR $SRC/Dragonfly
diff --git a/projects/dragonfly/build.sh b/projects/dragonfly/build.sh
index 6095149..6487785 100755
--- a/projects/dragonfly/build.sh
+++ b/projects/dragonfly/build.sh
@@ -15,8 +15,5 @@
#
################################################################################
-mkdir $GOPATH/src/github.com/dragonflyoss
-cp -r $SRC/Dragonfly $GOPATH/src/github.com/dragonflyoss/
-
compile_go_fuzzer github.com/dragonflyoss/Dragonfly/dfget/core/uploader FuzzParseParams uploader_fuzz
compile_go_fuzzer github.com/dragonflyoss/Dragonfly/supernode/daemon/mgr/cdn Fuzz cdn_fuzz
diff --git a/projects/dropbear/Dockerfile b/projects/dropbear/Dockerfile
index 0b4ba30..f2c2354 100644
--- a/projects/dropbear/Dockerfile
+++ b/projects/dropbear/Dockerfile
@@ -1,4 +1,4 @@
-# Copyright 2016 Google Inc.
+# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -16,8 +16,8 @@
FROM gcr.io/oss-fuzz-base/base-builder
RUN apt-get update && apt-get install -y libz-dev autoconf mercurial
-RUN hg clone https://hg.ucc.asn.au/dropbear dropbear
-RUN hg clone https://hg.ucc.asn.au/dropbear-fuzzcorpus dropbear/corpus
+RUN hg clone https://hg.ucc.asn.au/dropbear-fuzzcorpus dropbear-corpus
+RUN git clone https://github.com/mkj/dropbear dropbear
WORKDIR dropbear
COPY build.sh *.options $SRC/
diff --git a/projects/dropbear/build.sh b/projects/dropbear/build.sh
index e3a6dae..9732110 100644
--- a/projects/dropbear/build.sh
+++ b/projects/dropbear/build.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# Copyright 2016 Google Inc.
+# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,9 +27,9 @@
TARGETS="$(make list-fuzz-targets)"
-make -C $SRC/dropbear/corpus
+make -C $SRC/dropbear-corpus
cp -v $TARGETS $OUT/
cp -v *.options $OUT/
-cp -v $SRC/dropbear/corpus/*.zip $OUT/
-cp -v $SRC/dropbear/corpus/*.dict $OUT/
+cp -v $SRC/dropbear-corpus/*.zip $OUT/
+cp -v $SRC/dropbear-corpus/*.dict $OUT/
diff --git a/projects/dropbear/project.yaml b/projects/dropbear/project.yaml
index 3c10e86..78ee900 100644
--- a/projects/dropbear/project.yaml
+++ b/projects/dropbear/project.yaml
@@ -1,11 +1,5 @@
homepage: "https://matt.ucc.asn.au/dropbear/dropbear.html"
language: c++
primary_contact: "matt@ucc.asn.au"
-sanitizers:
- - address
- - undefined
- - memory
-fuzzing_engines:
- - libfuzzer
- - honggfuzz
builds_per_day: 4
+main_repo: "https://github.com/mkj/dropbear"
diff --git a/projects/ecc-diff-fuzzer/build.sh b/projects/ecc-diff-fuzzer/build.sh
index 2fb4421..9b951ca 100755
--- a/projects/ecc-diff-fuzzer/build.sh
+++ b/projects/ecc-diff-fuzzer/build.sh
@@ -93,13 +93,14 @@
#botan
(
cd botan
-#help it find libstdc++
-cp /usr/lib/x86_64-linux-gnu/libstdc++.so.6 /usr/lib/x86_64-linux-gnu/libstdc++.so
-export LDFLAGS=$CXXFLAGS
if [ "$ARCHITECTURE" = 'i386' ]; then
- ./configure.py --disable-shared-library --cpu x86_32
+ ./configure.py --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" \
+ --disable-shared --disable-modules=locking_allocator --disable-shared-library \
+ --without-os-features=getrandom,getentropy --cpu x86_32
else
- ./configure.py --disable-shared-library
+ ./configure.py --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" \
+ --disable-shared --disable-modules=locking_allocator --disable-shared-library \
+ --without-os-features=getrandom,getentropy
fi
make -j$(nproc)
make install
diff --git a/projects/envoy/project.yaml b/projects/envoy/project.yaml
index da1a49c..5fae149 100644
--- a/projects/envoy/project.yaml
+++ b/projects/envoy/project.yaml
@@ -14,6 +14,9 @@
- "avd@google.com"
- "skerner@google.com"
- "rdsmith@google.com"
- - "chaoqinli16@gmail.com"
+ - "chaoqinli@google.com"
+ - "yanjunxiang@google.com"
+ - "arquebus@appspot.gserviceaccount.com"
+ - "david@adalogics.com"
coverage_extra_args: -ignore-filename-regex=.*\.cache.*envoy_deps_cache.*
main_repo: 'https://github.com/envoyproxy/envoy.git'
diff --git a/projects/fast-dds/Dockerfile b/projects/fast-dds/Dockerfile
new file mode 100644
index 0000000..df5782e
--- /dev/null
+++ b/projects/fast-dds/Dockerfile
@@ -0,0 +1,26 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt install -y autoconf automake
+RUN git clone --depth 1 https://github.com/leethomason/tinyxml2
+RUN git clone --depth 1 https://github.com/chriskohlhoff/asio/
+RUN git clone --depth 1 https://github.com/eProsima/Fast-CDR.git
+RUN git clone --depth 1 https://github.com/eProsima/foonathan_memory_vendor.git
+RUN git clone --depth 1 https://github.com/eProsima/Fast-DDS.git
+COPY patch.diff $SRC
+COPY build.sh $SRC
+WORKDIR $SRC/Fast-DDS
diff --git a/projects/fast-dds/build.sh b/projects/fast-dds/build.sh
new file mode 100755
index 0000000..6831dff
--- /dev/null
+++ b/projects/fast-dds/build.sh
@@ -0,0 +1,53 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+
+(
+cd ../tinyxml2
+make -j$(nproc) all
+cp libtinyxml2.a /usr/local/lib/
+cp *.h /usr/local/include/
+)
+
+(
+cd ../asio/asio
+sh autogen.sh
+./configure
+make -j$(nproc) install
+)
+
+(
+cd ..
+mkdir Fast-CDR/build && cd Fast-CDR/build
+cmake .. -DBUILD_SHARED_LIBS=OFF
+cmake --build . --target install
+)
+
+(
+cd ..
+cd foonathan_memory_vendor
+mkdir build && cd build
+cmake .. -DBUILD_SHARED_LIBS=OFF
+cmake --build . --target install
+)
+
+# build project
+git apply ../patch.diff
+mkdir build && cd build
+cmake .. -DBUILD_SHARED_LIBS=OFF
+make -j $(nproc)
+cp src/cpp/fuzz* $OUT/
diff --git a/projects/fast-dds/patch.diff b/projects/fast-dds/patch.diff
new file mode 100644
index 0000000..e4f0ba2
--- /dev/null
+++ b/projects/fast-dds/patch.diff
@@ -0,0 +1,74 @@
+diff --git a/src/cpp/CMakeLists.txt b/src/cpp/CMakeLists.txt
+index b7fb777..615e955 100644
+--- a/src/cpp/CMakeLists.txt
++++ b/src/cpp/CMakeLists.txt
+@@ -484,6 +484,11 @@ elseif(NOT EPROSIMA_INSTALLER)
+ endif()
+ endif()
+
++if(DEFINED ENV{LIB_FUZZING_ENGINE})
++ add_executable(fuzz_processCDRMsg rtps/messages/fuzz_processCDRMsg.cpp)
++ target_link_libraries(fuzz_processCDRMsg ${PROJECT_NAME} $ENV{LIB_FUZZING_ENGINE})
++endif()
++
+ ###############################################################################
+ # Packaging
+ ###############################################################################
+diff --git a/src/cpp/rtps/messages/MessageReceiver.cpp b/src/cpp/rtps/messages/MessageReceiver.cpp
+index 962ca9b..0e82082 100644
+--- a/src/cpp/rtps/messages/MessageReceiver.cpp
++++ b/src/cpp/rtps/messages/MessageReceiver.cpp
+@@ -324,7 +324,11 @@ void MessageReceiver::processCDRMsg(
+
+ reset();
+
++#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
++ GuidPrefix_t participantGuidPrefix;
++#else
+ GuidPrefix_t participantGuidPrefix = participant_->getGuid().guidPrefix;
++#endif
+ dest_guid_prefix_ = participantGuidPrefix;
+
+ msg->pos = 0; //Start reading at 0
+@@ -513,7 +517,9 @@ void MessageReceiver::processCDRMsg(
+ submessage->pos = next_msg_pos;
+ }
+
++#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ participant_->assert_remote_participant_liveliness(source_guid_prefix_);
++#endif
+ }
+
+ bool MessageReceiver::checkRTPSHeader(
+diff --git a/src/cpp/rtps/messages/fuzz_processCDRMsg.cpp b/src/cpp/rtps/messages/fuzz_processCDRMsg.cpp
+new file mode 100644
+index 0000000..6a71817
+--- /dev/null
++++ b/src/cpp/rtps/messages/fuzz_processCDRMsg.cpp
+@@ -0,0 +1,26 @@
++#include <stdio.h>
++#include <stdlib.h>
++#include <stdint.h>
++#include <stdarg.h>
++#include <string.h>
++
++#include <fastrtps/rtps/messages/MessageReceiver.h>
++#include <fastdds/rtps/attributes/RTPSParticipantAttributes.h>
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
++ const eprosima::fastrtps::rtps::Locator_t remoteLocator;
++ eprosima::fastrtps::rtps::MessageReceiver* rcv = new eprosima::fastrtps::rtps::MessageReceiver(NULL, 4096);
++
++ eprosima::fastrtps::rtps::CDRMessage_t msg(0);
++ msg.wraps = true;
++ msg.buffer = const_cast<eprosima::fastrtps::rtps::octet*>(data);
++ msg.length = size;
++ msg.max_size = size;
++ msg.reserved_size = size;
++
++ // TODO: Should we unlock in case UnregisterReceiver is called from callback ?
++ rcv->processCDRMsg(remoteLocator, &msg);
++ delete rcv;
++ return 0;
++}
++
diff --git a/projects/fast-dds/project.yaml b/projects/fast-dds/project.yaml
new file mode 100644
index 0000000..970e0b1
--- /dev/null
+++ b/projects/fast-dds/project.yaml
@@ -0,0 +1,9 @@
+homepage: "https://www.eprosima.com/"
+language: c++
+primary_contact: "miguelcompany@eprosima.com"
+auto_ccs:
+- "p.antoine@catenacyber.fr"
+sanitizers:
+- address
+- undefined
+main_repo: 'https://github.com/eProsima/Fast-DDS.git'
diff --git a/projects/fasthttp/Dockerfile b/projects/fasthttp/Dockerfile
index 6904598..3684706 100644
--- a/projects/fasthttp/Dockerfile
+++ b/projects/fasthttp/Dockerfile
@@ -15,7 +15,7 @@
################################################################################
FROM gcr.io/oss-fuzz-base/base-builder
-RUN go get github.com/valyala/fasthttp
+RUN git clone --depth 1 https://github.com/valyala/fasthttp
COPY build.sh $SRC/
-WORKDIR $SRC/
+WORKDIR $SRC/fasthttp
diff --git a/projects/fasthttp/build.sh b/projects/fasthttp/build.sh
index 02fe85a..59aec49 100755
--- a/projects/fasthttp/build.sh
+++ b/projects/fasthttp/build.sh
@@ -18,7 +18,7 @@
-ls $GOPATH/src/github.com/valyala/fasthttp/fuzzit | while read target
+ls fuzzit/ | while read target
do
compile_go_fuzzer github.com/valyala/fasthttp/fuzzit/$target Fuzz fuzz_$target gofuzz
done
diff --git a/projects/fastjson/Dockerfile b/projects/fastjson/Dockerfile
index 7da61ee..9c19614 100644
--- a/projects/fastjson/Dockerfile
+++ b/projects/fastjson/Dockerfile
@@ -15,7 +15,7 @@
################################################################################
FROM gcr.io/oss-fuzz-base/base-builder
-RUN go get github.com/valyala/fastjson
+RUN git clone --depth 1 https://github.com/valyala/fastjson
COPY build.sh $SRC/
-WORKDIR $SRC/
+WORKDIR $SRC/fastjson
diff --git a/projects/fastjson2/Dockerfile b/projects/fastjson2/Dockerfile
new file mode 100644
index 0000000..e8c9f4e
--- /dev/null
+++ b/projects/fastjson2/Dockerfile
@@ -0,0 +1,31 @@
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y maven
+
+RUN git clone --depth 1 https://github.com/google/fuzzing && \
+ cat fuzzing/dictionaries/json.dict > $SRC/JsonFuzzer.dict
+
+RUN git clone --depth 1 https://github.com/dvyukov/go-fuzz-corpus && \
+ zip -q $SRC/JsonFuzzer_seed_corpus.zip go-fuzz-corpus/json/corpus/*
+
+RUN git clone --depth 1 https://github.com/alibaba/fastjson
+
+COPY build.sh $SRC/
+COPY JsonFuzzer.java $SRC/
+WORKDIR $SRC/fastjson
diff --git a/projects/fastjson2/JsonFuzzer.java b/projects/fastjson2/JsonFuzzer.java
new file mode 100644
index 0000000..9ac5cab
--- /dev/null
+++ b/projects/fastjson2/JsonFuzzer.java
@@ -0,0 +1,28 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONException;
+import com.code_intelligence.jazzer.api.FuzzedDataProvider;
+
+public class JsonFuzzer {
+ public static void fuzzerTestOneInput(FuzzedDataProvider data) {
+ try {
+ JSON.parse(data.consumeRemainingAsString());
+ } catch (JSONException ignored) {
+ }
+ }
+}
diff --git a/projects/fastjson2/build.sh b/projects/fastjson2/build.sh
new file mode 100644
index 0000000..121c324
--- /dev/null
+++ b/projects/fastjson2/build.sh
@@ -0,0 +1,51 @@
+#!/bin/bash -eu
+# Copyright 2021 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# Copy seed corpus and dictionary.
+mv $SRC/{*.zip,*.dict} $OUT
+
+mvn package -Dmaven.test.skip=true -Djdk.version=15
+CURRENT_VERSION=$(mvn org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate \
+ -Dexpression=project.version -q -DforceStdout)
+cp "target/fastjson-$CURRENT_VERSION.jar" $OUT/fastjson.jar
+
+PROJECT_JARS="fastjson.jar"
+
+# The classpath at build-time includes the project jars in $OUT as well as the
+# Jazzer API.
+BUILD_CLASSPATH=$(echo $PROJECT_JARS | xargs printf -- "$OUT/%s:"):$JAZZER_API_PATH
+
+# All .jar and .class files lie in the same directory as the fuzzer at runtime.
+RUNTIME_CLASSPATH=$(echo $PROJECT_JARS | xargs printf -- "\$this_dir/%s:"):\$this_dir
+
+for fuzzer in $(find $SRC -name '*Fuzzer.java'); do
+ fuzzer_basename=$(basename -s .java $fuzzer)
+ javac -cp $BUILD_CLASSPATH $fuzzer
+ cp $SRC/$fuzzer_basename.class $OUT/
+
+ # Create an execution wrapper that executes Jazzer with the correct arguments.
+ echo "#!/bin/sh
+# LLVMFuzzerTestOneInput for fuzzer detection.
+this_dir=\$(dirname \"\$0\")
+LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\":\$this_dir \
+\$this_dir/jazzer_driver --agent_path=\$this_dir/jazzer_agent_deploy.jar \
+--cp=$RUNTIME_CLASSPATH \
+--target_class=$fuzzer_basename \
+--jvm_args=\"-Xmx2048m\" \
+\$@" > $OUT/$fuzzer_basename
+ chmod u+x $OUT/$fuzzer_basename
+done
diff --git a/projects/fastjson2/project.yaml b/projects/fastjson2/project.yaml
new file mode 100644
index 0000000..3fcba92
--- /dev/null
+++ b/projects/fastjson2/project.yaml
@@ -0,0 +1,10 @@
+homepage: "https://github.com/alibaba/fastjson"
+language: jvm
+primary_contact: "shaojin.wensj@alibaba-inc.com"
+auto_ccs:
+ - "meumertzheim@code-intelligence.com"
+fuzzing_engines:
+ - libfuzzer
+main_repo: "https://github.com/alibaba/fastjson"
+sanitizers:
+ - address
diff --git a/projects/firefox/Dockerfile b/projects/firefox/Dockerfile
index 18543d5..1d19ca8 100644
--- a/projects/firefox/Dockerfile
+++ b/projects/firefox/Dockerfile
@@ -19,13 +19,18 @@
RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends \
gawk \
libstdc++6 \
+ m4 \
python \
software-properties-common
+
+# This wrapper of cargo seems to interfere with our build system.
+RUN rm -f /usr/local/bin/cargo
+
RUN git clone --depth 1 https://github.com/mozilla/gecko-dev mozilla-central
RUN git clone --depth 1 https://github.com/mozillasecurity/fuzzdata
WORKDIR mozilla-central
# Install OS dependencies.
# Will be re-run in build.sh to install missing dependencies.
ENV SHELL /bin/bash
-RUN ./mach bootstrap --no-interactive --application-choice browser
+RUN ./mach --no-interactive bootstrap --application-choice browser
COPY build.sh target.c *.options mozconfig.* $SRC/
diff --git a/projects/firefox/build.sh b/projects/firefox/build.sh
index a41b99b..8788e19 100755
--- a/projects/firefox/build.sh
+++ b/projects/firefox/build.sh
@@ -42,9 +42,22 @@
export MOZ_OBJDIR=$WORK/obj-fuzz
export MOZCONFIG=$SRC/mozconfig.$SANITIZER
+# Without this, a host tool used during Rust part of the build will fail
+export ASAN_OPTIONS="detect_leaks=0"
+
# Install remaining dependencies.
export SHELL=/bin/bash
-./mach bootstrap --no-interactive --application-choice browser
+
+# Firefox might not be buildable on the latest Rust Nightly, so we should try
+# to use the same version that we use in our CI.
+RUST_NIGHTLY_VERSION=$(sed -n 's/^.*--channel.*\(nightly-[0-9-]*\).*$/\1/p' \
+ $SRC/mozilla-central/taskcluster/ci/toolchain/rust.yml
+)
+
+rustup toolchain install ${RUST_NIGHTLY_VERSION}
+rustup default ${RUST_NIGHTLY_VERSION}-x86_64-unknown-linux-gnu
+
+./mach --no-interactive bootstrap --application-choice browser
# Skip patches for now
rm tools/fuzzing/libfuzzer/patches/*.patch
diff --git a/projects/firefox/mozconfig.address b/projects/firefox/mozconfig.address
index c9eb33d..0bc2c36 100644
--- a/projects/firefox/mozconfig.address
+++ b/projects/firefox/mozconfig.address
@@ -1,4 +1,7 @@
. $SRC/mozconfig.coverage
ac_add_options --enable-address-sanitizer
-mk_add_options CFLAGS= CXXFLAGS=
+
+# Don't use standard CFLAGS/CXXFLAGS provided by oss-fuzz
+export CFLAGS=""
+export CXXFLAGS=""
diff --git a/projects/fluent-bit/project.yaml b/projects/fluent-bit/project.yaml
index f68179d..aca7ccc 100755
--- a/projects/fluent-bit/project.yaml
+++ b/projects/fluent-bit/project.yaml
@@ -1,9 +1,6 @@
homepage: "https://github.com/fluent/fluent-bit"
primary_contact: "edsiper@gmail.com"
language: c++
-fuzzing_engines:
- - libfuzzer
- - honggfuzz
auto_ccs:
- "david@adalogics.com"
- "wppttt@amazon.com"
diff --git a/projects/freeimage/Dockerfile b/projects/freeimage/Dockerfile
index 86ab661..3133e71 100644
--- a/projects/freeimage/Dockerfile
+++ b/projects/freeimage/Dockerfile
@@ -16,10 +16,7 @@
FROM gcr.io/oss-fuzz-base/base-builder
RUN apt-get update && apt-get install -y make autoconf automake libtool wget
-# This downloads the latest version at the time of writing. There does not
-# appear to be a head version of FreeImage.
-RUN wget https://downloads.sourceforge.net/freeimage/FreeImage3180.zip
-RUN unzip FreeImage3180.zip
-WORKDIR $SRC
+RUN svn checkout https://svn.code.sf.net/p/freeimage/svn/ freeimage-svn
+WORKDIR $SRC/freeimage-svn/FreeImage/trunk/
COPY build.sh $SRC/
COPY load_from_memory_fuzzer.cc $SRC/
diff --git a/projects/freeimage/build.sh b/projects/freeimage/build.sh
index a418bd0..707440e 100755
--- a/projects/freeimage/build.sh
+++ b/projects/freeimage/build.sh
@@ -15,15 +15,13 @@
#
################################################################################
-pushd FreeImage
-
# b44ExpLogTable.cpp only contains a definition of main().
sed -i 's/Source\/OpenEXR\/IlmImf\/b44ExpLogTable.cpp//' Makefile.srcs
make LIBRARIES=-lc++ -j$(nproc)
-popd
+INSTALL_DIR="$PWD/Dist"
-INSTALL_DIR=$SRC/FreeImage/Dist
+cd $SRC
$CXX $CXXFLAGS -I${INSTALL_DIR}/ $LIB_FUZZING_ENGINE \
load_from_memory_fuzzer.cc ${INSTALL_DIR}/libfreeimage.a \
diff --git a/projects/ghostscript/Dockerfile b/projects/ghostscript/Dockerfile
index 942d8c3..c21bb87 100644
--- a/projects/ghostscript/Dockerfile
+++ b/projects/ghostscript/Dockerfile
@@ -20,8 +20,9 @@
RUN git clone --branch branch-2.2 --single-branch --depth 1 https://github.com/apple/cups.git cups
RUN git clone --branch VER-2-10-1 --single-branch --depth 1 https://git.savannah.gnu.org/git/freetype/freetype2.git freetype
RUN git clone --single-branch --depth 1 git://git.ghostscript.com/ghostpdl.git ghostpdl
-
RUN mkdir ghostpdl/fuzz
-COPY gstoraster_fuzzer.cc ghostpdl/fuzz
+WORKDIR ghostpdl
+
+COPY gstoraster_fuzzer.cc $SRC/
COPY build.sh $SRC/
diff --git a/projects/ghostscript/build.sh b/projects/ghostscript/build.sh
index 07ae5ee..b74772f 100755
--- a/projects/ghostscript/build.sh
+++ b/projects/ghostscript/build.sh
@@ -16,7 +16,7 @@
################################################################################
# Build CUPS
-pushd cups
+pushd $SRC/cups
# Fix bad line
sed -i '2110s/\(\s\)f->value/\1(int)f->value/' cups/ppd-cache.c
@@ -29,13 +29,12 @@
install -m755 cups-config "$WORK"/cups-config
popd
-cd ghostpdl
rm -rf cups/libs || die
rm -rf freetype || die
rm -rf libpng || die
rm -rf zlib || die
-mv ../freetype freetype
+mv $SRC/freetype freetype
CUPSCONFIG="$WORK/cups-config"
CUPS_CFLAGS=$($CUPSCONFIG --cflags)
@@ -51,7 +50,7 @@
make -j$(nproc) libgs
$CXX $CXXFLAGS $CUPS_LDFLAGS -std=c++11 -I. \
- fuzz/gstoraster_fuzzer.cc \
+ $SRC/gstoraster_fuzzer.cc \
-o "$OUT/gstoraster_fuzzer" \
-Wl,-rpath='$ORIGIN' \
$CUPS_LIBS \
diff --git a/projects/ghostscript/gstoraster_fuzzer.cc b/projects/ghostscript/gstoraster_fuzzer.cc
index 412352c..897e99a 100644
--- a/projects/ghostscript/gstoraster_fuzzer.cc
+++ b/projects/ghostscript/gstoraster_fuzzer.cc
@@ -42,7 +42,7 @@
return to_copy;
}
-static int gs_stdout(void *inst, const char *buf, int len)
+static int gs_stdnull(void *inst, const char *buf, int len)
{
/* Just discard everything. */
return len;
@@ -69,7 +69,7 @@
"-dBATCH",
"-dNOINTERPOLATE",
"-dNOMEDIAATTRS",
- "-sstdout=%stderr",
+ "-sstdout=%%stderr",
"-sOutputFile=/dev/null",
"-sDEVICE=cups",
"-_",
@@ -86,7 +86,7 @@
return ret;
}
- gsapi_set_stdio(gs, gs_stdin, gs_stdout, NULL /* stderr */);
+ gsapi_set_stdio(gs, gs_stdin, gs_stdnull, gs_stdnull);
ret = gsapi_set_arg_encoding(gs, GS_ARG_ENCODING_UTF8);
if (ret < 0) {
fprintf(stderr, "gsapi_set_arg_encoding: error %d\n", ret);
diff --git a/projects/git/build.sh b/projects/git/build.sh
index 0a39a97..8770a83 100755
--- a/projects/git/build.sh
+++ b/projects/git/build.sh
@@ -34,7 +34,7 @@
zip -j $OUT/fuzz-pack-headers_seed_corpus.zip .git/objects/pack/*.pack.trimmed
# build commit-graph corpus
-./git commit-graph write
+ASAN_OPTIONS=detect_leaks=0 ./git commit-graph write
zip -j $OUT/fuzz-commit-graph_seed_corpus .git/objects/info/commit-graph
# Mute stderr
diff --git a/projects/gitea/Dockerfile b/projects/gitea/Dockerfile
index 91f9464..9403123 100644
--- a/projects/gitea/Dockerfile
+++ b/projects/gitea/Dockerfile
@@ -17,4 +17,4 @@
FROM gcr.io/oss-fuzz-base/base-builder
RUN git clone https://github.com/go-gitea/gitea
COPY build.sh $SRC/
-WORKDIR $SRC/
+WORKDIR $SRC/gitea
diff --git a/projects/gitea/build.sh b/projects/gitea/build.sh
index 4110a4d..a031afb 100644
--- a/projects/gitea/build.sh
+++ b/projects/gitea/build.sh
@@ -15,9 +15,5 @@
#
################################################################################
-mkdir $GOPATH/src/code.gitea.io
-mv $SRC/gitea $GOPATH/src/code.gitea.io/
-cd $GOPATH/src/code.gitea.io/gitea && go get ./...
-
compile_go_fuzzer code.gitea.io/gitea/tools FuzzMarkdownRenderRaw fuzz_markdown_render_raw gofuzz
compile_go_fuzzer code.gitea.io/gitea/tools FuzzMarkupPostProcess fuzz_markup_post_process gofuzz
diff --git a/projects/gitea/project.yaml b/projects/gitea/project.yaml
index 183460b..8fcd31f 100644
--- a/projects/gitea/project.yaml
+++ b/projects/gitea/project.yaml
@@ -1,7 +1,14 @@
homepage: "https://github.com/go-gitea/gitea"
-primary_contact: "admin@gitea.io"
+primary_contact: "security@gitea.io"
auto_ccs :
- "adam@adalogics.com"
+ - "xiaolunwen@gmail.com"
+ - "lauris@nix.lv"
+ - "techknowlogick@gitea.io"
+ - "sapk@sapk.fr"
+ - "zeripath@gmail.com"
+ - "john.olheiser@gmail.com"
+ - "6543@obermui.de"
language: go
fuzzing_engines:
- libfuzzer
diff --git a/projects/go-json-iterator/Dockerfile b/projects/go-json-iterator/Dockerfile
index 3d6a90c..5d4cf02 100644
--- a/projects/go-json-iterator/Dockerfile
+++ b/projects/go-json-iterator/Dockerfile
@@ -15,7 +15,8 @@
################################################################################
FROM gcr.io/oss-fuzz-base/base-builder
-RUN go get github.com/json-iterator/go
+RUN git clone https://github.com/json-iterator/go json-iterator
-COPY fuzz_json.go $GOPATH/src/github.com/json-iterator/go/
+COPY fuzz_json.go $SRC/json-iterator/
COPY build.sh $SRC/
+WORKDIR $SRC/json-iterator/
diff --git a/projects/go-redis/Dockerfile b/projects/go-redis/Dockerfile
index 3bdaf63..b0ad177 100644
--- a/projects/go-redis/Dockerfile
+++ b/projects/go-redis/Dockerfile
@@ -15,7 +15,7 @@
################################################################################
FROM gcr.io/oss-fuzz-base/base-builder
-RUN go get github.com/go-redis/redis
+RUN git clone https://github.com/go-redis/redis redis
COPY build.sh $SRC/
-WORKDIR $SRC
+WORKDIR $SRC/redis
diff --git a/projects/go-redis/build.sh b/projects/go-redis/build.sh
index b130c45..e297cd3 100644
--- a/projects/go-redis/build.sh
+++ b/projects/go-redis/build.sh
@@ -12,5 +12,6 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
-compile_go_fuzzer github.com/go-redis/redis/fuzz Fuzz fuzz gofuzz
+
+#github.com/go-redis/redis/fuzz is not a module, so needs local build
+compile_go_fuzzer ./fuzz Fuzz fuzz gofuzz
diff --git a/projects/go-sftp/Dockerfile b/projects/go-sftp/Dockerfile
new file mode 100644
index 0000000..0269d8e
--- /dev/null
+++ b/projects/go-sftp/Dockerfile
@@ -0,0 +1,21 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN git clone --depth 1 https://github.com/pkg/sftp
+
+COPY build.sh $SRC/
+WORKDIR $SRC/sftp
diff --git a/projects/go-sftp/build.sh b/projects/go-sftp/build.sh
new file mode 100755
index 0000000..0e8460f
--- /dev/null
+++ b/projects/go-sftp/build.sh
@@ -0,0 +1,18 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+compile_go_fuzzer . Fuzz fuzz_sftp
diff --git a/projects/go-sftp/project.yaml b/projects/go-sftp/project.yaml
new file mode 100644
index 0000000..5f0d4e9
--- /dev/null
+++ b/projects/go-sftp/project.yaml
@@ -0,0 +1,10 @@
+homepage: "https://github.com/pkg/sftp"
+primary_contact: "nicola.murino@gmail.com"
+auto_ccs:
+ - "p.antoine@catenacyber.fr"
+language: go
+fuzzing_engines:
+ - libfuzzer
+sanitizers:
+ - address
+main_repo: 'https://github.com/pkg/sftp'
diff --git a/projects/go-snappy/Dockerfile b/projects/go-snappy/Dockerfile
new file mode 100644
index 0000000..d6d08af
--- /dev/null
+++ b/projects/go-snappy/Dockerfile
@@ -0,0 +1,22 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN git clone --depth 1 https://github.com/golang/snappy
+
+COPY build.sh $SRC/
+COPY fuzz.go $SRC/snappy
+WORKDIR $SRC/snappy
diff --git a/projects/go-snappy/build.sh b/projects/go-snappy/build.sh
new file mode 100755
index 0000000..805eefb
--- /dev/null
+++ b/projects/go-snappy/build.sh
@@ -0,0 +1,19 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+compile_go_fuzzer . FuzzRoundTrip fuzz_roundtrip gofuzz
+compile_go_fuzzer . FuzzDecode fuzz_decode gofuzz
diff --git a/projects/go-snappy/fuzz.go b/projects/go-snappy/fuzz.go
new file mode 100644
index 0000000..6722fd0
--- /dev/null
+++ b/projects/go-snappy/fuzz.go
@@ -0,0 +1,33 @@
+// +build gofuzz
+
+package snappy
+
+import (
+ "bytes"
+)
+
+func FuzzRoundTrip(data []byte) int {
+ if len(data) > 1234567 {
+ return 0
+ }
+ encoded := Encode(nil, data)
+ decoded, err := Decode(nil, encoded)
+ if err != nil {
+ panic("Error decoding snappy-encoded")
+ }
+ if !bytes.Equal(data, decoded) {
+ panic("Different result on roundtrip encode/decode")
+ }
+ return 1
+}
+
+func FuzzDecode(data []byte) int {
+ if n, _ := DecodedLen(data); n > 1234567 {
+ return 0
+ }
+ _, err := Decode(nil, data)
+ if err != nil {
+ return 0
+ }
+ return 1
+}
diff --git a/projects/go-snappy/project.yaml b/projects/go-snappy/project.yaml
new file mode 100644
index 0000000..8a732cc
--- /dev/null
+++ b/projects/go-snappy/project.yaml
@@ -0,0 +1,10 @@
+homepage: "https://github.com/golang/snappy"
+primary_contact: "nigeltao@golang.org"
+auto_ccs:
+ - "p.antoine@catenacyber.fr"
+language: go
+fuzzing_engines:
+ - libfuzzer
+sanitizers:
+ - address
+main_repo: 'https://github.com/golang/snappy'
diff --git a/projects/go-sqlite3/Dockerfile b/projects/go-sqlite3/Dockerfile
index e948b55..f1b10e1 100644
--- a/projects/go-sqlite3/Dockerfile
+++ b/projects/go-sqlite3/Dockerfile
@@ -15,9 +15,7 @@
################################################################################
FROM gcr.io/oss-fuzz-base/base-builder
-# TODO use upstream repo
-# RUN go get -t github.com/mattn/go-sqlite3
-RUN git clone --branch fuzz --depth 1 http://github.com/catenacyber/go-sqlite3 $GOPATH/src/github.com/mattn/go-sqlite3
+RUN git clone --depth 1 http://github.com/mattn/go-sqlite3 $GOPATH/src/github.com/mattn/go-sqlite3
-COPY build.sh fuzz*.go $SRC/
+COPY build.sh $SRC/
WORKDIR $SRC/
diff --git a/projects/golang/project.yaml b/projects/golang/project.yaml
index e665a71..ed1e863 100644
--- a/projects/golang/project.yaml
+++ b/projects/golang/project.yaml
@@ -3,6 +3,7 @@
auto_ccs:
- "mmoroz@chromium.org"
- "josharian@gmail.com"
+ - "emmanuel@orijtech.com"
language: go
sanitizers:
- address
diff --git a/projects/gpac/Dockerfile b/projects/gpac/Dockerfile
new file mode 100755
index 0000000..cf7fc80
--- /dev/null
+++ b/projects/gpac/Dockerfile
@@ -0,0 +1,23 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y build-essential pkg-config libz-dev
+RUN git clone https://github.com/gpac/gpac
+
+WORKDIR $SRC
+COPY build.sh $SRC/
+COPY fuzz_parse.c $SRC/
diff --git a/projects/gpac/build.sh b/projects/gpac/build.sh
new file mode 100755
index 0000000..904f5f2
--- /dev/null
+++ b/projects/gpac/build.sh
@@ -0,0 +1,25 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+cd gpac
+./configure --static-build --extra-cflags="${CFLAGS}" --extra-ldflags="${CFLAGS}"
+make
+cp $SRC/fuzz_parse.c .
+
+$CC $CFLAGS $LIB_FUZZING_ENGINE fuzz_parse.c -o $OUT/fuzz_parse \
+ -I./include -I./ ./bin/gcc/libgpac_static.a \
+ -lm -lz -lpthread -DGPAC_HAVE_CONFIG_H
diff --git a/projects/gpac/fuzz_parse.c b/projects/gpac/fuzz_parse.c
new file mode 100644
index 0000000..b7c9ac9
--- /dev/null
+++ b/projects/gpac/fuzz_parse.c
@@ -0,0 +1,36 @@
+/* Copyright 2021 Google LLC
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+#include <stdio.h>
+#include <unistd.h>
+
+#include <gpac/internal/isomedia_dev.h>
+#include <gpac/constants.h>
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ char filename[256];
+ sprintf(filename, "/tmp/libfuzzer.%d", getpid());
+
+ FILE *fp = fopen(filename, "wb");
+ if (!fp) {
+ return 0;
+ }
+ fwrite(data, size, 1, fp);
+ fclose(fp);
+
+ GF_ISOFile *movie = NULL;
+ movie = gf_isom_open_file(filename, GF_ISOM_OPEN_READ_DUMP, NULL);
+ if (movie != NULL) {
+ gf_isom_close(movie);
+ }
+ unlink(filename);
+ return 0;
+}
diff --git a/projects/gpac/project.yaml b/projects/gpac/project.yaml
new file mode 100755
index 0000000..1229d12
--- /dev/null
+++ b/projects/gpac/project.yaml
@@ -0,0 +1,6 @@
+homepage: "https://gpac.wp.imt.fr/"
+main_repo: "https://github.com/gpac/gpac"
+primary_contact: "project.gpac@gmail.com"
+language: c
+auto_ccs:
+ - "david@adalogics.com"
diff --git a/projects/graphicsmagick/Dockerfile b/projects/graphicsmagick/Dockerfile
index 29f49fd..97f3a56 100644
--- a/projects/graphicsmagick/Dockerfile
+++ b/projects/graphicsmagick/Dockerfile
@@ -16,9 +16,9 @@
FROM gcr.io/oss-fuzz-base/base-builder
RUN apt-get update && apt-get install -y mercurial automake autopoint cmake libtool nasm pkg-config po4a
-RUN hg clone --time -b default http://hg.code.sf.net/p/graphicsmagick/code graphicsmagick || \
- hg clone --time -b default http://hg.code.sf.net/p/graphicsmagick/code graphicsmagick || \
- hg clone --time -b default http://hg.code.sf.net/p/graphicsmagick/code graphicsmagick
+RUN hg clone --time -b default https://hg.osdn.net/view/graphicsmagick/GM graphicsmagick || \
+ hg clone --time -b default https://hg.osdn.net/view/graphicsmagick/GM graphicsmagick || \
+ hg clone --time -b default https://hg.osdn.net/view/graphicsmagick/GM graphicsmagick
RUN git clone --depth 1 https://gitlab.com/libtiff/libtiff
RUN git clone --depth 1 https://github.com/webmproject/libwebp
@@ -31,6 +31,8 @@
RUN git clone --depth 1 https://github.com/mm2/Little-CMS
RUN git clone https://git.ghostscript.com/ghostpdl.git
RUN git clone --depth 1 https://gitlab.com/federicomenaquintero/bzip2.git
+RUN git clone --depth 1 https://github.com/jasper-software/jasper
+RUN git clone --depth 1 https://gitlab.gnome.org/GNOME/libxml2.git
WORKDIR graphicsmagick
COPY build.sh $SRC/
diff --git a/projects/grok/Dockerfile b/projects/grok/Dockerfile
index c8ea8f8..9551e85 100644
--- a/projects/grok/Dockerfile
+++ b/projects/grok/Dockerfile
@@ -15,9 +15,8 @@
################################################################################
FROM gcr.io/oss-fuzz-base/base-builder
-RUN apt-get update && apt-get install -y wget
RUN git clone --depth 1 https://github.com/GrokImageCompression/grok.git grok
-RUN git clone --depth 1 https://github.com/GrokImageCompression/grok-test-data.git grok/data
+RUN git clone --depth 1 https://github.com/GrokImageCompression/grok-test-data.git grok-data
WORKDIR grok
COPY build.sh $SRC/
diff --git a/projects/grpc-gateway/Dockerfile b/projects/grpc-gateway/Dockerfile
index 5199723..9a7cad2 100644
--- a/projects/grpc-gateway/Dockerfile
+++ b/projects/grpc-gateway/Dockerfile
@@ -18,4 +18,4 @@
ENV GO111MODULE on
RUN git clone https://github.com/grpc-ecosystem/grpc-gateway
COPY build.sh $SRC/
-WORKDIR $SRC/
+WORKDIR $SRC/grpc-gateway
diff --git a/projects/grpc-gateway/build.sh b/projects/grpc-gateway/build.sh
index 3860024..19c4ac5 100755
--- a/projects/grpc-gateway/build.sh
+++ b/projects/grpc-gateway/build.sh
@@ -15,13 +15,10 @@
#
################################################################################
-mkdir $GOPATH/src/github.com/grpc-ecosystem
-mv $SRC/grpc-gateway $GOPATH/src/github.com/grpc-ecosystem/
-cd $GOPATH/src/github.com/grpc-ecosystem/grpc-gateway && go get ./...
-
if [ "$SANITIZER" = "coverage" ]
then
- compile_go_fuzzer github.com/grpc-ecosystem/grpc-gateway/internal/httprule Fuzz fuzz gofuzz
+ go get github.com/grpc-ecosystem/grpc-gateway/...
+ compile_go_fuzzer github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule Fuzz fuzz gofuzz
else
compile_go_fuzzer github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule Fuzz fuzz gofuzz
fi
diff --git a/projects/grpc/Dockerfile b/projects/grpc/Dockerfile
index 69f44b2..6d2a310 100644
--- a/projects/grpc/Dockerfile
+++ b/projects/grpc/Dockerfile
@@ -14,9 +14,7 @@
#
################################################################################
-# TODO(https://github.com/google/oss-fuzz/issues/3093): Stop specifying the
-# image SHA once the bug is fixed.
-FROM gcr.io/oss-fuzz-base/base-builder@sha256:276813aef0ce5972db43c0230f96162003994fa742fb1b2f4e66c67498575c65
+FROM gcr.io/oss-fuzz-base/base-builder
RUN apt-get update && apt-get install -y software-properties-common python-software-properties
RUN add-apt-repository ppa:webupd8team/java
@@ -27,7 +25,8 @@
make \
curl \
autoconf \
- libtool
+ libtool \
+ rsync
# Install dependencies
diff --git a/projects/grpc/build.sh b/projects/grpc/build.sh
index 8583153..fc82bac 100755
--- a/projects/grpc/build.sh
+++ b/projects/grpc/build.sh
@@ -24,7 +24,7 @@
readonly FUZZER_TARGETS=(
test/core/json:json_fuzzer
- test/core/client_channel:uri_fuzzer_test
+ test/core/uri:uri_fuzzer_test
test/core/http:request_fuzzer
test/core/http:response_fuzzer
test/core/nanopb:fuzzer_response
@@ -129,7 +129,7 @@
# We don't have a consistent naming convention between fuzzer files and corpus
# directories so we resort to hard coding zipping corpuses
zip "${OUT}/json_fuzzer_seed_corpus.zip" test/core/json/corpus/*
-zip "${OUT}/uri_fuzzer_test_seed_corpus.zip" test/core/client_channel/uri_corpus/*
+zip "${OUT}/uri_fuzzer_test_seed_corpus.zip" test/core/uri/uri_corpus/*
zip "${OUT}/request_fuzzer_seed_corpus.zip" test/core/http/request_corpus/*
zip "${OUT}/response_fuzzer_seed_corpus.zip" test/core/http/response_corpus/*
zip "${OUT}/fuzzer_response_seed_corpus.zip" test/core/nanopb/corpus_response/*
diff --git a/projects/hiredis/Dockerfile b/projects/hiredis/Dockerfile
index 616330f..3f96259 100644
--- a/projects/hiredis/Dockerfile
+++ b/projects/hiredis/Dockerfile
@@ -1,4 +1,4 @@
-# Copyright 2018 Google Inc.
+# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/projects/hiredis/build.sh b/projects/hiredis/build.sh
index 9159e8d..72888be 100755
--- a/projects/hiredis/build.sh
+++ b/projects/hiredis/build.sh
@@ -1,5 +1,5 @@
#!/bin/bash -eu
-# Copyright 2020 Google Inc.
+# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/projects/hiredis/project.yaml b/projects/hiredis/project.yaml
index 9264b76..b863fe8 100755
--- a/projects/hiredis/project.yaml
+++ b/projects/hiredis/project.yaml
@@ -1,9 +1,6 @@
homepage: "https://github.com/redis/hiredis"
primary_contact: "michael.grunder@gmail.com"
language: c
-fuzzing_engines:
- - libfuzzer
- - honggfuzz
auto_ccs:
- "Adam@adalogics.com"
main_repo: "https://github.com/redis/hiredis"
diff --git a/projects/httparse/Dockerfile b/projects/httparse/Dockerfile
new file mode 100644
index 0000000..cffcc9f
--- /dev/null
+++ b/projects/httparse/Dockerfile
@@ -0,0 +1,21 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+FROM gcr.io/oss-fuzz-base/base-builder
+
+RUN git clone https://github.com/seanmonstar/httparse
+WORKDIR $SRC
+
+COPY build.sh $SRC/
diff --git a/projects/httparse/build.sh b/projects/httparse/build.sh
new file mode 100755
index 0000000..c4fdec2
--- /dev/null
+++ b/projects/httparse/build.sh
@@ -0,0 +1,22 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+cd $SRC/httparse
+cargo fuzz build -O
+cp fuzz/target/x86_64-unknown-linux-gnu/release/parse_request $OUT/
+cp fuzz/target/x86_64-unknown-linux-gnu/release/parse_headers $OUT/
+cp fuzz/target/x86_64-unknown-linux-gnu/release/parse_chunk_size $OUT/
diff --git a/projects/httparse/project.yaml b/projects/httparse/project.yaml
new file mode 100644
index 0000000..43bfec4
--- /dev/null
+++ b/projects/httparse/project.yaml
@@ -0,0 +1,10 @@
+homepage: "https://github.com/seanmonstar/httparse"
+main_repo: "https://github.com/seanmonstar/httparse"
+primary_contact: "seanmonstar@gmail.com"
+sanitizers:
+ - address
+fuzzing_engines:
+ - libfuzzer
+language: rust
+auto_ccs:
+ - "david@adalogics.com"
diff --git a/projects/hugo/Dockerfile b/projects/hugo/Dockerfile
index d78e249..bfba1a2 100644
--- a/projects/hugo/Dockerfile
+++ b/projects/hugo/Dockerfile
@@ -16,7 +16,6 @@
FROM gcr.io/oss-fuzz-base/base-builder
-ENV GO111MODULE on
RUN git clone https://github.com/gohugoio/hugo
-COPY build.sh $SRC/
-WORKDIR $SRC/
+COPY build.sh fuzz.go $SRC/
+WORKDIR $SRC/hugo
diff --git a/projects/hugo/build.sh b/projects/hugo/build.sh
index 23f6c81..c1950ca 100755
--- a/projects/hugo/build.sh
+++ b/projects/hugo/build.sh
@@ -15,8 +15,6 @@
#
################################################################################
-mkdir $GOPATH/src/github.com/gohugoio
-mv $SRC/hugo $GOPATH/src/github.com/gohugoio/
-cd $GOPATH/src/github.com/gohugoio/hugo
+mv $SRC/fuzz.go $SRC/hugo/tpl/transform/
compile_go_fuzzer github.com/gohugoio/hugo/tpl/transform FuzzMarkdownify fuzzmarkdownify
diff --git a/projects/hugo/fuzz.go b/projects/hugo/fuzz.go
new file mode 100644
index 0000000..7a22e6d
--- /dev/null
+++ b/projects/hugo/fuzz.go
@@ -0,0 +1,61 @@
+// +build gofuzz
+
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package transform
+
+import (
+ "github.com/gohugoio/hugo/common/loggers"
+ "github.com/gohugoio/hugo/config"
+ "github.com/gohugoio/hugo/deps"
+ "github.com/gohugoio/hugo/helpers"
+ "github.com/gohugoio/hugo/hugofs"
+ "github.com/gohugoio/hugo/langs"
+ "github.com/spf13/afero"
+ "github.com/spf13/viper"
+)
+
+func newFuzzDeps(cfg config.Provider) *deps.Deps {
+ cfg.Set("contentDir", "content")
+ cfg.Set("i18nDir", "i18n")
+
+ l := langs.NewLanguage("en", cfg)
+
+ cs, _ := helpers.NewContentSpec(l, loggers.NewErrorLogger(), afero.NewMemMapFs())
+
+ return &deps.Deps{
+ Cfg: cfg,
+ Fs: hugofs.NewMem(l),
+ ContentSpec: cs,
+ }
+}
+
+func FuzzMarkdownify(data []byte) int {
+ v := viper.New()
+ v.Set("contentDir", "content")
+ ns := New(newFuzzDeps(v))
+
+ for _, test := range []struct {
+ s interface{}
+ }{
+ {string(data)},
+ } {
+ _, err := ns.Markdownify(test.s)
+ if err != nil {
+ return 0
+ }
+ }
+ return 1
+}
diff --git a/projects/ibmswtpm2/no_writes.patch b/projects/ibmswtpm2/no_writes.patch
index a9be0dc..ca8d7c6 100644
--- a/projects/ibmswtpm2/no_writes.patch
+++ b/projects/ibmswtpm2/no_writes.patch
@@ -84,12 +84,10 @@
index cc3e410..c10ba5a 100644
--- a/makefile
+++ b/makefile
-@@ -40,16 +40,19 @@
+@@ -40,16 +40,16 @@
- CC = /usr/bin/gcc
-+CC = clang
-+CXX = clang++
+-CC = /usr/bin/gcc
-CCFLAGS = -Wall \
+CCFLAGS = $(CFLAGS) -Wall \
diff --git a/projects/image-png/Dockerfile b/projects/image-png/Dockerfile
new file mode 100644
index 0000000..cb953de
--- /dev/null
+++ b/projects/image-png/Dockerfile
@@ -0,0 +1,23 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y make autoconf automake libtool curl cmake python llvm-dev libclang-dev clang
+
+RUN git clone https://github.com/image-rs/image-png
+WORKDIR $SRC
+
+COPY build.sh $SRC/
+COPY buf_independent.rs $SRC/image-png/fuzz/fuzz_targets/buf_independent.rs
diff --git a/projects/image-png/buf_independent.rs b/projects/image-png/buf_independent.rs
new file mode 100644
index 0000000..f4a1f31
--- /dev/null
+++ b/projects/image-png/buf_independent.rs
@@ -0,0 +1,74 @@
+#![no_main]
+extern crate libfuzzer_sys;
+use libfuzzer_sys::fuzz_target;
+extern crate png;
+
+use std::io::{BufRead, Read, Result};
+
+/// A reader that reads at most `n` bytes.
+struct SmalBuf<R: BufRead> {
+ inner: R,
+ cap: usize,
+}
+
+impl<R: BufRead> SmalBuf<R> {
+ fn new(inner: R, cap: usize) -> Self {
+ SmalBuf { inner, cap }
+ }
+}
+
+impl<R: BufRead> Read for SmalBuf<R> {
+ fn read(&mut self, buf: &mut [u8]) -> Result<usize> {
+ let len = buf.len().min(self.cap);
+ self.inner.read(&mut buf[..len])
+ }
+}
+
+impl<R: BufRead> BufRead for SmalBuf<R> {
+ fn fill_buf(&mut self) -> Result<&[u8]> {
+ let buf = self.inner.fill_buf()?;
+ let len = buf.len().min(self.cap);
+ Ok(&buf[..len])
+ }
+
+ fn consume(&mut self, amt: usize) {
+ assert!(amt <= self.cap);
+ self.inner.consume(amt)
+ }
+}
+
+fuzz_target!(|data: &[u8]| {
+ // Small limits, we don't need them hopefully.
+ let limits = png::Limits { bytes: 1 << 16 };
+
+ let reference = png::Decoder::new_with_limits(data, limits);
+ let smal = png::Decoder::new_with_limits(SmalBuf::new(data, 1), limits);
+
+ let _ = png_compare(reference, smal);
+});
+
+#[inline(always)]
+fn png_compare<R: BufRead, S: BufRead>(reference: png::Decoder<R>, smal: png::Decoder<S>)
+ -> std::result::Result<png::OutputInfo, ()>
+{
+ let mut smal = Some(smal);
+ let (info, mut reference) = reference.read_info().map_err(|_| {
+ assert!(smal.take().unwrap().read_info().is_err());
+ })?;
+
+ let (sinfo, mut smal) = smal.take().unwrap().read_info().expect("Deviation");
+ assert_eq!(info, sinfo);
+
+ if info.buffer_size() > 5_000_000 {
+ return Err(());
+ }
+
+ let mut ref_data = vec![0; info.buffer_size()];
+ let mut smal_data = vec![0; info.buffer_size()];
+
+ let _rref = reference.next_frame(&mut ref_data);
+ let _rsmal = smal.next_frame(&mut smal_data);
+
+ assert_eq!(smal_data, ref_data);
+ return Ok(info);
+}
diff --git a/projects/image-png/build.sh b/projects/image-png/build.sh
new file mode 100755
index 0000000..c8b7f49
--- /dev/null
+++ b/projects/image-png/build.sh
@@ -0,0 +1,22 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+cd $SRC
+cd image-png
+cargo fuzz build -O
+cp fuzz/target/x86_64-unknown-linux-gnu/release/decode $OUT/
+cp fuzz/target/x86_64-unknown-linux-gnu/release/buf_independent $OUT/
diff --git a/projects/image-png/project.yaml b/projects/image-png/project.yaml
new file mode 100644
index 0000000..aa86d3a
--- /dev/null
+++ b/projects/image-png/project.yaml
@@ -0,0 +1,11 @@
+homepage: "https://docs.rs/image/0.23.14/image"
+main_repo: "https://github.com/image-rs/image-png"
+primary_contact: "andreas.molzer@gmx.de"
+sanitizers:
+ - address
+fuzzing_engines:
+ - libfuzzer
+language: rust
+auto_ccs:
+ - "fintelia@gmail.com"
+ - "david@adalogics.com"
diff --git a/projects/imageio/Dockerfile b/projects/imageio/Dockerfile
new file mode 100644
index 0000000..87c1811
--- /dev/null
+++ b/projects/imageio/Dockerfile
@@ -0,0 +1,21 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN git clone https://github.com/imageio/imageio
+
+COPY build.sh $SRC/
+WORKDIR $SRC/imageio
diff --git a/projects/imageio/build.sh b/projects/imageio/build.sh
new file mode 100644
index 0000000..aeef84e
--- /dev/null
+++ b/projects/imageio/build.sh
@@ -0,0 +1,33 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+python3 setup.py build install
+
+# Build fuzzers in $OUT.
+for fuzzer in $(find . -name 'fuzz_*.py'); do
+ fuzzer_basename=$(basename -s .py $fuzzer)
+ fuzzer_package=${fuzzer_basename}.pkg
+ pyinstaller --distpath $OUT --onefile --name $fuzzer_package $fuzzer
+
+ # Create execution wrapper.
+ echo "#!/bin/sh
+# LLVMFuzzerTestOneInput for fuzzer detection.
+this_dir=\$(dirname \"\$0\")
+ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$this_dir/llvm-symbolizer:detect_leaks=0 \
+\$this_dir/$fuzzer_package \$@" > $OUT/$fuzzer_basename
+ chmod u+x $OUT/$fuzzer_basename
+done
diff --git a/projects/imageio/project.yaml b/projects/imageio/project.yaml
new file mode 100644
index 0000000..73389b5
--- /dev/null
+++ b/projects/imageio/project.yaml
@@ -0,0 +1,11 @@
+homepage: "https://imageio.github.io"
+language: python
+primary_contact: "almar.klein@gmail.com"
+auto_ccs:
+ - "david@adalogics.com"
+fuzzing_engines:
+ - libfuzzer
+sanitizers:
+ - address
+ - undefined
+main_repo: 'https://github.com/imageio/imageio'
diff --git a/projects/ipfs/Dockerfile b/projects/ipfs/Dockerfile
index 29590e0..aee4c4c 100644
--- a/projects/ipfs/Dockerfile
+++ b/projects/ipfs/Dockerfile
@@ -15,7 +15,7 @@
################################################################################
FROM gcr.io/oss-fuzz-base/base-builder
-RUN go get -t github.com/ipfs/go-datastore
+RUN git clone --depth 1 https://github.com/ipfs/go-datastore
COPY build.sh $SRC/
-WORKDIR $SRC/
+WORKDIR $SRC/go-datastore
diff --git a/projects/ipfs/build.sh b/projects/ipfs/build.sh
index d7509e7..e1d577c 100755
--- a/projects/ipfs/build.sh
+++ b/projects/ipfs/build.sh
@@ -15,7 +15,7 @@
#
################################################################################
-cd $GOPATH/src/github.com/ipfs/go-datastore/fuzz
+cd fuzz
function compile_ds_fuzzer {
fuzzer=$1
diff --git a/projects/istio/Dockerfile b/projects/istio/Dockerfile
index d9a9aca..4ba44e2 100644
--- a/projects/istio/Dockerfile
+++ b/projects/istio/Dockerfile
@@ -15,6 +15,6 @@
################################################################################
FROM gcr.io/oss-fuzz-base/base-builder
-RUN go get github.com/istio/istio/pilot/pkg/config/kube/crd/...
+RUN git clone https://github.com/istio/istio
COPY build.sh $SRC/
-WORKDIR $SRC/
+WORKDIR $SRC/istio
diff --git a/projects/istio/build.sh b/projects/istio/build.sh
index 7eeee16..cb148e8 100644
--- a/projects/istio/build.sh
+++ b/projects/istio/build.sh
@@ -16,5 +16,5 @@
################################################################################
-compile_go_fuzzer istio.io/istio/tests/fuzz FuzzParseInputs fuzz_parse_inputs
-compile_go_fuzzer istio.io/istio/tests/fuzz FuzzParseAndBuildSchema fuzz_parse_and_build_schema
+compile_go_fuzzer ./tests/fuzz FuzzParseInputs fuzz_parse_inputs
+compile_go_fuzzer ./tests/fuzz FuzzParseAndBuildSchema fuzz_parse_and_build_schema
diff --git a/projects/istio/project.yaml b/projects/istio/project.yaml
index f48db7d..f877df6 100644
--- a/projects/istio/project.yaml
+++ b/projects/istio/project.yaml
@@ -3,7 +3,8 @@
auto_ccs :
- "adam@adalogics.com"
- "howardjohn@google.com"
- - "fpesce@google.com"
+ - "kconner@redhat.com"
+ - "bavery@redhat.com"
language: go
fuzzing_engines:
- libfuzzer
diff --git a/projects/jackson-core/Dockerfile b/projects/jackson-core/Dockerfile
new file mode 100644
index 0000000..1ff7850
--- /dev/null
+++ b/projects/jackson-core/Dockerfile
@@ -0,0 +1,35 @@
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y maven
+
+RUN git clone --depth 1 https://github.com/google/fuzzing
+RUN cat fuzzing/dictionaries/json.dict > $SRC/JsonFuzzer.dict
+
+RUN git clone --depth 1 https://github.com/dvyukov/go-fuzz-corpus && \
+ zip -j $SRC/JsonFuzzer_seed_corpus.zip go-fuzz-corpus/json/corpus/*
+
+ENV JACKSON_BRANCH=2.13
+
+RUN git clone --depth 1 --branch=$JACKSON_BRANCH https://github.com/FasterXML/jackson-core
+RUN git clone --depth 1 --branch=$JACKSON_BRANCH https://github.com/FasterXML/jackson-databind
+RUN git clone --depth 1 --branch=$JACKSON_BRANCH https://github.com/FasterXML/jackson-annotations
+
+COPY build.sh $SRC/
+COPY JsonFuzzer.java $SRC/
+WORKDIR $SRC/
diff --git a/projects/jackson-core/JsonFuzzer.java b/projects/jackson-core/JsonFuzzer.java
new file mode 100644
index 0000000..05c0bb3
--- /dev/null
+++ b/projects/jackson-core/JsonFuzzer.java
@@ -0,0 +1,44 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+import com.code_intelligence.jazzer.api.FuzzedDataProvider;
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import java.io.IOException;
+
+public class JsonFuzzer {
+ public static void fuzzerTestOneInput(FuzzedDataProvider data) {
+ ObjectMapper mapper = new ObjectMapper();
+ if (data.consumeBoolean())
+ mapper.enable(JsonParser.Feature.ALLOW_COMMENTS);
+ if (data.consumeBoolean())
+ mapper.enable(JsonParser.Feature.ALLOW_SINGLE_QUOTES);
+ if (data.consumeBoolean())
+ mapper.enable(JsonParser.Feature.ALLOW_UNQUOTED_FIELD_NAMES);
+ if (data.consumeBoolean())
+ mapper.enable(JsonParser.Feature.ALLOW_YAML_COMMENTS);
+ if (data.consumeBoolean())
+ mapper.enable(JsonParser.Feature.IGNORE_UNDEFINED);
+ if (data.consumeBoolean())
+ mapper.enable(JsonParser.Feature.STRICT_DUPLICATE_DETECTION);
+
+ try {
+ mapper.readTree(data.consumeRemainingAsBytes());
+ } catch (IOException ignored) {
+ }
+ }
+}
diff --git a/projects/jackson-core/build.sh b/projects/jackson-core/build.sh
new file mode 100644
index 0000000..5cbf19c
--- /dev/null
+++ b/projects/jackson-core/build.sh
@@ -0,0 +1,57 @@
+#!/bin/bash -eu
+# Copyright 2021 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# Copy seed corpus and dictionary.
+mv $SRC/{*.zip,*.dict} $OUT
+
+MAVEN_ARGS="-P!java14+ -Dmaven.test.skip=true -Djavac.src.version=15 -Djavac.target.version=15"
+
+DEPENDENCIES="jackson-core jackson-databind jackson-annotations"
+for dependency in $DEPENDENCIES; do
+ cd $SRC/$dependency
+ mvn package $MAVEN_ARGS
+ current_version=$(mvn org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate \
+ -Dexpression=project.version -q -DforceStdout)
+ cp "target/$dependency-$current_version.jar" $OUT/$dependency.jar
+done
+
+ALL_JARS=$(echo $DEPENDENCIES | xargs printf -- "%s.jar ")
+
+# The classpath at build-time includes the project jars in $OUT as well as the
+# Jazzer API.
+BUILD_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "$OUT/%s:"):$JAZZER_API_PATH
+
+# All .jar and .class files lie in the same directory as the fuzzer at runtime.
+RUNTIME_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "\$this_dir/%s:"):\$this_dir
+
+for fuzzer in $(find $SRC -name '*Fuzzer.java'); do
+ fuzzer_basename=$(basename -s .java $fuzzer)
+ javac -cp $BUILD_CLASSPATH $fuzzer
+ cp $SRC/$fuzzer_basename.class $OUT/
+
+ # Create an execution wrapper that executes Jazzer with the correct arguments.
+ echo "#!/bin/sh
+# LLVMFuzzerTestOneInput for fuzzer detection.
+this_dir=\$(dirname \"\$0\")
+LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\":\$this_dir \
+\$this_dir/jazzer_driver --agent_path=\$this_dir/jazzer_agent_deploy.jar \
+--cp=$RUNTIME_CLASSPATH \
+--target_class=$fuzzer_basename \
+--jvm_args=\"-Xmx2048m\" \
+\$@" > $OUT/$fuzzer_basename
+ chmod u+x $OUT/$fuzzer_basename
+done
diff --git a/projects/jackson-core/project.yaml b/projects/jackson-core/project.yaml
new file mode 100644
index 0000000..90c85c5
--- /dev/null
+++ b/projects/jackson-core/project.yaml
@@ -0,0 +1,10 @@
+homepage: "https://github.com/FasterXML/jackson-core"
+language: jvm
+primary_contact: "tatu@fasterxml.com"
+auto_ccs:
+ - "meumertzheim@code-intelligence.com"
+fuzzing_engines:
+ - libfuzzer
+main_repo: "https://github.com/FasterXML/jackson-core"
+sanitizers:
+ - address
diff --git a/projects/jackson-dataformats-binary/CborFuzzer.java b/projects/jackson-dataformats-binary/CborFuzzer.java
new file mode 100644
index 0000000..e0f9a48
--- /dev/null
+++ b/projects/jackson-dataformats-binary/CborFuzzer.java
@@ -0,0 +1,29 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.dataformat.cbor.databind.CBORMapper;
+import java.io.IOException;
+
+public class CborFuzzer {
+ public static void fuzzerTestOneInput(byte[] input) {
+ ObjectMapper mapper = new CBORMapper();
+ try {
+ mapper.readTree(input);
+ } catch (IOException ignored) {
+ }
+ }
+}
diff --git a/projects/jackson-dataformats-binary/Dockerfile b/projects/jackson-dataformats-binary/Dockerfile
new file mode 100644
index 0000000..0e4ea82
--- /dev/null
+++ b/projects/jackson-dataformats-binary/Dockerfile
@@ -0,0 +1,29 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y maven
+
+ENV JACKSON_BRANCH=2.13
+
+RUN git clone --depth 1 --branch=$JACKSON_BRANCH https://github.com/FasterXML/jackson-dataformats-binary
+RUN git clone --depth 1 --branch=$JACKSON_BRANCH https://github.com/FasterXML/jackson-databind
+RUN git clone --depth 1 --branch=$JACKSON_BRANCH https://github.com/FasterXML/jackson-core
+RUN git clone --depth 1 --branch=$JACKSON_BRANCH https://github.com/FasterXML/jackson-annotations
+
+COPY build.sh $SRC/
+COPY CborFuzzer.java SmileFuzzer.java $SRC/
+WORKDIR $SRC/
diff --git a/projects/jackson-dataformats-binary/SmileFuzzer.java b/projects/jackson-dataformats-binary/SmileFuzzer.java
new file mode 100644
index 0000000..1d179fe
--- /dev/null
+++ b/projects/jackson-dataformats-binary/SmileFuzzer.java
@@ -0,0 +1,29 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.dataformat.smile.databind.SmileMapper;
+import java.io.IOException;
+
+public class SmileFuzzer {
+ public static void fuzzerTestOneInput(byte[] input) {
+ ObjectMapper mapper = new SmileMapper();
+ try {
+ mapper.readTree(input);
+ } catch (IOException ignored) {
+ }
+ }
+}
diff --git a/projects/jackson-dataformats-binary/build.sh b/projects/jackson-dataformats-binary/build.sh
new file mode 100644
index 0000000..3c3c0af
--- /dev/null
+++ b/projects/jackson-dataformats-binary/build.sh
@@ -0,0 +1,66 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+MAVEN_ARGS="-P!java14+ -Dmaven.test.skip=true -Djavac.src.version=15 -Djavac.target.version=15"
+
+cd $SRC/jackson-dataformats-binary
+mvn package $MAVEN_ARGS
+CURRENT_VERSION=$(mvn org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate \
+ -Dexpression=project.version -q -DforceStdout)
+DATAFORMAT_PREFIX=jackson-dataformat
+cp "cbor/target/$DATAFORMAT_PREFIX-cbor-$CURRENT_VERSION.jar" $OUT/$DATAFORMAT_PREFIX-cbor.jar
+cp "smile/target/$DATAFORMAT_PREFIX-smile-$CURRENT_VERSION.jar" $OUT/$DATAFORMAT_PREFIX-smile.jar
+
+PROJECT_JARS="$DATAFORMAT_PREFIX-cbor.jar $DATAFORMAT_PREFIX-smile.jar"
+
+DEPENDENCIES="jackson-core jackson-databind jackson-annotations"
+for dependency in $DEPENDENCIES; do
+ cd $SRC/$dependency
+ mvn package $MAVEN_ARGS
+ current_version=$(mvn org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate \
+ -Dexpression=project.version -q -DforceStdout)
+ cp "target/$dependency-$current_version.jar" $OUT/$dependency.jar
+done
+
+FUZZER_JARS=$(echo $DEPENDENCIES | xargs printf -- "%s.jar ")
+
+ALL_JARS="$PROJECT_JARS $FUZZER_JARS"
+
+# The classpath at build-time includes the project jars in $OUT as well as the
+# Jazzer API.
+BUILD_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "$OUT/%s:"):$JAZZER_API_PATH
+
+# All .jar and .class files lie in the same directory as the fuzzer at runtime.
+RUNTIME_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "\$this_dir/%s:"):\$this_dir
+
+for fuzzer in $(find $SRC -name '*Fuzzer.java'); do
+ fuzzer_basename=$(basename -s .java $fuzzer)
+ javac -cp $BUILD_CLASSPATH $fuzzer
+ cp $SRC/$fuzzer_basename.class $OUT/
+
+ # Create an execution wrapper that executes Jazzer with the correct arguments.
+ echo "#!/bin/sh
+# LLVMFuzzerTestOneInput for fuzzer detection.
+this_dir=\$(dirname \"\$0\")
+LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\":\$this_dir \
+\$this_dir/jazzer_driver --agent_path=\$this_dir/jazzer_agent_deploy.jar \
+--cp=$RUNTIME_CLASSPATH \
+--target_class=$fuzzer_basename \
+--jvm_args=\"-Xmx2048m\" \
+\$@" > $OUT/$fuzzer_basename
+ chmod u+x $OUT/$fuzzer_basename
+done
diff --git a/projects/jackson-dataformats-binary/project.yaml b/projects/jackson-dataformats-binary/project.yaml
new file mode 100644
index 0000000..c556cce
--- /dev/null
+++ b/projects/jackson-dataformats-binary/project.yaml
@@ -0,0 +1,10 @@
+homepage: "https://github.com/FasterXML/jackson-dataformats-binary"
+language: jvm
+primary_contact: "tatu@fasterxml.com"
+auto_ccs:
+ - "meumertzheim@code-intelligence.com"
+fuzzing_engines:
+ - libfuzzer
+main_repo: "https://github.com/FasterXML/jackson-dataformats-binary"
+sanitizers:
+ - address
diff --git a/projects/java-example/Dockerfile b/projects/java-example/Dockerfile
new file mode 100644
index 0000000..316e9a8
--- /dev/null
+++ b/projects/java-example/Dockerfile
@@ -0,0 +1,24 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+
+COPY build.sh $SRC/
+
+COPY ExampleFuzzerNative.h ExampleFuzzerNative.cpp $SRC/
+COPY ExampleFuzzer.java ExampleValueProfileFuzzer.java ExampleFuzzerNative.java default.options $SRC/
+
+WORKDIR $SRC/
diff --git a/projects/java-example/ExampleFuzzer.java b/projects/java-example/ExampleFuzzer.java
new file mode 100644
index 0000000..4dde09a
--- /dev/null
+++ b/projects/java-example/ExampleFuzzer.java
@@ -0,0 +1,33 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+import com.code_intelligence.jazzer.api.FuzzedDataProvider;
+import java.security.SecureRandom;
+
+public class ExampleFuzzer {
+ public static void fuzzerInitialize() {
+ // Optional initialization to be run before the first call to fuzzerTestOneInput.
+ }
+
+ public static void fuzzerTestOneInput(FuzzedDataProvider data) {
+ String input = data.consumeRemainingAsString();
+ long random = 123123132;
+ if (input.startsWith("magicstring" + random) && input.length() > 30
+ && input.charAt(25) == 'C') {
+ throw new IllegalStateException("Not reached");
+ }
+ }
+}
diff --git a/projects/java-example/ExampleFuzzerNative.cpp b/projects/java-example/ExampleFuzzerNative.cpp
new file mode 100644
index 0000000..7ae0de8
--- /dev/null
+++ b/projects/java-example/ExampleFuzzerNative.cpp
@@ -0,0 +1,38 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+#include "ExampleFuzzerNative.h"
+
+#include <string>
+
+// simple function containing a crash that requires coverage and string compare
+// instrumentation for the fuzzer to find
+void parseInternal(const std::string &input) {
+ if (input[0] == 'a' && input[1] == 'b' && input[5] == 'c') {
+ if (input.find("secret_in_native_library") != std::string::npos) {
+ // BOOM
+ *(char *)1 = 2;
+ }
+ }
+}
+
+JNIEXPORT jboolean JNICALL Java_ExampleFuzzerNative_parse(
+ JNIEnv *env, jobject o, jstring bytes) {
+ const char *input(env->GetStringUTFChars(bytes, nullptr));
+ parseInternal(input);
+ env->ReleaseStringUTFChars(bytes, input);
+ return false;
+}
diff --git a/projects/java-example/ExampleFuzzerNative.h b/projects/java-example/ExampleFuzzerNative.h
new file mode 100644
index 0000000..7c9b8a5
--- /dev/null
+++ b/projects/java-example/ExampleFuzzerNative.h
@@ -0,0 +1,37 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+/* DO NOT EDIT THIS FILE - it is machine generated */
+#include <jni.h>
+/* Header for class ExampleFuzzerNative */
+
+#ifndef _Included_ExampleFuzzerNative
+#define _Included_ExampleFuzzerNative
+#ifdef __cplusplus
+extern "C" {
+#endif
+/*
+ * Class: ExampleFuzzerNative
+ * Method: parse
+ * Signature: (Ljava/lang/String;)Z
+ */
+JNIEXPORT jboolean JNICALL
+Java_ExampleFuzzerNative_parse(JNIEnv *, jobject, jstring);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/projects/java-example/ExampleFuzzerNative.java b/projects/java-example/ExampleFuzzerNative.java
new file mode 100644
index 0000000..daf75fa
--- /dev/null
+++ b/projects/java-example/ExampleFuzzerNative.java
@@ -0,0 +1,34 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+import com.code_intelligence.jazzer.api.FuzzedDataProvider;
+
+public class ExampleFuzzerNative {
+ static {
+ System.loadLibrary("native");
+ }
+
+ public static void fuzzerTestOneInput(FuzzedDataProvider data) {
+ int val = data.consumeInt();
+ String stringData = data.consumeRemainingAsString();
+ if (val == 17759716 && stringData.length() > 10 && stringData.contains("jazzer")) {
+ // call native function which contains a crash
+ parse(stringData);
+ }
+ }
+
+ private static native boolean parse(String bytes);
+}
diff --git a/projects/java-example/ExampleValueProfileFuzzer.java b/projects/java-example/ExampleValueProfileFuzzer.java
new file mode 100644
index 0000000..22b4ce5
--- /dev/null
+++ b/projects/java-example/ExampleValueProfileFuzzer.java
@@ -0,0 +1,52 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+import com.code_intelligence.jazzer.api.FuzzedDataProvider;
+import java.util.Base64;
+
+public class ExampleValueProfileFuzzer {
+ private static String base64(byte[] input) {
+ return Base64.getEncoder().encodeToString(input);
+ }
+
+ private static long insecureEncrypt(long input) {
+ long key = 0xefe4eb93215cb6b0L;
+ return input ^ key;
+ }
+
+ public static void fuzzerTestOneInput(FuzzedDataProvider data) {
+ // Without -use_value_profile=1, the fuzzer gets stuck here as there is no direct correspondence
+ // between the input bytes and the compared string. With value profile, the fuzzer can guess the
+ // expected input byte by byte, which takes linear rather than exponential time.
+ if (base64(data.consumeBytes(6)).equals("SmF6emVy")) {
+ long[] plaintextBlocks = data.consumeLongs(2);
+ if (plaintextBlocks.length != 2)
+ return;
+ if (insecureEncrypt(plaintextBlocks[0]) == 0x9fc48ee64d3dc090L) {
+ // Without --fake_pcs (enabled by default with -use_value_profile=1), the fuzzer would get
+ // stuck here as the value profile information for long comparisons would not be able to
+ // distinguish between this comparison and the one above.
+ if (insecureEncrypt(plaintextBlocks[1]) == 0x888a82ff483ad9c2L) {
+ mustNeverBeCalled();
+ }
+ }
+ }
+ }
+
+ private static void mustNeverBeCalled() {
+ throw new IllegalStateException("mustNeverBeCalled has been called");
+ }
+}
diff --git a/projects/java-example/build.sh b/projects/java-example/build.sh
new file mode 100755
index 0000000..63f4c95
--- /dev/null
+++ b/projects/java-example/build.sh
@@ -0,0 +1,52 @@
+#!/bin/bash -eu
+# Copyright 2021 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# Build native library.
+JVM_INCLUDES="-I$JAVA_HOME/include -I$JAVA_HOME/include/linux"
+$CXX $CXXFLAGS $JVM_INCLUDES -fPIC -shared \
+ ExampleFuzzerNative.cpp -o $OUT/libnative.so
+
+BUILD_CLASSPATH=$JAZZER_API_PATH
+
+# All class files lie in the same directory as the fuzzer at runtime.
+RUNTIME_CLASSPATH=\$this_dir
+
+for fuzzer in $(find $SRC -name '*Fuzzer.java' -or -name '*FuzzerNative.java'); do
+ fuzzer_basename=$(basename -s .java $fuzzer)
+ javac -cp $BUILD_CLASSPATH $fuzzer
+ cp $SRC/$fuzzer_basename.class $OUT/
+
+ if [[ $fuzzer_basename == *FuzzerNative ]]; then
+ driver=jazzer_driver_asan
+ else
+ driver=jazzer_driver
+ fi
+
+ cp default.options $OUT/"$fuzzer_basename".options
+ # Create execution wrapper.
+ echo "#!/bin/sh
+# LLVMFuzzerTestOneInput for fuzzer detection.
+this_dir=\$(dirname \"\$0\")
+LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\":\$this_dir \
+ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$this_dir/llvm-symbolizer:detect_leaks=0 \
+\$this_dir/$driver --agent_path=\$this_dir/jazzer_agent_deploy.jar \
+--cp=$RUNTIME_CLASSPATH \
+--target_class=$fuzzer_basename \
+--jvm_args=\"-Xmx2048m\" \
+\$@" > $OUT/$fuzzer_basename
+ chmod u+x $OUT/$fuzzer_basename
+done
diff --git a/projects/java-example/default.options b/projects/java-example/default.options
new file mode 100644
index 0000000..5931803
--- /dev/null
+++ b/projects/java-example/default.options
@@ -0,0 +1,3 @@
+[asan]
+handle_segv=1
+allow_user_segv_handler=1
diff --git a/projects/java-example/project.yaml b/projects/java-example/project.yaml
new file mode 100644
index 0000000..e71c405
--- /dev/null
+++ b/projects/java-example/project.yaml
@@ -0,0 +1,8 @@
+homepage: "https://github.com/CodeIntelligenceTesting/jazzer"
+language: jvm
+primary_contact: "meumertzheim@code-intelligence.com"
+fuzzing_engines:
+ - libfuzzer
+main_repo: "https://github.com/CodeIntelligenceTesting/jazzer"
+sanitizers:
+ - address
diff --git a/projects/jbig2dec/jbig2_fuzzer.cc b/projects/jbig2dec/jbig2_fuzzer.cc
index b0a1689..4b94f2c 100644
--- a/projects/jbig2dec/jbig2_fuzzer.cc
+++ b/projects/jbig2dec/jbig2_fuzzer.cc
@@ -23,108 +23,104 @@
#include "jbig2.h"
-#define ALIGNMENT 16
-#define MBYTE (1024 * 1024)
+#define ALIGNMENT ((size_t) 16)
+#define KBYTE ((size_t) 1024)
+#define MBYTE (1024 * KBYTE)
#define GBYTE (1024 * MBYTE)
#define MAX_ALLOCATION (1 * GBYTE)
-static uint64_t total = 0;
-static uint64_t peak = 0;
+static size_t used;
-static void *jbig2_alloc(Jbig2Allocator *allocator, size_t size)
+static void *jbig2_fuzzer_reached_limit(size_t oldsize, size_t size)
{
- void *ptr;
+ if (oldsize == 0)
+ fprintf(stderr, "limit: %zu Mbyte used: %zu Mbyte allocation: %zu: limit reached\n", MAX_ALLOCATION / MBYTE, used / MBYTE, size);
+ else
+ fprintf(stderr, "limit: %zu Mbyte used: %zu Mbyte reallocation: %zu -> %zu: limit reached\n", MAX_ALLOCATION / MBYTE, used / MBYTE, oldsize, size);
+ fflush(0);
+ return NULL;
+}
+
+static void *jbig2_fuzzer_alloc(Jbig2Allocator *allocator, size_t size)
+{
+ char *ptr = NULL;
if (size == 0)
return NULL;
- if (size > MAX_ALLOCATION - ALIGNMENT - total)
+ if (size > SIZE_MAX - ALIGNMENT)
return NULL;
+ if (size + ALIGNMENT > MAX_ALLOCATION - used)
+ return jbig2_fuzzer_reached_limit(0, size + ALIGNMENT);
- ptr = malloc(size + ALIGNMENT);
+ ptr = (char *) malloc(size + ALIGNMENT);
if (ptr == NULL)
return NULL;
memcpy(ptr, &size, sizeof(size));
- total += size + ALIGNMENT;
+ used += size + ALIGNMENT;
- if (peak == 0 || total / MBYTE > peak / MBYTE) {
- peak = total;
- fprintf(stderr, "memory: limit: %u Mbyte peak usage: %u Mbyte\n", MAX_ALLOCATION, peak);
- }
-
- return (unsigned char *) ptr + ALIGNMENT;
+ return ptr + ALIGNMENT;
}
-static void jbig2_free(Jbig2Allocator *allocator, void *p)
+static void jbig2_fuzzer_free(Jbig2Allocator *allocator, void *ptr)
{
- int size;
+ size_t size;
- if (p == NULL)
+ if (ptr == NULL)
+ return;
+ if (ptr < (void *) ALIGNMENT)
return;
- memcpy(&size, (unsigned char *) p - ALIGNMENT, sizeof(size));
- total -= size + ALIGNMENT;
- free((unsigned char *) p - ALIGNMENT);
+ ptr = (char *) ptr - ALIGNMENT;
+ memcpy(&size, ptr, sizeof(size));
+
+ used -= size + ALIGNMENT;
+ free(ptr);
}
-static void *jbig2_realloc(Jbig2Allocator *allocator, void *p, size_t size)
+static void *jbig2_fuzzer_realloc(Jbig2Allocator *allocator, void *old, size_t size)
{
- unsigned char *oldp = p ? (unsigned char *) p - ALIGNMENT : NULL;
+ size_t oldsize;
+ char *ptr;
+ if (old == NULL)
+ return jbig2_fuzzer_alloc(allocator, size);
+ if (old < (void *) ALIGNMENT)
+ return NULL;
+
+ if (size == 0) {
+ jbig2_fuzzer_free(allocator, old);
+ return NULL;
+ }
if (size > SIZE_MAX - ALIGNMENT)
return NULL;
- if (oldp == NULL)
- {
- if (size == 0)
- return NULL;
- if (size > MAX_ALLOCATION - ALIGNMENT - total)
- return NULL;
+ old = (char *) old - ALIGNMENT;
+ memcpy(&oldsize, old, sizeof(oldsize));
- p = malloc(size + ALIGNMENT);
- if (p == NULL)
- return NULL;
- }
- else
- {
- int oldsize;
- memcpy(&oldsize, oldp, sizeof(oldsize));
+ if (size + ALIGNMENT > MAX_ALLOCATION - used + oldsize + ALIGNMENT)
+ return jbig2_fuzzer_reached_limit(oldsize + ALIGNMENT, size + ALIGNMENT);
- if (size == 0)
- {
- total -= oldsize + ALIGNMENT;
- free(oldp);
- return NULL;
- }
+ ptr = (char *) realloc(old, size + ALIGNMENT);
+ if (ptr == NULL)
+ return NULL;
- if (size > MAX_ALLOCATION - total + oldsize)
- return NULL;
+ used -= oldsize + ALIGNMENT;
+ memcpy(ptr, &size, sizeof(size));
+ used += size + ALIGNMENT;
- p = realloc(oldp, size + ALIGNMENT);
- if (p == NULL)
- return NULL;
-
- total -= oldsize + ALIGNMENT;
- }
-
- memcpy(p, &size, sizeof(size));
- total += size + ALIGNMENT;
-
- if (peak == 0 || total / MBYTE > peak / MBYTE) {
- peak = total;
- fprintf(stderr, "memory: limit: %u Mbyte peak usage: %u Mbyte\n", MAX_ALLOCATION, peak);
- }
-
- return (unsigned char *) p + ALIGNMENT;
+ return ptr + ALIGNMENT;
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
Jbig2Allocator allocator;
Jbig2Ctx *ctx = NULL;
- allocator.alloc = jbig2_alloc;
- allocator.free = jbig2_free;
- allocator.realloc = jbig2_realloc;
+ used = 0;
+
+ allocator.alloc = jbig2_fuzzer_alloc;
+ allocator.free = jbig2_fuzzer_free;
+ allocator.realloc = jbig2_fuzzer_realloc;
ctx = jbig2_ctx_new(&allocator, (Jbig2Options) 0, NULL, NULL, NULL);
if (jbig2_data_in(ctx, data, size) == 0)
@@ -144,7 +140,5 @@
}
jbig2_ctx_free(ctx);
- fprintf(stderr, "memory: limit: %u Mbyte peak usage: %u Mbyte\n", MAX_ALLOCATION, peak);
-
return 0;
}
diff --git a/projects/json-sanitizer/DenylistFuzzer.java b/projects/json-sanitizer/DenylistFuzzer.java
new file mode 100644
index 0000000..4e73cfc
--- /dev/null
+++ b/projects/json-sanitizer/DenylistFuzzer.java
@@ -0,0 +1,49 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+import com.code_intelligence.jazzer.api.FuzzedDataProvider;
+import com.code_intelligence.jazzer.api.FuzzerSecurityIssueHigh;
+import com.code_intelligence.jazzer.api.FuzzerSecurityIssueMedium;
+import com.google.json.JsonSanitizer;
+
+public class DenylistFuzzer {
+ public static void fuzzerTestOneInput(FuzzedDataProvider data) {
+ String input = data.consumeRemainingAsString();
+ String output;
+ try {
+ output = JsonSanitizer.sanitize(input, 10);
+ } catch (ArrayIndexOutOfBoundsException e) {
+ // ArrayIndexOutOfBoundsException is expected if nesting depth is
+ // exceeded.
+ return;
+ }
+
+ // Check for forbidden substrings. As these would enable Cross-Site
+ // Scripting, treat every finding as a high severity vulnerability.
+ assert !output.contains("</script")
+ : new FuzzerSecurityIssueHigh("Output contains </script");
+ assert !output.contains("]]>")
+ : new FuzzerSecurityIssueHigh("Output contains ]]>");
+
+ // Check for more forbidden substrings. As these would not directly enable
+ // Cross-Site Scripting in general, but may impact script execution on the
+ // embedding page, treat each finding as a medium severity vulnerability.
+ assert !output.contains("<script")
+ : new FuzzerSecurityIssueMedium("Output contains <script");
+ assert !output.contains("<!--")
+ : new FuzzerSecurityIssueMedium("Output contains <!--");
+ }
+}
diff --git a/projects/json-sanitizer/Dockerfile b/projects/json-sanitizer/Dockerfile
new file mode 100644
index 0000000..f36a136
--- /dev/null
+++ b/projects/json-sanitizer/Dockerfile
@@ -0,0 +1,39 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+
+RUN apt-get update && apt-get install -y maven
+
+RUN git clone --depth 1 https://github.com/google/fuzzing
+RUN cat fuzzing/dictionaries/json.dict \
+ fuzzing/dictionaries/html.dict \
+ fuzzing/dictionaries/xml.dict \
+ > $SRC/DenylistFuzzer.dict
+RUN cp fuzzing/dictionaries/json.dict $SRC/IdempotenceFuzzer.dict
+RUN cp fuzzing/dictionaries/json.dict $SRC/ValidJsonFuzzer.dict
+
+RUN git clone --depth 1 https://github.com/dvyukov/go-fuzz-corpus && \
+ zip -q $SRC/DenylistFuzzer_seed_corpus.zip go-fuzz-corpus/json/corpus/* && \
+ zip -q $SRC/IdempotenceFuzzer_seed_corpus.zip go-fuzz-corpus/json/corpus/* && \
+ zip -q $SRC/ValidJsonFuzzer_seed_corpus.zip go-fuzz-corpus/json/corpus/*
+
+RUN git clone --depth 1 https://github.com/OWASP/json-sanitizer
+COPY build.sh $SRC/
+
+COPY DenylistFuzzer.java IdempotenceFuzzer.java ValidJsonFuzzer.java $SRC/
+
+WORKDIR $SRC/json-sanitizer
diff --git a/projects/json-sanitizer/IdempotenceFuzzer.java b/projects/json-sanitizer/IdempotenceFuzzer.java
new file mode 100644
index 0000000..a42c91a
--- /dev/null
+++ b/projects/json-sanitizer/IdempotenceFuzzer.java
@@ -0,0 +1,38 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+import com.code_intelligence.jazzer.api.FuzzedDataProvider;
+
+import com.google.json.JsonSanitizer;
+
+public class IdempotenceFuzzer {
+ public static void fuzzerTestOneInput(FuzzedDataProvider data) {
+ String input = data.consumeRemainingAsString();
+ String output;
+ try {
+ output = JsonSanitizer.sanitize(input, 10);
+ } catch (ArrayIndexOutOfBoundsException e) {
+ // ArrayIndexOutOfBoundsException is expected if nesting depth is
+ // exceeded.
+ return;
+ }
+
+ // Ensure that sanitizing twice does not give different output
+ // (idempotence). Since failure to be idempotent is not a security issue in
+ // itself, fail with a regular AssertionError.
+ assert JsonSanitizer.sanitize(output).equals(output) : "Not idempotent";
+ }
+}
diff --git a/projects/json-sanitizer/ValidJsonFuzzer.java b/projects/json-sanitizer/ValidJsonFuzzer.java
new file mode 100644
index 0000000..c8fbe03
--- /dev/null
+++ b/projects/json-sanitizer/ValidJsonFuzzer.java
@@ -0,0 +1,47 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+import com.code_intelligence.jazzer.api.FuzzedDataProvider;
+import com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow;
+
+import com.google.gson.Gson;
+import com.google.gson.JsonElement;
+import com.google.json.JsonSanitizer;
+
+public class ValidJsonFuzzer {
+ private static Gson gson = new Gson();
+
+ public static void fuzzerTestOneInput(FuzzedDataProvider data) {
+ String input = data.consumeRemainingAsString();
+ String output;
+ try {
+ output = JsonSanitizer.sanitize(input, 10);
+ } catch (ArrayIndexOutOfBoundsException e) {
+ // ArrayIndexOutOfBoundsException is expected if nesting depth is
+ // exceeded.
+ return;
+ }
+
+ // Check that the output is valid JSON. Invalid JSON may crash other parts
+ // of the application that trust the output of the sanitizer.
+ try {
+ Gson gson = new Gson();
+ gson.fromJson(output, JsonElement.class);
+ } catch (Exception e) {
+ throw new FuzzerSecurityIssueLow("Output is invalid JSON", e);
+ }
+ }
+}
diff --git a/projects/json-sanitizer/build.sh b/projects/json-sanitizer/build.sh
new file mode 100755
index 0000000..64df5e5
--- /dev/null
+++ b/projects/json-sanitizer/build.sh
@@ -0,0 +1,60 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# Move seed corpus and dictionary.
+mv $SRC/{*.zip,*.dict} $OUT
+
+# Build the json-sanitizer jar.
+CURRENT_VERSION=$(mvn org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate \
+-Dexpression=project.version -q -DforceStdout)
+mvn package
+cp "target/json-sanitizer-$CURRENT_VERSION.jar" $OUT/json-sanitizer.jar
+
+# The jar files containing the project (separated by spaces).
+PROJECT_JARS=json-sanitizer.jar
+
+# Get the fuzzer dependencies (gson).
+mvn dependency:copy -Dartifact=com.google.code.gson:gson:2.8.6 -DoutputDirectory=$OUT/
+
+# The jar files containing further dependencies of the fuzz targets (separated
+# by spaces).
+FUZZER_JARS=gson-2.8.6.jar
+
+# Build fuzzers in $OUT.
+ALL_JARS="$PROJECT_JARS $FUZZER_JARS"
+BUILD_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "$OUT/%s:"):$JAZZER_API_PATH
+
+# All jars and class files lie in the same directory as the fuzzer at runtime.
+RUNTIME_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "\$this_dir/%s:"):.:\$this_dir
+
+for fuzzer in $(find $SRC -name '*Fuzzer.java'); do
+ fuzzer_basename=$(basename -s .java $fuzzer)
+ javac -cp $BUILD_CLASSPATH $fuzzer
+ cp $SRC/$fuzzer_basename.class $OUT/
+
+ # Create execution wrapper.
+ echo "#!/bin/sh
+# LLVMFuzzerTestOneInput for fuzzer detection.
+this_dir=\$(dirname \"\$0\")
+LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\":\$this_dir \
+\$this_dir/jazzer_driver --agent_path=\$this_dir/jazzer_agent_deploy.jar \
+--cp=$RUNTIME_CLASSPATH \
+--target_class=$fuzzer_basename \
+--jvm_args=\"-Xmx2048m\" \
+\$@" > $OUT/$fuzzer_basename
+ chmod u+x $OUT/$fuzzer_basename
+done
diff --git a/projects/json-sanitizer/project.yaml b/projects/json-sanitizer/project.yaml
new file mode 100644
index 0000000..028335f
--- /dev/null
+++ b/projects/json-sanitizer/project.yaml
@@ -0,0 +1,10 @@
+homepage: "https://github.com/OWASP/json-sanitizer"
+language: jvm
+primary_contact: "mikesamuel@gmail.com"
+auto_ccs:
+ - "meumertzheim@code-intelligence.com"
+fuzzing_engines:
+ - libfuzzer
+main_repo: "https://github.com/OWASP/json-sanitizer"
+sanitizers:
+ - address
diff --git a/projects/json5format/Dockerfile b/projects/json5format/Dockerfile
new file mode 100644
index 0000000..c0117a5
--- /dev/null
+++ b/projects/json5format/Dockerfile
@@ -0,0 +1,21 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+FROM gcr.io/oss-fuzz-base/base-builder
+
+RUN git clone --depth 1 https://github.com/google/json5format
+WORKDIR $SRC
+
+COPY build.sh $SRC/
diff --git a/projects/json5format/build.sh b/projects/json5format/build.sh
new file mode 100755
index 0000000..c722bdb
--- /dev/null
+++ b/projects/json5format/build.sh
@@ -0,0 +1,20 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+cd $SRC/json5format
+cargo fuzz build -O
+cp ./fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_parse $OUT/fuzz_parse
diff --git a/projects/json5format/project.yaml b/projects/json5format/project.yaml
new file mode 100644
index 0000000..e73905e
--- /dev/null
+++ b/projects/json5format/project.yaml
@@ -0,0 +1,10 @@
+homepage: "https://crates.io/crates/json5format"
+main_repo: "https://github.com/google/json5format"
+primary_contact: "richkadel@google.com"
+sanitizers:
+ - address
+fuzzing_engines:
+ - libfuzzer
+language: rust
+auto_ccs:
+ - "david@adalogics.com"
diff --git a/projects/jsonparser/Dockerfile b/projects/jsonparser/Dockerfile
index 17f6cd1..a5d91fa 100644
--- a/projects/jsonparser/Dockerfile
+++ b/projects/jsonparser/Dockerfile
@@ -15,7 +15,7 @@
################################################################################
FROM gcr.io/oss-fuzz-base/base-builder
-RUN go get github.com/buger/jsonparser
+RUN git clone --depth 1 https://github.com/buger/jsonparser
COPY build.sh $SRC/
-WORKDIR $SRC/
+WORKDIR $SRC/jsonparser
diff --git a/projects/jsonparser/build.sh b/projects/jsonparser/build.sh
index fda6e8d..3b576e1 100755
--- a/projects/jsonparser/build.sh
+++ b/projects/jsonparser/build.sh
@@ -15,4 +15,4 @@
#
################################################################################
-$GOPATH/src/github.com/buger/jsonparser/oss-fuzz-build.sh
+./oss-fuzz-build.sh
diff --git a/projects/jsonschema/Dockerfile b/projects/jsonschema/Dockerfile
new file mode 100644
index 0000000..ffec717
--- /dev/null
+++ b/projects/jsonschema/Dockerfile
@@ -0,0 +1,23 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN pip3 install hypothesis
+
+RUN git clone --depth=1 https://github.com/Julian/jsonschema
+WORKDIR $SRC/jsonschema
+
+COPY build.sh $SRC/
diff --git a/projects/jsonschema/build.sh b/projects/jsonschema/build.sh
new file mode 100644
index 0000000..71d4ad6
--- /dev/null
+++ b/projects/jsonschema/build.sh
@@ -0,0 +1,34 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+pip3 install .
+
+# Build fuzzers in $OUT.
+for fuzzer in $(find $SRC -name 'fuzz_*.py'); do
+ fuzzer_basename=$(basename -s .py $fuzzer)
+ fuzzer_package=${fuzzer_basename}.pkg
+ pyinstaller --distpath $OUT --onefile --name $fuzzer_package $fuzzer
+
+ # Create execution wrapper.
+ echo "#!/bin/sh
+# LLVMFuzzerTestOneInput for fuzzer detection.
+this_dir=\$(dirname \"\$0\")
+LD_PRELOAD=\$this_dir/sanitizer_with_fuzzer.so \
+ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$this_dir/llvm-symbolizer:detect_leaks=0 \
+\$this_dir/$fuzzer_package \$@" > $OUT/$fuzzer_basename
+ chmod u+x $OUT/$fuzzer_basename
+done
diff --git a/projects/jsonschema/project.yaml b/projects/jsonschema/project.yaml
new file mode 100644
index 0000000..d7ac42b
--- /dev/null
+++ b/projects/jsonschema/project.yaml
@@ -0,0 +1,11 @@
+homepage: "https://github.com/Julian/jsonschema"
+language: python
+primary_contact: "Julian+Security@GrayVines.com"
+auto_ccs:
+ - "david@adalogics.com"
+fuzzing_engines:
+ - libfuzzer
+sanitizers:
+ - address
+ - undefined
+main_repo: 'https://github.com/Julian/jsonschema'
diff --git a/projects/kamailio/Dockerfile b/projects/kamailio/Dockerfile
new file mode 100755
index 0000000..5b67dee
--- /dev/null
+++ b/projects/kamailio/Dockerfile
@@ -0,0 +1,22 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y bison flex
+RUN git clone https://github.com/kamailio/kamailio
+
+WORKDIR $SRC
+COPY build.sh $SRC/
diff --git a/projects/kamailio/build.sh b/projects/kamailio/build.sh
new file mode 100755
index 0000000..2b7c373
--- /dev/null
+++ b/projects/kamailio/build.sh
@@ -0,0 +1,32 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+cd $SRC/kamailio
+
+export CC_OPT="${CFLAGS}"
+export LD_EXTRA_OPTS="${CFLAGS}"
+
+sed -i 's/int main(/int main2(/g' ./src/main.c
+
+make || true
+cd src
+mkdir objects && find . -name "*.o" -exec cp {} ./objects/ \;
+ar -r libkamilio.a ./objects/*.o
+cd ../
+$CC $CFLAGS $LIB_FUZZING_ENGINE ./misc/fuzz/fuzz_uri.c -o $OUT/fuzz_uri \
+ -DFAST_LOCK -D__CPU_i386 ./src/libkamilio.a \
+ -I./src/ -I./src/core/parser -ldl -lresolv -lm
diff --git a/projects/kamailio/project.yaml b/projects/kamailio/project.yaml
new file mode 100755
index 0000000..46020a0
--- /dev/null
+++ b/projects/kamailio/project.yaml
@@ -0,0 +1,7 @@
+homepage: "www.kamailio.org"
+main_repo: "https://github.com/kamailio/kamailio"
+primary_contact: "ossfuzz@kamailio.org"
+language: c
+auto_ccs:
+ - "miconda@gmail.com"
+ - "david@adalogics.com"
diff --git a/projects/kimageformats/Dockerfile b/projects/kimageformats/Dockerfile
index e3e0456..4acc31c 100644
--- a/projects/kimageformats/Dockerfile
+++ b/projects/kimageformats/Dockerfile
@@ -22,8 +22,10 @@
RUN git clone --depth 1 --branch=5.15 git://code.qt.io/qt/qtbase.git
RUN git clone --depth 1 https://invent.kde.org/frameworks/karchive.git
RUN git clone --depth 1 https://invent.kde.org/frameworks/kimageformats.git
-RUN git clone --depth 1 -b v2.0.1 https://aomedia.googlesource.com/aom
-RUN git clone --depth 1 -b v0.8.4 https://github.com/AOMediaCodec/libavif.git
+RUN git clone --depth 1 -b v2.0.2 https://aomedia.googlesource.com/aom
+RUN git clone --depth 1 -b v0.9.0 https://github.com/AOMediaCodec/libavif.git
+RUN git clone --depth 1 https://github.com/strukturag/libde265.git
+RUN git clone --depth 1 https://github.com/strukturag/libheif.git
COPY build.sh $SRC
COPY kimgio_fuzzer.cc $SRC
WORKDIR kimageformats
diff --git a/projects/kimageformats/build.sh b/projects/kimageformats/build.sh
index 3cec921..0ffa60b 100644
--- a/projects/kimageformats/build.sh
+++ b/projects/kimageformats/build.sh
@@ -56,6 +56,7 @@
extra_libaom_flags='-DAOM_MAX_ALLOCABLE_MEMORY=536870912 -DDO_RANGE_CHECK_CLAMP=1'
cmake -DBUILD_SHARED_LIBS=0 -DENABLE_DOCS=0 -DENABLE_EXAMPLES=0 -DENABLE_TESTDATA=0 -DENABLE_TESTS=0 -DENABLE_TOOLS=0 -DCONFIG_PIC=1 -DAOM_TARGET_CPU=generic -DCONFIG_SIZE_LIMIT=1 -DDECODE_HEIGHT_LIMIT=12288 -DDECODE_WIDTH_LIMIT=12288 -DAOM_EXTRA_C_FLAGS="${extra_libaom_flags}" -DAOM_EXTRA_CXX_FLAGS="${extra_libaom_flags}" ..
make -j$(nproc)
+make install -j$(nproc)
cd $SRC
ln -s "$SRC/aom" "$SRC/libavif/ext/"
@@ -66,9 +67,27 @@
make -j$(nproc)
cd $SRC
+cd libde265
+cmake -DBUILD_SHARED_LIBS=OFF -DDISABLE_SSE=ON .
+make -j$(nproc)
+make install -j$(nproc)
+
+cd $SRC
+cd libheif
+#Reduce max width and height to avoid allocating too much memory
+sed -i "s/static const int MAX_IMAGE_WIDTH = 32768;/static const int MAX_IMAGE_WIDTH = 8192;/g" libheif/heif_limits.h
+sed -i "s/static const int MAX_IMAGE_HEIGHT = 32768;/static const int MAX_IMAGE_HEIGHT = 8192;/g" libheif/heif_limits.h
+mkdir build
+cd build
+cmake -DBUILD_SHARED_LIBS=OFF -DWITH_AOM=ON -DWITH_DAV1D=OFF -DWITH_EXAMPLES=OFF -DWITH_LIBDE265=ON -DWITH_RAV1E=OFF -DWITH_X265=OFF ..
+make -j$(nproc)
+make install -j$(nproc)
+
+cd $SRC
cd kimageformats
HANDLER_TYPES="ANIHandler ani
QAVIFHandler avif
+ HEIFHandler heif
KraHandler kra
OraHandler ora
PCXHandler pcx
@@ -84,7 +103,7 @@
fuzz_target_name=kimgio_${format}_fuzzer
$SRC/qtbase/bin/moc $SRC/kimageformats/src/imageformats/$format.cpp -o $format.moc
- $CXX $CXXFLAGS -fPIC -DHANDLER=$class -std=c++14 $SRC/kimgio_fuzzer.cc $SRC/kimageformats/src/imageformats/$format.cpp -o $OUT/$fuzz_target_name -I $SRC/qtbase/include/QtCore/ -I $SRC/qtbase/include/ -I $SRC/qtbase/include//QtGui -I $SRC/kimageformats/src/imageformats/ -I $SRC/karchive/src/ -I $SRC/qtbase/mkspecs/linux-clang-libc++/ -I $SRC/libavif/include/ -I . -L $SRC/qtbase/lib $SRC/libavif/build/libavif.a $SRC/aom/build.libavif/libaom.a -lQt5Gui -lQt5Core -lqtlibpng -lqtharfbuzz -lm -lqtpcre2 -ldl -lpthread $LIB_FUZZING_ENGINE /usr/local/lib/libzip.a /usr/local/lib/libz.a -lKF5Archive /usr/local/lib/libz.a
+ $CXX $CXXFLAGS -fPIC -DHANDLER=$class -std=c++14 $SRC/kimgio_fuzzer.cc $SRC/kimageformats/src/imageformats/$format.cpp -o $OUT/$fuzz_target_name -I $SRC/qtbase/include/QtCore/ -I $SRC/qtbase/include/ -I $SRC/qtbase/include//QtGui -I $SRC/kimageformats/src/imageformats/ -I $SRC/karchive/src/ -I $SRC/qtbase/mkspecs/linux-clang-libc++/ -I $SRC/libavif/include/ -I . -L $SRC/qtbase/lib $SRC/libavif/build/libavif.a /usr/local/lib/libheif.a /usr/local/lib/liblibde265.a $SRC/aom/build.libavif/libaom.a -lQt5Gui -lQt5Core -lqtlibpng -lqtharfbuzz -lm -lqtpcre2 -ldl -lpthread $LIB_FUZZING_ENGINE /usr/local/lib/libzip.a /usr/local/lib/libz.a -lKF5Archive /usr/local/lib/libz.a
find . -name "*.${format}" | zip -q $OUT/${fuzz_target_name}_seed_corpus.zip -@
)
diff --git a/projects/kimageformats/kimgio_fuzzer.cc b/projects/kimageformats/kimgio_fuzzer.cc
index c37bb22..5fe9cc6 100644
--- a/projects/kimageformats/kimgio_fuzzer.cc
+++ b/projects/kimageformats/kimgio_fuzzer.cc
@@ -20,7 +20,7 @@
Usage:
python infra/helper.py build_image kimageformats
python infra/helper.py build_fuzzers --sanitizer undefined|address|memory kimageformats
- python infra/helper.py run_fuzzer kimageformats kimgio_[ani|avif|kra|ora|pcx|pic|psd|ras|rgb|tga|xcf]_fuzzer
+ python infra/helper.py run_fuzzer kimageformats kimgio_[ani|avif|heif|kra|ora|pcx|pic|psd|ras|rgb|tga|xcf]_fuzzer
*/
@@ -30,6 +30,7 @@
#include "ani_p.h"
#include "avif_p.h"
+#include "heif_p.h"
#include "kra.h"
#include "ora.h"
#include "pcx_p.h"
diff --git a/projects/kubernetes/Dockerfile b/projects/kubernetes/Dockerfile
index 697bf02..e4ebed8 100644
--- a/projects/kubernetes/Dockerfile
+++ b/projects/kubernetes/Dockerfile
@@ -20,7 +20,7 @@
RUN git clone --depth 1 https://github.com/kubernetes/kubernetes.git
RUN git clone --depth 1 https://github.com/google/AFL
RUN git clone --depth 1 https://github.com/dvyukov/go-fuzz-corpus
-RUN go get k8s.io/kops
+RUN git clone --depth 1 https://github.com/kubernetes/kops
WORKDIR $SRC/
COPY build.sh $SRC/
diff --git a/projects/kubernetes/build.sh b/projects/kubernetes/build.sh
index 38ae440..d3d756f 100755
--- a/projects/kubernetes/build.sh
+++ b/projects/kubernetes/build.sh
@@ -21,11 +21,13 @@
set -x
# Compile kOps fuzzers
-$GOPATH/src/k8s.io/kops/tests/fuzz/build.sh
-
+(
+cd kops
+./tests/fuzz/build.sh
+)
# Compile Kubernetes fuzzers
-mv $SRC/kubernetes $GOPATH/src/k8s.io/
+cd $SRC/kubernetes
function compile_fuzzer {
local pkg=$1
diff --git a/projects/libavif/avif_decode_seed_corpus.zip b/projects/libavif/avif_decode_seed_corpus.zip
index eb04c20..90c67bb 100644
--- a/projects/libavif/avif_decode_seed_corpus.zip
+++ b/projects/libavif/avif_decode_seed_corpus.zip
Binary files differ
diff --git a/projects/libavif/build.sh b/projects/libavif/build.sh
index a981fa2..130709f 100755
--- a/projects/libavif/build.sh
+++ b/projects/libavif/build.sh
@@ -15,12 +15,6 @@
#
################################################################################
-# afl++ CMPLOG test:
-test "$FUZZING_ENGINE" = "afl" && {
- export AFL_LLVM_CMPLOG=1
- touch $OUT/afl_cmplog.txt
-}
-
# build dav1d
cd ext && bash dav1d.cmd && cd ..
diff --git a/projects/libcacard/build.sh b/projects/libcacard/build.sh
index 9c0c974..719502e 100755
--- a/projects/libcacard/build.sh
+++ b/projects/libcacard/build.sh
@@ -15,12 +15,6 @@
#
################################################################################
-# afl++ CMPLOG test:
-test "$FUZZING_ENGINE" = "afl" && {
- export AFL_LLVM_CMPLOG=1
- touch $OUT/afl_cmplog.txt
-}
-
# Workaround for fixing AFL++ build, discarded for others.
# See https://github.com/google/oss-fuzz/issues/4280#issuecomment-773977943
export AFL_LLVM_INSTRUMENT=CLASSIC,NGRAM-4
diff --git a/projects/libfido2/Dockerfile b/projects/libfido2/Dockerfile
index b288499..e7d8a6a 100644
--- a/projects/libfido2/Dockerfile
+++ b/projects/libfido2/Dockerfile
@@ -17,10 +17,11 @@
FROM gcr.io/oss-fuzz-base/base-builder
RUN apt-get update && apt-get install -y make autoconf automake libtool
RUN apt-get install -y cmake libudev-dev pkg-config chrpath
-RUN git clone --branch v0.7.0 https://github.com/PJK/libcbor
+RUN git clone --branch v0.8.0 https://github.com/PJK/libcbor
RUN git clone --branch OpenSSL_1_1_1-stable https://github.com/openssl/openssl
+RUN git clone --branch v1.2.11 https://github.com/madler/zlib
RUN git clone https://github.com/Yubico/libfido2
# CIFuzz will replace the libfido directory so put the corpus outside
-ADD https://ambientworks.net/libfido2/corpus.tgz corpus.tgz
+ADD https://storage.googleapis.com/yubico-libfido2/corpus.tgz corpus.tgz
WORKDIR libfido2
COPY build.sh $SRC/
diff --git a/projects/libfido2/build.sh b/projects/libfido2/build.sh
index 8e07932..6c680e2 100755
--- a/projects/libfido2/build.sh
+++ b/projects/libfido2/build.sh
@@ -20,7 +20,8 @@
cd ${SRC}/libcbor
patch -l -p0 < ${SRC}/libfido2/fuzz/README
mkdir build && cd build
-cmake -DCMAKE_BUILD_TYPE=Debug -DCMAKE_INSTALL_PREFIX=${WORK} -DSANITIZE=OFF ..
+cmake -DBUILD_SHARED_LIBS=ON -DCMAKE_BUILD_TYPE=Debug \
+ -DCMAKE_INSTALL_PREFIX=${WORK} -DSANITIZE=OFF ..
make -j$(nproc) VERBOSE=1
make install
@@ -36,6 +37,12 @@
make -j$(nproc) LDCMD="${CXX} ${CXXFLAGS}"
make install_sw
+# Build zlib, taken from oss-fuzz/projects/zlib.sh
+cd ${SRC}/zlib
+./configure --prefix=${WORK}
+make -j$(nproc) all
+make install
+
# Building libfido2 with ${LIB_FUZZING_ENGINE} and chosen sanitizer
cd ${SRC}/libfido2
mkdir build && cd build
@@ -62,8 +69,11 @@
# Prepare seed corpora
tar xzf ${SRC}/corpus.tgz
-(set -e ; cd fuzz_assert/corpus ; zip -r ${OUT}/fuzz_assert_seed_corpus.zip .)
-(set -e ; cd fuzz_bio/corpus ; zip -r ${OUT}/fuzz_bio_seed_corpus.zip .)
-(set -e ; cd fuzz_cred/corpus ; zip -r ${OUT}/fuzz_cred_seed_corpus.zip .)
-(set -e ; cd fuzz_credman/corpus ; zip -r ${OUT}/fuzz_credman_seed_corpus.zip .)
-(set -e ; cd fuzz_mgmt/corpus ; zip -r ${OUT}/fuzz_mgmt_seed_corpus.zip .)
+(set -e ; cd fuzz_assert/corpus ; zip -r ${OUT}/fuzz_assert_seed_corpus.zip .)
+(set -e ; cd fuzz_bio/corpus ; zip -r ${OUT}/fuzz_bio_seed_corpus.zip .)
+(set -e ; cd fuzz_cred/corpus ; zip -r ${OUT}/fuzz_cred_seed_corpus.zip .)
+(set -e ; cd fuzz_credman/corpus ; zip -r ${OUT}/fuzz_credman_seed_corpus.zip .)
+(set -e ; cd fuzz_hid/corpus ; zip -r ${OUT}/fuzz_hid_seed_corpus.zip .)
+(set -e ; cd fuzz_largeblob/corpus ; zip -r ${OUT}/fuzz_largeblob_seed_corpus.zip .)
+(set -e ; cd fuzz_mgmt/corpus ; zip -r ${OUT}/fuzz_mgmt_seed_corpus.zip .)
+(set -e ; cd fuzz_netlink/corpus ; zip -r ${OUT}/fuzz_netlink_seed_corpus.zip .)
diff --git a/projects/libiec61850/Dockerfile b/projects/libiec61850/Dockerfile
new file mode 100755
index 0000000..17b63d3
--- /dev/null
+++ b/projects/libiec61850/Dockerfile
@@ -0,0 +1,22 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN git clone https://github.com/mz-automation/libiec61850
+
+WORKDIR $SRC
+COPY build.sh $SRC/
+COPY fuzz_decode.options $SRC/fuzz_decode.options
diff --git a/projects/libiec61850/build.sh b/projects/libiec61850/build.sh
new file mode 100755
index 0000000..8487973
--- /dev/null
+++ b/projects/libiec61850/build.sh
@@ -0,0 +1,28 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+cd libiec61850
+mkdir build && cd build
+cmake ../
+make
+
+$CC $CFLAGS $LIB_FUZZING_ENGINE ../fuzz/fuzz_mms_decode.c -o $OUT/fuzz_mms_decode ./src/libiec61850.a \
+ -I../src/iec61850/inc -I../src/mms/inc -I../src/common/inc \
+ -I../hal/inc -I../src/logging ./hal/libhal.a
+
+# Copy over the options file
+cp $SRC/fuzz_decode.options $OUT/fuzz_decode.options
diff --git a/projects/libiec61850/fuzz_decode.options b/projects/libiec61850/fuzz_decode.options
new file mode 100644
index 0000000..f9d0965
--- /dev/null
+++ b/projects/libiec61850/fuzz_decode.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+detect_leaks=0
diff --git a/projects/libiec61850/project.yaml b/projects/libiec61850/project.yaml
new file mode 100755
index 0000000..fe265be
--- /dev/null
+++ b/projects/libiec61850/project.yaml
@@ -0,0 +1,6 @@
+homepage: "https://github.com/mz-automation/libiec61850"
+primary_contact: "support@mz-automation.de"
+auto_ccs:
+ - "david@adalogics.com"
+language: c
+main_repo: 'https://github.com/mz-automation/libiec61850'
diff --git a/projects/libjpeg-turbo/Dockerfile b/projects/libjpeg-turbo/Dockerfile
index 329be45..40c8f49 100644
--- a/projects/libjpeg-turbo/Dockerfile
+++ b/projects/libjpeg-turbo/Dockerfile
@@ -15,7 +15,7 @@
################################################################################
FROM gcr.io/oss-fuzz-base/base-builder
-RUN apt-get update && apt-get install -y make autoconf automake libtool nasm curl cmake
+RUN apt-get update && apt-get install -y make autoconf automake libtool yasm curl cmake
RUN git clone --depth 1 https://github.com/libjpeg-turbo/libjpeg-turbo
RUN mkdir afl-testcases
diff --git a/projects/liblouis/Dockerfile b/projects/liblouis/Dockerfile
new file mode 100644
index 0000000..40a17c0
--- /dev/null
+++ b/projects/liblouis/Dockerfile
@@ -0,0 +1,22 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y make autoconf automake libtool \
+ pkg-config zlib1g-dev pciutils-dev libpci-dev
+RUN git clone --depth 1 https://github.com/liblouis/liblouis
+WORKDIR liblouis
+COPY build.sh $SRC/
diff --git a/projects/liblouis/build.sh b/projects/liblouis/build.sh
new file mode 100755
index 0000000..fda807c
--- /dev/null
+++ b/projects/liblouis/build.sh
@@ -0,0 +1,18 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+$SRC/liblouis/tests/fuzzing/build.sh
diff --git a/projects/liblouis/project.yaml b/projects/liblouis/project.yaml
new file mode 100644
index 0000000..e7aa041
--- /dev/null
+++ b/projects/liblouis/project.yaml
@@ -0,0 +1,10 @@
+homepage: "https://github.com/liblouis/liblouis"
+main_repo: "https://github.com/liblouis/liblouis"
+language: c
+primary_contact: "christian.egli@sbs.ch"
+auto_ccs:
+ - "Adam@adalogics.com"
+sanitizers:
+ - address
+ - undefined
+ - memory
diff --git a/projects/libphonenumber/project.yaml b/projects/libphonenumber/project.yaml
index 7657324..4ab9602 100644
--- a/projects/libphonenumber/project.yaml
+++ b/projects/libphonenumber/project.yaml
@@ -3,9 +3,6 @@
language: c++
auto_ccs:
- "david@adalogics.com"
-fuzzing_engines:
- - libfuzzer
- - honggfuzz
sanitizers:
- address
main_repo: 'https://github.com/google/libphonenumber'
diff --git a/projects/libredwg/Dockerfile b/projects/libredwg/Dockerfile
new file mode 100755
index 0000000..93695c3
--- /dev/null
+++ b/projects/libredwg/Dockerfile
@@ -0,0 +1,23 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y autoconf libtool texinfo
+RUN git clone https://github.com/LibreDWG/libredwg
+
+WORKDIR $SRC
+COPY build.sh $SRC/
+COPY llvmfuzz.options $SRC/
diff --git a/projects/libredwg/build.sh b/projects/libredwg/build.sh
new file mode 100755
index 0000000..7737e4d
--- /dev/null
+++ b/projects/libredwg/build.sh
@@ -0,0 +1,27 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+cd libredwg
+sh ./autogen.sh
+# enable-release to skip unstable preR13. bindings are not fuzzed.
+./configure --disable-shared --disable-bindings --enable-release
+make
+
+$CC $CFLAGS $LIB_FUZZING_ENGINE examples/llvmfuzz.c -o $OUT/llvmfuzz \
+ src/.libs/libredwg.a -I./include -I./src
+
+cp $SRC/llvmfuzz.options $OUT/llvmfuzz.options
diff --git a/projects/libredwg/llvmfuzz.options b/projects/libredwg/llvmfuzz.options
new file mode 100644
index 0000000..f9d0965
--- /dev/null
+++ b/projects/libredwg/llvmfuzz.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+detect_leaks=0
diff --git a/projects/libredwg/project.yaml b/projects/libredwg/project.yaml
new file mode 100755
index 0000000..a9e5d44
--- /dev/null
+++ b/projects/libredwg/project.yaml
@@ -0,0 +1,9 @@
+homepage: "https://github.com/LibreDWG/libredwg"
+primary_contact: "reini.urban@gmail.com"
+language: c
+auto_ccs :
+ - "david@adalogics.com"
+fuzzing_engines:
+ - libfuzzer
+ - honggfuzz
+main_repo: 'https://github.com/LibreDWG/libredwg'
diff --git a/projects/libreoffice/project.yaml b/projects/libreoffice/project.yaml
index fdbb462..bcf9a4f 100644
--- a/projects/libreoffice/project.yaml
+++ b/projects/libreoffice/project.yaml
@@ -4,4 +4,6 @@
auto_ccs:
- "officesecurity@lists.freedesktop.org"
- "damjan.jov@gmail.com"
+ - "noelgrandin@gmail.com"
- "sbergman@redhat.com"
+main_repo: 'https://git.libreoffice.org/core'
diff --git a/projects/libsodium/fake_random.h b/projects/libsodium/fake_random.h
index 36d8d89..9519b0c 100644
--- a/projects/libsodium/fake_random.h
+++ b/projects/libsodium/fake_random.h
@@ -1,3 +1,17 @@
+// Copyright 2018 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
#ifndef FAKE_RANDOM_H_
#define FAKE_RANDOM_H_
@@ -43,7 +57,7 @@
int fake_random_set = randombytes_set_implementation(&fake_random);
assert(fake_random_set == 0);
- assert(randombytes_implementation_name() == "fake_random");
+ assert(strcmp(randombytes_implementation_name(), "fake_random") == 0);
int initialized = sodium_init();
assert(initialized >= 0);
}
diff --git a/projects/libsodium/project.yaml b/projects/libsodium/project.yaml
index dcbfdcc..40b1374 100644
--- a/projects/libsodium/project.yaml
+++ b/projects/libsodium/project.yaml
@@ -1,6 +1,6 @@
homepage: "https://libsodium.org"
language: c++
-primary_contact: "ossfuzzz+sodium@gmail.com"
+primary_contact: "ossfuzzz@gmail.com"
auto_ccs:
- "chriswwolfe@gmail.com"
architectures:
diff --git a/projects/libsodium/secret_key_auth_fuzzer.cc b/projects/libsodium/secret_key_auth_fuzzer.cc
index 32bb5fe..ce46781 100644
--- a/projects/libsodium/secret_key_auth_fuzzer.cc
+++ b/projects/libsodium/secret_key_auth_fuzzer.cc
@@ -1,4 +1,19 @@
+// Copyright 2018 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
#include <assert.h>
+#include <stdlib.h>
#include <sodium.h>
#include "fake_random.h"
@@ -16,6 +31,8 @@
crypto_auth_keygen(key);
crypto_auth(mac, data, size, key);
- crypto_auth_verify(mac, data, size, key);
+ int err = crypto_auth_verify(mac, data, size, key);
+ assert(err == 0);
+
return 0;
}
diff --git a/projects/libsodium/secretbox_easy_fuzzer.cc b/projects/libsodium/secretbox_easy_fuzzer.cc
index 4e25bcc..a37c88b 100644
--- a/projects/libsodium/secretbox_easy_fuzzer.cc
+++ b/projects/libsodium/secretbox_easy_fuzzer.cc
@@ -1,4 +1,19 @@
+// Copyright 2018 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
#include <assert.h>
+#include <stdlib.h>
#include <sodium.h>
#include "fake_random.h"
@@ -17,12 +32,16 @@
randombytes_buf(nonce, sizeof nonce);
size_t ciphertext_len = crypto_secretbox_MACBYTES + size;
- unsigned char ciphertext[ciphertext_len];
+ unsigned char *ciphertext = (unsigned char *) malloc(ciphertext_len);
crypto_secretbox_easy(ciphertext, data, size, nonce, key);
- unsigned char decrypted[size];
- crypto_secretbox_open_easy(decrypted, ciphertext, ciphertext_len, nonce, key);
+ unsigned char *decrypted = (unsigned char *) malloc(size);
+ int err = crypto_secretbox_open_easy(decrypted, ciphertext, ciphertext_len, nonce, key);
+ assert(err == 0);
+
+ free((void *) ciphertext);
+ free((void *) decrypted);
return 0;
}
diff --git a/projects/libucl/Dockerfile b/projects/libucl/Dockerfile
index 0babaa2..7824ad6 100644
--- a/projects/libucl/Dockerfile
+++ b/projects/libucl/Dockerfile
@@ -1,4 +1,4 @@
-# Copyright 2020 Google Inc.
+# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -21,3 +21,4 @@
WORKDIR $SRC
COPY build.sh $SRC/
+COPY ucl_add_string_fuzzer.options $SRC/ucl_add_string_fuzzer.options
diff --git a/projects/libucl/build.sh b/projects/libucl/build.sh
index d5cce41..e5589dd 100644
--- a/projects/libucl/build.sh
+++ b/projects/libucl/build.sh
@@ -1,4 +1,4 @@
-# Copyright 2020 Google Inc.
+# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -14,10 +14,12 @@
#
################################################################################
-export ASAN_OPTIONS=detect_leaks=0
+cp $SRC/ucl_add_string_fuzzer.options $OUT/
cd libucl
./autogen.sh && ./configure
make
-$CC tests/fuzzers/ucl_add_string_fuzzer.c -DHAVE_CONFIG_H -I./src -I./include src/.libs/libucl.a -I./ $CFLAGS $LIB_FUZZING_ENGINE -o $OUT/ucl_add_string_fuzzer
+$CC $CFLAGS $LIB_FUZZING_ENGINE tests/fuzzers/ucl_add_string_fuzzer.c \
+ -DHAVE_CONFIG_H -I./src -I./include src/.libs/libucl.a -I./ \
+ -o $OUT/ucl_add_string_fuzzer
diff --git a/projects/libucl/project.yaml b/projects/libucl/project.yaml
index 14bead5..8a5dd20 100644
--- a/projects/libucl/project.yaml
+++ b/projects/libucl/project.yaml
@@ -3,7 +3,4 @@
auto_ccs:
- "adam@adalogics.com"
language: c
-fuzzing_engines:
- - libfuzzer
- - honggfuzz
main_repo: 'https://github.com/vstakhov/libucl'
diff --git a/projects/libucl/ucl_add_string_fuzzer.options b/projects/libucl/ucl_add_string_fuzzer.options
new file mode 100644
index 0000000..f9d0965
--- /dev/null
+++ b/projects/libucl/ucl_add_string_fuzzer.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+detect_leaks=0
diff --git a/projects/libvips/Dockerfile b/projects/libvips/Dockerfile
index 258e222..e792dff 100644
--- a/projects/libvips/Dockerfile
+++ b/projects/libvips/Dockerfile
@@ -25,6 +25,7 @@
libfftw3-dev \
libexpat1-dev \
libffi-dev \
+ libselinux1-dev \
glib2.0-dev
RUN mkdir afl-testcases
RUN curl https://lcamtuf.coredump.cx/afl/demo/afl_testcases.tgz | tar xzC afl-testcases
diff --git a/projects/libvips/build.sh b/projects/libvips/build.sh
index e170f37..21505d6 100755
--- a/projects/libvips/build.sh
+++ b/projects/libvips/build.sh
@@ -169,6 +169,7 @@
$LIB_FUZZING_ENGINE \
-Wl,-Bstatic \
-lfftw3 -lgmodule-2.0 -lgio-2.0 -lgobject-2.0 -lffi -lglib-2.0 -lpcre -lexpat \
+ -lresolv -lsepol -lselinux \
-Wl,-Bdynamic -pthread
ln -sf "seed_corpus.zip" "$OUT/${target}_seed_corpus.zip"
done
diff --git a/projects/libxml2/build.sh b/projects/libxml2/build.sh
index 7485bc2..4240ba7 100755
--- a/projects/libxml2/build.sh
+++ b/projects/libxml2/build.sh
@@ -16,12 +16,6 @@
#
################################################################################
-# afl++ CMPLOG test:
-test "$FUZZING_ENGINE" = "afl" && {
- export AFL_LLVM_CMPLOG=1
- touch $OUT/afl_cmplog.txt
-}
-
if [ "$SANITIZER" = undefined ]; then
export CFLAGS="$CFLAGS -fsanitize=unsigned-integer-overflow -fno-sanitize-recover=unsigned-integer-overflow"
export CXXFLAGS="$CXXFLAGS -fsanitize=unsigned-integer-overflow -fno-sanitize-recover=unsigned-integer-overflow"
diff --git a/projects/libyal/Dockerfile b/projects/libyal/Dockerfile
index 9338fdc..c255806 100644
--- a/projects/libyal/Dockerfile
+++ b/projects/libyal/Dockerfile
@@ -36,6 +36,7 @@
RUN git clone --depth 1 https://github.com/libyal/libmsiecf.git libmsiecf
RUN git clone --depth 1 https://github.com/libyal/libnk2.git libnk2
RUN git clone --depth 1 https://github.com/libyal/libolecf.git libolecf
+RUN git clone --depth 1 https://github.com/libyal/libpff.git libpff
RUN git clone --depth 1 https://github.com/libyal/libregf.git libregf
RUN git clone --depth 1 https://github.com/libyal/libscca.git libscca
@@ -52,8 +53,9 @@
RUN git clone --depth 1 https://github.com/libyal/libvsmbr.git libvsmbr
RUN git clone --depth 1 https://github.com/libyal/libewf.git libewf
-RUN git clone --depth 1 https://github.com/libyal/libsmraw.git libsmraw
+RUN git clone --depth 1 https://github.com/libyal/libmodi.git libmodi
RUN git clone --depth 1 https://github.com/libyal/libqcow.git libqcow
+RUN git clone --depth 1 https://github.com/libyal/libsmraw.git libsmraw
RUN git clone --depth 1 https://github.com/libyal/libvhdi.git libvhdi
RUN git clone --depth 1 https://github.com/libyal/libvmdk.git libvmdk
diff --git a/projects/libyang/Dockerfile b/projects/libyang/Dockerfile
new file mode 100755
index 0000000..c1c5f75
--- /dev/null
+++ b/projects/libyang/Dockerfile
@@ -0,0 +1,29 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y autoconf automake libtool subversion
+RUN git clone https://github.com/CESNET/libyang
+
+RUN svn co svn://vcs.exim.org/pcre2/code/trunk pcre2 && \
+ cd pcre2 && \
+ ./autogen.sh && \
+ ./configure && \
+ make && \
+ make install
+
+WORKDIR $SRC
+COPY build.sh $SRC/
diff --git a/projects/libyang/build.sh b/projects/libyang/build.sh
new file mode 100755
index 0000000..cb5857d
--- /dev/null
+++ b/projects/libyang/build.sh
@@ -0,0 +1,31 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+cd libyang
+git checkout libyang2
+
+sed -i 's/add_subdirectory/#add_subdirectory/g' ./tools/CMakeLists.txt
+mkdir build && cd build
+cmake ../ -DENABLE_STATIC=ON
+make
+
+static_pcre=($(find /src/pcre2 -name "libpcre2-8.a"))
+
+for fuzzer in lyd_parse_mem_json lyd_parse_mem_xml lys_parse_mem; do
+ $CC $CFLAGS $LIB_FUZZING_ENGINE ../tests/fuzz/${fuzzer}.c -o $OUT/${fuzzer} \
+ ./libyang.a -I../src -I./src -I./compat ${static_pcre}
+done
diff --git a/projects/libyang/project.yaml b/projects/libyang/project.yaml
new file mode 100755
index 0000000..aac772c
--- /dev/null
+++ b/projects/libyang/project.yaml
@@ -0,0 +1,12 @@
+homepage: "https://github.com/CESNET/libyang"
+main_repo: 'https://github.com/CESNET/libyang'
+primary_contact: "mvasko@cesnet.cz"
+language: c
+auto_ccs:
+ - "mv6606@gmail.com"
+ - "david@adalogics.com"
+ - "warband.times@gmail.com"
+ - "juraj.vijtiuk@sartura.hr"
+sanitizers:
+ - address
+ - memory
diff --git a/projects/libzmq/project.yaml b/projects/libzmq/project.yaml
index b6e29cf..a7b9465 100644
--- a/projects/libzmq/project.yaml
+++ b/projects/libzmq/project.yaml
@@ -5,13 +5,6 @@
- "luca.boccassi@gmail.com"
- "somdoron@gmail.com"
- "simon.giesecke@gmail.com"
-fuzzing_engines:
- - libfuzzer
- - honggfuzz
-sanitizers:
- - address
- - memory
- - undefined
architectures:
- x86_64
- i386
diff --git a/projects/lighttpd/Dockerfile b/projects/lighttpd/Dockerfile
new file mode 100755
index 0000000..e27d804
--- /dev/null
+++ b/projects/lighttpd/Dockerfile
@@ -0,0 +1,23 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y libz-dev libtool pkg-config autoconf
+RUN git clone https://github.com/lighttpd/lighttpd1.4
+
+WORKDIR $SRC/lighttpd1.4
+COPY build.sh $SRC/
+COPY fuzz_* $SRC/
diff --git a/projects/lighttpd/build.sh b/projects/lighttpd/build.sh
new file mode 100755
index 0000000..5cd286a
--- /dev/null
+++ b/projects/lighttpd/build.sh
@@ -0,0 +1,23 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+./autogen.sh
+./configure --without-pcre --enable-static
+make
+cd src
+$CC $CFLAGS -c $SRC/fuzz_burl.c -I. -I../include
+$CXX $CXXFLAGS $LIB_FUZZING_ENGINE fuzz_burl.o burl.o buffer.o base64.o -o $OUT/fuzz_burl
diff --git a/projects/lighttpd/fuzz_burl.c b/projects/lighttpd/fuzz_burl.c
new file mode 100644
index 0000000..5ba1e1c
--- /dev/null
+++ b/projects/lighttpd/fuzz_burl.c
@@ -0,0 +1,56 @@
+/* Copyright 2021 Google LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+
+#include "burl.h"
+#include "buffer.h"
+
+void run_burl_normalize (buffer *psrc, buffer *ptmp,
+ int flags, int line, const char *in,
+ size_t in_len) {
+ int qs;
+ buffer_copy_string_len(psrc, in, in_len);
+ qs = burl_normalize(psrc, ptmp, flags);
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ if (size <= 4) {
+ return 0;
+ }
+ int flags = ((int*)data)[0];
+ data += 4;
+ size -= 4;
+ char *new_str = (char *)malloc(size+1);
+ if (new_str == NULL){
+ return 0;
+ }
+ memcpy(new_str, data, size);
+ new_str[size] = '\0';
+
+ /* main fuzzer entrypoint for library */
+ buffer *psrc = buffer_init();
+ buffer *ptmp = buffer_init();
+ run_burl_normalize(psrc, ptmp, flags, __LINE__, new_str, size);
+ buffer_urldecode_path(psrc);
+
+ buffer_free(psrc);
+ buffer_free(ptmp);
+ free(new_str);
+ return 0;
+}
diff --git a/projects/lighttpd/project.yaml b/projects/lighttpd/project.yaml
new file mode 100755
index 0000000..9a4b442
--- /dev/null
+++ b/projects/lighttpd/project.yaml
@@ -0,0 +1,6 @@
+homepage: "https://www.lighttpd.net/"
+primary_contact: "lighttpd.fuzz@gmail.com"
+language: c
+auto_ccs :
+ - "david@adalogics.com"
+main_repo: "https://github.com/lighttpd/lighttpd1.4"
diff --git a/projects/loki/Dockerfile b/projects/loki/Dockerfile
index d7ed8f8..2340618 100644
--- a/projects/loki/Dockerfile
+++ b/projects/loki/Dockerfile
@@ -15,6 +15,6 @@
################################################################################
FROM gcr.io/oss-fuzz-base/base-builder
-RUN go get github.com/grafana/loki/pkg/logql/...
+RUN git clone --depth 1 https://github.com/grafana/loki/
COPY build.sh $SRC/
-WORKDIR $SRC/
+WORKDIR $SRC/loki
diff --git a/projects/loki/project.yaml b/projects/loki/project.yaml
index 69cf3d9..5b75286 100644
--- a/projects/loki/project.yaml
+++ b/projects/loki/project.yaml
@@ -4,6 +4,7 @@
- "adam@adalogics.com"
- "edward.welch@grafana.com"
- "michel.hollands@grafana.com"
+ - "loki@grafana.com"
language: go
fuzzing_engines:
- libfuzzer
diff --git a/projects/lotus/Dockerfile b/projects/lotus/Dockerfile
index 1a4b2df..08dccff 100644
--- a/projects/lotus/Dockerfile
+++ b/projects/lotus/Dockerfile
@@ -17,7 +17,7 @@
FROM gcr.io/oss-fuzz-base/base-builder
RUN apt-get update && apt-get install -y mesa-opencl-icd ocl-icd-opencl-dev gcc \
git bzr jq pkg-config curl clang build-essential hwloc libhwloc-dev
-RUN git clone --depth 1 https://github.com/filecoin-project/lotus $GOPATH/src/github.com/filecoin-project/lotus
-RUN git clone --depth 1 https://github.com/filecoin-project/fuzzing-lotus $GOPATH/src/github.com/filecoin-project/fuzzing-lotus
+RUN git clone --depth 1 https://github.com/filecoin-project/lotus
+RUN git clone --depth 1 https://github.com/filecoin-project/fuzzing-lotus
COPY build.sh $SRC/
-WORKDIR $GOPATH/src/github.com/filecoin-project/lotus
+WORKDIR $SRC/lotus
diff --git a/projects/lotus/build.sh b/projects/lotus/build.sh
index 2d4cf9e..6460309 100644
--- a/projects/lotus/build.sh
+++ b/projects/lotus/build.sh
@@ -17,8 +17,31 @@
make
-compile_go_fuzzer github.com/filecoin-project/lotus/chain/types FuzzMessage fuzz_message gofuzz
+# Not all fuzzers can be compiled with --sanitizer=coverage.
+# The specific issue is that gofuzz.NewFromGofuzz is not supported when compiling with coverage.
+# The current status of the coverage build is that we do not break it for the fuzzers that cannot be compiled.
+#The reason that we don't break the build script is to create coverage reports for the fuzzers that compile.
+if [[ $SANITIZER = *coverage* ]]; then
+ compile_go_fuzzer github.com/filecoin-project/lotus/chain/types FuzzMessage fuzz_message gofuzz
+ mkdir fuzzing
+ cp ../fuzzing-lotus/fuzz/fuzz.go fuzzing/
+ compile_go_fuzzer github.com/filecoin-project/lotus/fuzzing FuzzBlockMsg fuzz_block_msg || true
+ compile_go_fuzzer github.com/filecoin-project/lotus/fuzzing FuzzBlockMsgStructural fuzz_block_msg_structural || true
+ compile_go_fuzzer github.com/filecoin-project/lotus/fuzzing FuzzBlockHeader fuzz_block_header || true
+ compile_go_fuzzer github.com/filecoin-project/lotus/fuzzing FuzzNodesForHeight fuzz_nodes_for_height || true
+ exit 0
+fi
+
+compile_go_fuzzer ./chain/types FuzzMessage fuzz_message gofuzz
+
+
+# Fuzzers from fuzzing-lotus
+cd ../fuzzing-lotus/fuzz
+rm -Rf libfuzzer
+go mod init github.com/filecoin-project/fuzzing-lotus/fuzz
+
compile_go_fuzzer github.com/filecoin-project/fuzzing-lotus/fuzz FuzzBlockMsg fuzz_block_msg
compile_go_fuzzer github.com/filecoin-project/fuzzing-lotus/fuzz FuzzBlockMsgStructural fuzz_block_msg_structural
compile_go_fuzzer github.com/filecoin-project/fuzzing-lotus/fuzz FuzzBlockHeader fuzz_block_header
compile_go_fuzzer github.com/filecoin-project/fuzzing-lotus/fuzz FuzzNodesForHeight fuzz_nodes_for_height
+exit 0
diff --git a/projects/lua/project.yaml b/projects/lua/project.yaml
index 36fc31a..9a4b0dd 100644
--- a/projects/lua/project.yaml
+++ b/projects/lua/project.yaml
@@ -2,6 +2,6 @@
language: c
primary_contact: "roberto@inf.puc-rio.br"
auto_ccs:
- - "fuzz@llua.org"
+ - "fuzz@lua.org"
- "david@adalogics.com"
main_repo: 'https://github.com/lua/lua'
diff --git a/projects/lxc/Dockerfile b/projects/lxc/Dockerfile
new file mode 100644
index 0000000..375c224
--- /dev/null
+++ b/projects/lxc/Dockerfile
@@ -0,0 +1,22 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && \
+ apt-get install -y pkgconf make libtool automake autoconf
+RUN git clone --depth 1 https://github.com/lxc/lxc
+WORKDIR lxc
+COPY build.sh $SRC/
diff --git a/projects/lxc/build.sh b/projects/lxc/build.sh
new file mode 100755
index 0000000..1f18a7e
--- /dev/null
+++ b/projects/lxc/build.sh
@@ -0,0 +1,17 @@
+#!/bin/bash -e
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+src/tests/oss-fuzz.sh
diff --git a/projects/lxc/project.yaml b/projects/lxc/project.yaml
new file mode 100644
index 0000000..f19d356
--- /dev/null
+++ b/projects/lxc/project.yaml
@@ -0,0 +1,12 @@
+homepage: "https://github.com/lxc/lxc"
+language: c
+primary_contact: "christian@brauner.io"
+builds_per_day: 4
+sanitizers:
+ - address
+ - undefined
+ - memory
+auto_ccs:
+ - stgraber@stgraber.org
+ - evverx@gmail.com
+main_repo: "https://github.com/lxc/lxc"
diff --git a/projects/md4c/Dockerfile b/projects/md4c/Dockerfile
new file mode 100755
index 0000000..65ebbff
--- /dev/null
+++ b/projects/md4c/Dockerfile
@@ -0,0 +1,22 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y make cmake
+RUN git clone https://github.com/mity/md4c
+
+WORKDIR $SRC/md4c
+COPY build.sh $SRC/
diff --git a/projects/md4c/build.sh b/projects/md4c/build.sh
new file mode 100755
index 0000000..51d8a80
--- /dev/null
+++ b/projects/md4c/build.sh
@@ -0,0 +1,22 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+mkdir build && cd build
+cmake ../ -DBUILD_SHARED_LIBS=OFF
+make
+$CC $CFLAGS $LIB_FUZZING_ENGINE ../test/fuzzers/fuzz-mdhtml.c -o $OUT/fuzz-mdhtml \
+ -I../src ./src/libmd4c-html.a ./src/libmd4c.a
diff --git a/projects/md4c/project.yaml b/projects/md4c/project.yaml
new file mode 100755
index 0000000..33e881e
--- /dev/null
+++ b/projects/md4c/project.yaml
@@ -0,0 +1,6 @@
+homepage: "https://github.com/mity/md4c"
+main_repo: "https://github.com/mity/md4c"
+primary_contact: "mity@morous.org"
+language: c
+auto_ccs:
+ - "david@adalogics.com"
diff --git a/projects/minify/Dockerfile b/projects/minify/Dockerfile
index 025632d..3f3516a 100644
--- a/projects/minify/Dockerfile
+++ b/projects/minify/Dockerfile
@@ -15,6 +15,7 @@
################################################################################
FROM gcr.io/oss-fuzz-base/base-builder
-RUN go get -u github.com/tdewolff/minify
+RUN git clone --depth 1 https://github.com/tdewolff/minify
+RUN git clone --depth 1 https://github.com/tdewolff/parse
COPY build.sh $SRC/
WORKDIR $SRC/
diff --git a/projects/minify/build.sh b/projects/minify/build.sh
index 65d728c..1c03167 100755
--- a/projects/minify/build.sh
+++ b/projects/minify/build.sh
@@ -14,4 +14,4 @@
# limitations under the License.
#
################################################################################
-$GOPATH/src/github.com/tdewolff/minify/tests/oss-fuzz-build.sh
+./minify/tests/oss-fuzz-build.sh
diff --git a/projects/miniz/build.sh b/projects/miniz/build.sh
index 9e7a489..e116a39 100755
--- a/projects/miniz/build.sh
+++ b/projects/miniz/build.sh
@@ -17,3 +17,4 @@
# Run the OSS-Fuzz script in the project
$SRC/miniz/tests/ossfuzz.sh
+
diff --git a/projects/muparser/project.yaml b/projects/muparser/project.yaml
index 219093a..e6be1c1 100644
--- a/projects/muparser/project.yaml
+++ b/projects/muparser/project.yaml
@@ -3,8 +3,6 @@
primary_contact: "equinox.ib@googlemail.com"
auto_ccs:
- "zhichengcai@google.com"
-fuzzing_engines:
- - libfuzzer
sanitizers:
- address
- undefined
diff --git a/projects/mupdf/pdf_fuzzer.cc b/projects/mupdf/pdf_fuzzer.cc
index fd8ad7f..3e3f1fb 100644
--- a/projects/mupdf/pdf_fuzzer.cc
+++ b/projects/mupdf/pdf_fuzzer.cc
@@ -23,96 +23,115 @@
#include <mupdf/fitz.h>
-#define ALIGNMENT 16
-#define MAX_ALLOCATION (1024 * 1024 * 1024)
+#define ALIGNMENT ((size_t) 16)
+#define KBYTE ((size_t) 1024)
+#define MBYTE (1024 * KBYTE)
+#define GBYTE (1024 * MBYTE)
+#define MAX_ALLOCATION (1 * GBYTE)
-static uint64_t total = 0;
+static size_t used;
-static void *
-fz_malloc_ossfuzz(void *opaque, size_t size)
+static void *fz_limit_reached_ossfuzz(size_t oldsize, size_t size)
{
- char *ptr = NULL;
-
- if (size == 0)
- return NULL;
- if (size > SIZE_MAX - ALIGNMENT)
- return NULL;
-
- if (size > MAX_ALLOCATION - ALIGNMENT - total)
- return NULL;
-
- ptr = (char *) malloc(size + ALIGNMENT);
- if (ptr == NULL)
- return NULL;
-
- memcpy(ptr, &size, sizeof(size));
- total += size + ALIGNMENT;
-
- return ptr + ALIGNMENT;
+ if (oldsize == 0)
+ fprintf(stderr, "limit: %zu Mbyte used: %zu Mbyte allocation: %zu: limit reached\n", MAX_ALLOCATION / MBYTE, used / MBYTE, size);
+ else
+ fprintf(stderr, "limit: %zu Mbyte used: %zu Mbyte reallocation: %zu -> %zu: limit reached\n", MAX_ALLOCATION / MBYTE, used / MBYTE, oldsize, size);
+ fflush(0);
+ return NULL;
}
-static void
-fz_free_ossfuzz(void *opaque, void *ptr)
+static void *fz_malloc_ossfuzz(void *opaque, size_t size)
{
- size_t size;
+ char *ptr = NULL;
- if (ptr == NULL)
- return;
+ if (size == 0)
+ return NULL;
+ if (size > SIZE_MAX - ALIGNMENT)
+ return NULL;
+ if (size + ALIGNMENT > MAX_ALLOCATION - used)
+ return fz_limit_reached_ossfuzz(0, size + ALIGNMENT);
- ptr = ((char *) ptr) - ALIGNMENT;
+ ptr = (char *) malloc(size + ALIGNMENT);
+ if (ptr == NULL)
+ return NULL;
- memcpy(&size, ptr, sizeof(size));
- total -= size - ALIGNMENT;
- free(ptr);
+ memcpy(ptr, &size, sizeof(size));
+ used += size + ALIGNMENT;
+
+ return ptr + ALIGNMENT;
}
-static void *
-fz_realloc_ossfuzz(void *opaque, void *old, size_t size)
+static void fz_free_ossfuzz(void *opaque, void *ptr)
{
- size_t oldsize;
- char *ptr;
+ size_t size;
- if (old == NULL)
- return fz_malloc_ossfuzz(opaque, size);
- if (size == 0)
- {
- fz_free_ossfuzz(opaque, old);
- return NULL;
- }
- if (size > SIZE_MAX - ALIGNMENT)
- return NULL;
+ if (ptr == NULL)
+ return;
+ if (ptr < (void *) ALIGNMENT)
+ return;
- old = ((char *) old) - ALIGNMENT;
- memcpy(&oldsize, old, sizeof(oldsize));
+ ptr = (char *) ptr - ALIGNMENT;
+ memcpy(&size, ptr, sizeof(size));
- if (size > MAX_ALLOCATION - total + oldsize)
- return NULL;
+ used -= size + ALIGNMENT;
+ free(ptr);
+}
- ptr = (char *) realloc(old, size + ALIGNMENT);
- if (ptr == NULL)
- return NULL;
+static void *fz_realloc_ossfuzz(void *opaque, void *old, size_t size)
+{
+ size_t oldsize;
+ char *ptr;
- total -= oldsize + ALIGNMENT;
- memcpy(ptr, &size, sizeof(size));
- total += size + ALIGNMENT;
+ if (old == NULL)
+ return fz_malloc_ossfuzz(opaque, size);
+ if (old < (void *) ALIGNMENT)
+ return NULL;
- return ptr + ALIGNMENT;
+ if (size == 0) {
+ fz_free_ossfuzz(opaque, old);
+ return NULL;
+ }
+ if (size > SIZE_MAX - ALIGNMENT)
+ return NULL;
+
+ old = (char *) old - ALIGNMENT;
+ memcpy(&oldsize, old, sizeof(oldsize));
+
+ if (size + ALIGNMENT > MAX_ALLOCATION - used + oldsize + ALIGNMENT)
+ return fz_limit_reached_ossfuzz(oldsize + ALIGNMENT, size + ALIGNMENT);
+
+ ptr = (char *) realloc(old, size + ALIGNMENT);
+ if (ptr == NULL)
+ return NULL;
+
+ used -= oldsize + ALIGNMENT;
+ memcpy(ptr, &size, sizeof(size));
+ used += size + ALIGNMENT;
+
+ return ptr + ALIGNMENT;
}
static fz_alloc_context fz_alloc_ossfuzz =
{
- NULL,
- fz_malloc_ossfuzz,
- fz_realloc_ossfuzz,
- fz_free_ossfuzz
+ NULL,
+ fz_malloc_ossfuzz,
+ fz_realloc_ossfuzz,
+ fz_free_ossfuzz
};
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
- fz_context *ctx = fz_new_context(&fz_alloc_ossfuzz, nullptr, FZ_STORE_DEFAULT);
+ fz_context *ctx;
+ fz_stream *stream;
+ fz_document *doc;
+ fz_pixmap *pix;
- fz_stream *stream = NULL;
- fz_document *doc = NULL;
- fz_pixmap *pix = NULL;
+ used = 0;
+
+ ctx = fz_new_context(&fz_alloc_ossfuzz, nullptr, FZ_STORE_DEFAULT);
+ stream = NULL;
+ doc = NULL;
+ pix = NULL;
fz_var(stream);
fz_var(doc);
diff --git a/projects/nats/Dockerfile b/projects/nats/Dockerfile
index 9667bd7..a9dbcf4 100644
--- a/projects/nats/Dockerfile
+++ b/projects/nats/Dockerfile
@@ -15,6 +15,6 @@
################################################################################
FROM gcr.io/oss-fuzz-base/base-builder
-RUN go get github.com/nats-io/nats-server
+RUN git clone --depth 1 https://github.com/nats-io/nats-server
COPY build.sh $SRC/
-WORKDIR $SRC/
+WORKDIR $SRC/nats-server
diff --git a/projects/nats/build.sh b/projects/nats/build.sh
index 25089d5..2235a6e 100755
--- a/projects/nats/build.sh
+++ b/projects/nats/build.sh
@@ -17,6 +17,6 @@
-compile_go_fuzzer github.com/nats-io/nats-server/conf Fuzz fuzz_conf
-compile_go_fuzzer github.com/nats-io/nats-server/server FuzzClient fuzz_client
+compile_go_fuzzer ./conf Fuzz fuzz_conf
+compile_go_fuzzer ./server FuzzClient fuzz_client
diff --git a/projects/nom/Dockerfile b/projects/nom/Dockerfile
new file mode 100644
index 0000000..167550e
--- /dev/null
+++ b/projects/nom/Dockerfile
@@ -0,0 +1,21 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+FROM gcr.io/oss-fuzz-base/base-builder
+
+RUN git clone --depth 1 https://github.com/Geal/nom/
+WORKDIR $SRC
+
+COPY build.sh $SRC/
diff --git a/projects/nom/build.sh b/projects/nom/build.sh
new file mode 100755
index 0000000..8567ddc
--- /dev/null
+++ b/projects/nom/build.sh
@@ -0,0 +1,20 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+cd $SRC/nom
+cargo fuzz build -O
+cp fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_arithmetic $OUT/
diff --git a/projects/nom/project.yaml b/projects/nom/project.yaml
new file mode 100644
index 0000000..9c2f7d8
--- /dev/null
+++ b/projects/nom/project.yaml
@@ -0,0 +1,10 @@
+homepage: "https://github.com/Geal/nom"
+main_repo: "https://github.com/Geal/nom"
+primary_contact: "geo.couprie@gmail.com"
+sanitizers:
+ - address
+fuzzing_engines:
+ - libfuzzer
+language: rust
+auto_ccs:
+ - "david@adalogics.com"
diff --git a/projects/openbabel/Dockerfile b/projects/openbabel/Dockerfile
new file mode 100644
index 0000000..766293a
--- /dev/null
+++ b/projects/openbabel/Dockerfile
@@ -0,0 +1,21 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt install -y cmake
+RUN git clone --depth 1 https://github.com/openbabel/openbabel.git
+COPY build.sh $SRC
+WORKDIR $SRC/openbabel
diff --git a/projects/openbabel/build.sh b/projects/openbabel/build.sh
new file mode 100755
index 0000000..5a1b547
--- /dev/null
+++ b/projects/openbabel/build.sh
@@ -0,0 +1,23 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+
+# build project
+mkdir build && cd build
+cmake .. -DBUILD_SHARED=OFF -DBUILD_MIXED=ON
+make -j $(nproc)
+cp bin/fuzz* $OUT/
diff --git a/projects/openbabel/project.yaml b/projects/openbabel/project.yaml
new file mode 100644
index 0000000..e7437df
--- /dev/null
+++ b/projects/openbabel/project.yaml
@@ -0,0 +1,10 @@
+homepage: "https://openbabel.org"
+language: c++
+primary_contact: "geoff.hutchison@gmail.com"
+auto_ccs :
+- "p.antoine@catenacyber.fr"
+
+sanitizers:
+- address
+- undefined
+main_repo: 'https://github.com/openbabel/openbabel.git'
diff --git a/projects/openexr/build.sh b/projects/openexr/build.sh
index a0bcfc2..80a2e49 100755
--- a/projects/openexr/build.sh
+++ b/projects/openexr/build.sh
@@ -38,9 +38,8 @@
LIBS=(
"$WORK/src/lib/OpenEXRUtil/libOpenEXRUtil.a"
"$WORK/src/lib/OpenEXR/libOpenEXR.a"
- "$WORK/src/lib/Iex/libIex.a"
- "$WORK/src/lib/IexMath/libIexMath.a"
"$WORK/src/lib/IlmThread/libIlmThread.a"
+ "$WORK/src/lib/Iex/libIex.a"
"$WORK/_deps/imath-build/src/Imath/libImath*.a"
)
diff --git a/projects/openjpeg/build.sh b/projects/openjpeg/build.sh
index cd96cf7..1bc2da0 100755
--- a/projects/openjpeg/build.sh
+++ b/projects/openjpeg/build.sh
@@ -17,7 +17,7 @@
mkdir build
cd build
-cmake ..
+cmake -DCMAKE_BUILD_TYPE=Release ..
make clean -s
make -j$(nproc) -s
cd ..
diff --git a/projects/opensc/project.yaml b/projects/opensc/project.yaml
index 250052f..79d794e 100644
--- a/projects/opensc/project.yaml
+++ b/projects/opensc/project.yaml
@@ -8,7 +8,4 @@
- "andreas.schwier@cardcontact.de"
- "deengert@gmail.com"
- "jakuje@gmail.com"
-fuzzing_engines:
- - libfuzzer
- - honggfuzz
main_repo: 'https://github.com/OpenSC/OpenSC'
diff --git a/projects/openssh/build.sh b/projects/openssh/build.sh
index 83c7f0f..49d1381 100755
--- a/projects/openssh/build.sh
+++ b/projects/openssh/build.sh
@@ -16,8 +16,10 @@
################################################################################
# Enable null cipher
-mv cipher.c _cipher.c
-sed 's/#define CFLAG_INTERNAL.*/#define CFLAG_INTERNAL 0/' _cipher.c > cipher.c
+sed -i 's/#define CFLAG_INTERNAL.*/#define CFLAG_INTERNAL 0/' cipher.c
+
+# Turn off agent unlock password failure delays
+sed -i 's|\(usleep.*\)|// \1|' ssh-agent.c
# Build project
autoreconf
@@ -32,37 +34,48 @@
EXTRA_CFLAGS="-DCIPHER_NONE_AVAIL=1"
STATIC_CRYPTO="-Wl,-Bstatic -lcrypto -Wl,-Bdynamic"
-COMMON=ssh-sk-null.o
+SK_NULL=ssh-sk-null.o
+SK_DUMMY=sk-dummy.o
-$CXX $CXXFLAGS -std=c++11 $EXTRA_CFLAGS -I. -L. -Lopenbsd-compat -g \
- regress/misc/fuzz-harness/ssh-sk-null.cc -c -o ssh-sk-null.o
+$CC $CFLAGS $EXTRA_CFLAGS -I. -g -c \
+ regress/misc/fuzz-harness/ssh-sk-null.cc -o ssh-sk-null.o
+$CC $CFLAGS $EXTRA_CFLAGS -I. -g -c \
+ -DSK_DUMMY_INTEGRATE=1 regress/misc/sk-dummy/sk-dummy.c -o sk-dummy.o
$CXX $CXXFLAGS -std=c++11 $EXTRA_CFLAGS -I. -L. -Lopenbsd-compat -g \
regress/misc/fuzz-harness/pubkey_fuzz.cc -o $OUT/pubkey_fuzz \
- -lssh -lopenbsd-compat $COMMON $STATIC_CRYPTO $LIB_FUZZING_ENGINE
+ -lssh -lopenbsd-compat $SK_NULL $STATIC_CRYPTO $LIB_FUZZING_ENGINE
$CXX $CXXFLAGS -std=c++11 $EXTRA_CFLAGS -I. -L. -Lopenbsd-compat -g \
regress/misc/fuzz-harness/privkey_fuzz.cc -o $OUT/privkey_fuzz \
- -lssh -lopenbsd-compat $COMMON $STATIC_CRYPTO $LIB_FUZZING_ENGINE
+ -lssh -lopenbsd-compat $SK_NULL $STATIC_CRYPTO $LIB_FUZZING_ENGINE
$CXX $CXXFLAGS -std=c++11 $EXTRA_CFLAGS -I. -L. -Lopenbsd-compat -g \
regress/misc/fuzz-harness/sig_fuzz.cc -o $OUT/sig_fuzz \
- -lssh -lopenbsd-compat $COMMON $STATIC_CRYPTO $LIB_FUZZING_ENGINE
+ -lssh -lopenbsd-compat $SK_NULL $STATIC_CRYPTO $LIB_FUZZING_ENGINE
$CXX $CXXFLAGS -std=c++11 $EXTRA_CFLAGS -I. -L. -Lopenbsd-compat -g \
regress/misc/fuzz-harness/authopt_fuzz.cc -o $OUT/authopt_fuzz \
- auth-options.o -lssh -lopenbsd-compat $COMMON $STATIC_CRYPTO \
+ auth-options.o -lssh -lopenbsd-compat $SK_NULL $STATIC_CRYPTO \
$LIB_FUZZING_ENGINE
$CXX $CXXFLAGS -std=c++11 $EXTRA_CFLAGS -I. -L. -Lopenbsd-compat -g \
regress/misc/fuzz-harness/sshsig_fuzz.cc -o $OUT/sshsig_fuzz \
- sshsig.o -lssh -lopenbsd-compat $COMMON $STATIC_CRYPTO \
+ sshsig.o -lssh -lopenbsd-compat $SK_NULL $STATIC_CRYPTO \
$LIB_FUZZING_ENGINE
$CXX $CXXFLAGS -std=c++11 $EXTRA_CFLAGS -I. -L. -Lopenbsd-compat -g \
regress/misc/fuzz-harness/sshsigopt_fuzz.cc -o $OUT/sshsigopt_fuzz \
- sshsig.o -lssh -lopenbsd-compat $COMMON $STATIC_CRYPTO \
+ sshsig.o -lssh -lopenbsd-compat $SK_NULL $STATIC_CRYPTO \
$LIB_FUZZING_ENGINE
$CXX $CXXFLAGS -std=c++11 $EXTRA_CFLAGS -I. -L. -Lopenbsd-compat -g \
regress/misc/fuzz-harness/kex_fuzz.cc -o $OUT/kex_fuzz \
- -lssh -lopenbsd-compat -lz $COMMON $STATIC_CRYPTO \
+ -lssh -lopenbsd-compat -lz $SK_NULL $STATIC_CRYPTO \
$LIB_FUZZING_ENGINE
+$CC $CFLAGS $EXTRA_CFLAGS -I. -g -c \
+ regress/misc/fuzz-harness/agent_fuzz_helper.c -o agent_fuzz_helper.o
+$CC $CFLAGS $EXTRA_CFLAGS -I. -g -c -DENABLE_SK_INTERNAL=1 ssh-sk.c -o ssh-sk.o
+$CXX $CXXFLAGS -std=c++11 $EXTRA_CFLAGS -I. -L. -Lopenbsd-compat -g \
+ regress/misc/fuzz-harness/agent_fuzz.cc -o $OUT/agent_fuzz \
+ $SK_DUMMY agent_fuzz_helper.o ssh-sk.o -lssh -lopenbsd-compat -lz \
+ $STATIC_CRYPTO $LIB_FUZZING_ENGINE
+
# Prepare seed corpora
CASES="$SRC/openssh-fuzz-cases"
(set -e ; cd ${CASES}/key ; zip -r $OUT/pubkey_fuzz_seed_corpus.zip .)
@@ -72,3 +85,4 @@
(set -e ; cd ${CASES}/sshsig ; zip -r $OUT/sshsig_fuzz_seed_corpus.zip .)
(set -e ; cd ${CASES}/sshsigopt ; zip -r $OUT/sshsigopt_fuzz_seed_corpus.zip .)
(set -e ; cd ${CASES}/kex ; zip -r $OUT/kex_fuzz_seed_corpus.zip .)
+(set -e ; cd ${CASES}/agent ; zip -r $OUT/agent_fuzz_seed_corpus.zip .)
diff --git a/projects/openssl/build.sh b/projects/openssl/build.sh
index 0832c6a..14768c9 100755
--- a/projects/openssl/build.sh
+++ b/projects/openssl/build.sh
@@ -15,12 +15,6 @@
#
################################################################################
-# afl++ CMPLOG test:
-test "$FUZZING_ENGINE" = "afl" && {
- export AFL_LLVM_CMPLOG=1
- touch $OUT/afl_cmplog.txt
-}
-
CONFIGURE_FLAGS=""
if [[ $CFLAGS = *sanitize=memory* ]]
then
diff --git a/projects/openthread/Dockerfile b/projects/openthread/Dockerfile
index e54e7e7..4ef0e6e 100644
--- a/projects/openthread/Dockerfile
+++ b/projects/openthread/Dockerfile
@@ -16,7 +16,7 @@
FROM gcr.io/oss-fuzz-base/base-builder
-RUN apt-get update && apt-get install -y make autoconf automake libtool
+RUN apt-get update && apt-get install -y cmake ninja-build
RUN git clone --depth 1 https://github.com/openthread/openthread
WORKDIR openthread
diff --git a/projects/openthread/build.sh b/projects/openthread/build.sh
index 3cd7851..0195084 100755
--- a/projects/openthread/build.sh
+++ b/projects/openthread/build.sh
@@ -15,53 +15,4 @@
#
################################################################################
-./bootstrap
-
-export CPPFLAGS=" \
- -DOPENTHREAD_CONFIG_BORDER_AGENT_ENABLE=1 \
- -DOPENTHREAD_CONFIG_BORDER_ROUTER_ENABLE=1 \
- -DOPENTHREAD_CONFIG_CHANNEL_MANAGER_ENABLE=1 \
- -DOPENTHREAD_CONFIG_CHANNEL_MONITOR_ENABLE=1 \
- -DOPENTHREAD_CONFIG_CHILD_SUPERVISION_ENABLE=1 \
- -DOPENTHREAD_CONFIG_COAP_API_ENABLE=1 \
- -DOPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE=1 \
- -DOPENTHREAD_CONFIG_COMMISSIONER_ENABLE=1 \
- -DOPENTHREAD_CONFIG_DHCP6_CLIENT_ENABLE=1 \
- -DOPENTHREAD_CONFIG_DHCP6_SERVER_ENABLE=1 \
- -DOPENTHREAD_CONFIG_DIAG_ENABLE=1 \
- -DOPENTHREAD_CONFIG_DNS_CLIENT_ENABLE=1 \
- -DOPENTHREAD_CONFIG_ECDSA_ENABLE=1 \
- -DOPENTHREAD_CONFIG_LEGACY_ENABLE=1 \
- -DOPENTHREAD_CONFIG_JAM_DETECTION_ENABLE=1 \
- -DOPENTHREAD_CONFIG_JOINER_ENABLE=1 \
- -DOPENTHREAD_CONFIG_LINK_RAW_ENABLE=1 \
- -DOPENTHREAD_CONFIG_MAC_FILTER_ENABLE=1 \
- -DOPENTHREAD_CONFIG_NCP_UART_ENABLE=1 \
- -DOPENTHREAD_CONFIG_REFERENCE_DEVICE_ENABLE=1 \
- -DOPENTHREAD_CONFIG_SNTP_CLIENT_ENABLE=1 \
- -DOPENTHREAD_CONFIG_TMF_NETDATA_SERVICE_ENABLE=1 \
- -DOPENTHREAD_CONFIG_TMF_NETWORK_DIAG_MTD_ENABLE=1 \
- -DOPENTHREAD_CONFIG_UDP_FORWARD_ENABLE=1"
-
-./configure \
- --enable-fuzz-targets \
- --enable-cli \
- --enable-ftd \
- --enable-joiner \
- --enable-ncp \
- --disable-docs
-
-make -j$(nproc)
-
-find . -name '*-fuzzer' -exec cp -v '{}' $OUT ';'
-find . -name '*-fuzzer.dict' -exec cp -v '{}' $OUT ';'
-find . -name '*-fuzzer.options' -exec cp -v '{}' $OUT ';'
-
-fuzzers=$(find tests/fuzz -name "*-fuzzer")
-for f in $fuzzers; do
- fuzzer=$(basename $f -fuzzer)
-
- if [ -d "tests/fuzz/corpora/${fuzzer}" ]; then
- zip -j $OUT/$(basename $f)_seed_corpus.zip tests/fuzz/corpora/${fuzzer}/*
- fi
-done
+bash tests/fuzz/oss-fuzz-build
diff --git a/projects/openthread/project.yaml b/projects/openthread/project.yaml
index f10bdfc..c772d3b 100644
--- a/projects/openthread/project.yaml
+++ b/projects/openthread/project.yaml
@@ -5,7 +5,6 @@
- libfuzzer
- afl
- honggfuzz
- - dataflow
sanitizers:
- address
- undefined
diff --git a/projects/osquery/project.yaml b/projects/osquery/project.yaml
index efe3528..d0944c1 100644
--- a/projects/osquery/project.yaml
+++ b/projects/osquery/project.yaml
@@ -15,4 +15,5 @@
- address
fuzzing_engines:
- libfuzzer
+ - afl
main_repo: 'https://github.com/osquery/osquery'
diff --git a/projects/p11-kit/Dockerfile b/projects/p11-kit/Dockerfile
new file mode 100644
index 0000000..5ae7858
--- /dev/null
+++ b/projects/p11-kit/Dockerfile
@@ -0,0 +1,23 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y make autoconf automake libtool pkg-config libtasn1-6-dev libffi-dev
+RUN echo deb http://archive.ubuntu.com/ubuntu/ bionic main >> /etc/apt/sources.list
+RUN apt-get update && apt-get install -y -t bionic gettext autopoint
+RUN git clone --depth 1 https://github.com/p11-glue/p11-kit.git p11-kit
+WORKDIR p11-kit
+COPY build.sh $SRC/
diff --git a/projects/p11-kit/build.sh b/projects/p11-kit/build.sh
new file mode 100755
index 0000000..c15f9d5
--- /dev/null
+++ b/projects/p11-kit/build.sh
@@ -0,0 +1,25 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+./autogen.sh
+make -j$(nproc) oss-fuzz
+
+cd fuzz
+for dir in *.in; do
+ fuzzer=$(basename $dir .in)_fuzzer
+ zip -rj "$OUT/${fuzzer}_seed_corpus.zip" "${dir}/"
+done
diff --git a/projects/p11-kit/project.yaml b/projects/p11-kit/project.yaml
new file mode 100644
index 0000000..55139b8
--- /dev/null
+++ b/projects/p11-kit/project.yaml
@@ -0,0 +1,4 @@
+homepage: https://p11-glue.github.io/p11-glue/p11-kit.html
+main_repo: https://github.com/p11-glue/p11-kit
+language: c
+primary_contact: "daiki.ueno@gmail.com"
diff --git a/projects/pcl/Dockerfile b/projects/pcl/Dockerfile
new file mode 100644
index 0000000..740a3b3
--- /dev/null
+++ b/projects/pcl/Dockerfile
@@ -0,0 +1,45 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y make cmake autoconf \
+ automake libtool gettext pkg-config build-essential \
+ mercurial wget libeigen3-dev libflann-dev python python-dev
+
+# VTK deps
+RUN apt-get update && apt-get install -y \
+ libavcodec-dev libavformat-dev libavutil-dev libboost-dev \
+ libdouble-conversion-dev libeigen3-dev libexpat1-dev \
+ libfontconfig-dev libfreetype6-dev libgdal-dev libglew-dev \
+ libhdf5-dev libjpeg-dev libjsoncpp-dev liblz4-dev liblzma-dev \
+ libnetcdf-dev libnetcdf-cxx-legacy-dev libogg-dev libpng-dev \
+ libpython3-dev libqt5opengl5-dev libqt5x11extras5-dev libsqlite3-dev \
+ libswscale-dev libtheora-dev libtiff-dev libxml2-dev libxt-dev \
+ qtbase5-dev qttools5-dev zlib1g-dev
+
+# Install and build boost from source so we can have it use libc++
+RUN wget https://sourceforge.net/projects/boost/files/boost/1.70.0/boost_1_70_0.tar.gz && \
+ tar xzf boost_1_70_0.tar.gz && \
+ cd boost_1_70_0 && \
+ ./bootstrap.sh --with-toolset=clang && \
+ ./b2 clean && \
+ ./b2 toolset=clang cxxflags="-stdlib=libc++" linkflags="-stdlib=libc++" -j$(nproc) install && \
+ cd .. && \
+ rm -rf boost_1_70_0]
+
+RUN git clone --depth 1 https://github.com/PointCloudLibrary/pcl
+COPY build.sh $SRC/
+WORKDIR $SRC/
diff --git a/projects/pcl/build.sh b/projects/pcl/build.sh
new file mode 100755
index 0000000..c08aeac
--- /dev/null
+++ b/projects/pcl/build.sh
@@ -0,0 +1,19 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+chmod +x $SRC/pcl/test/fuzz/build.sh
+$SRC/pcl/test/fuzz/build.sh
diff --git a/projects/pcl/project.yaml b/projects/pcl/project.yaml
index 83d0506..fdb4cb1 100644
--- a/projects/pcl/project.yaml
+++ b/projects/pcl/project.yaml
@@ -1,6 +1,9 @@
-help_url: "https://github.com/pointcloudlibrary/pcl"
+main_repo: "https://github.com/pointcloudlibrary/pcl"
homepage: "http://pointclouds.org"
language: c++
primary_contact: "kunal.tyagi.3.1994@gmail.com"
auto_ccs:
- "tyagi.kunal@live.com"
+ - "larshg@gmail.com"
+ - "markus95.vieth@gmail.com"
+ - "k.koide.aist@gmail.com"
diff --git a/projects/pillow/Dockerfile b/projects/pillow/Dockerfile
index 3f5a117..ab90895 100644
--- a/projects/pillow/Dockerfile
+++ b/projects/pillow/Dockerfile
@@ -54,12 +54,10 @@
COPY build.sh $SRC/
-# pillow runtime dependencies
+# pillow optional runtime dependencies
RUN apt-get install -y \
- libfribidi-dev \
- libharfbuzz-dev \
- python3-tk \
- tcl8.6-dev \
- tk8.6-dev
+ python3-tk \
+ tcl8.6-dev \
+ tk8.6-dev
WORKDIR $SRC/Pillow
diff --git a/projects/pillow/build.sh b/projects/pillow/build.sh
index c0f791d..e7dac34 100644
--- a/projects/pillow/build.sh
+++ b/projects/pillow/build.sh
@@ -17,27 +17,22 @@
python3 setup.py build --build-base=/tmp/build install
-bp="$(find /tmp/build -name '_imaging.o')"
-BUILD_DIR="${bp/_imaging.o/}"
-if [ -d "$BUILD_DIR" ]; then
- find $BUILD_DIR -name _imagingmath.o -delete
- find $BUILD_DIR -name _imagingtk.o -delete
- find $BUILD_DIR -name _imagingmorph.o -delete
-fi;
-
-# Relink with fuzzing engine
-TS="$(find /usr/local/lib/python3.* -name '_imaging.*.so')"
-$CXX -pthread -shared $CXXFLAGS $LIB_FUZZING_ENGINE ${BUILD_DIR}/*.o ${BUILD_DIR}/libImaging/*.o \
- -L/usr/local/lib -L/lib/x86_64-linux-gnu -L/usr/lib/x86_64-linux-gnu \
- -L/usr/lib/x86_64-linux-gnu/libfakeroot -L/usr/lib -L/lib -L/usr/local/lib \
- -ljpeg -lz -lxcb -lfreetype -lopenjp2 -ltiff -llcms2 -lwebp -lwebpmux -lwebpdemux \
- -o ${TS} -stdlib=libc++
-
# Build fuzzers in $OUT.
for fuzzer in $(find $SRC -name 'fuzz_*.py'); do
fuzzer_basename=$(basename -s .py $fuzzer)
fuzzer_package=${fuzzer_basename}.pkg
- pyinstaller --distpath $OUT --onefile --name $fuzzer_package $fuzzer
+ pyinstaller \
+ --add-binary /usr/local/lib/libjpeg.so.9:. \
+ --add-binary /usr/local/lib/libfreetype.so.6:. \
+ --add-binary /usr/local/lib/liblcms2.so.2:. \
+ --add-binary /usr/local/lib/libopenjp2.so.7:. \
+ --add-binary /usr/local/lib/libpng16.so.16:. \
+ --add-binary /usr/local/lib/libtiff.so.5:. \
+ --add-binary /usr/local/lib/libwebp.so.7:. \
+ --add-binary /usr/local/lib/libwebpdemux.so.2:. \
+ --add-binary /usr/local/lib/libwebpmux.so.3:. \
+ --add-binary /usr/local/lib/libxcb.so.1:. \
+ --distpath $OUT --onefile --name $fuzzer_package $fuzzer
# Create execution wrapper.
echo "#!/bin/sh
diff --git a/projects/pillow/fuzz_pillow.py b/projects/pillow/fuzz_pillow.py
deleted file mode 100644
index d501811..0000000
--- a/projects/pillow/fuzz_pillow.py
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/usr/bin/python3
-
-# Copyright 2020 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-import atheris_no_libfuzzer as atheris
-import sys
-import os
-import io
-import warnings
-from PIL import Image, ImageFile, ImageFilter
-
-def TestOneInput(data):
- try:
- with Image.open(io.BytesIO(data)) as im:
- im.rotate(45)
- im.filter(ImageFilter.DETAIL)
- im.save(io.BytesIO(), "BMP")
- except Exception:
- # We're catching all exceptions because Pillow's exceptions are
- # directly inheriting from Exception.
- return
- return
-
-def main():
- ImageFile.LOAD_TRUNCATED_IMAGES = True
- warnings.filterwarnings("ignore")
- atheris.Setup(sys.argv, TestOneInput, enable_python_coverage=True)
- atheris.Fuzz()
-
-if __name__ == "__main__":
- main()
-
diff --git a/projects/poppler/Dockerfile b/projects/poppler/Dockerfile
index 6ceb739..c1b0355 100644
--- a/projects/poppler/Dockerfile
+++ b/projects/poppler/Dockerfile
@@ -15,7 +15,7 @@
################################################################################
FROM gcr.io/oss-fuzz-base/base-builder
-RUN apt-get update && apt-get install -y wget autoconf automake libtool pkg-config cmake gperf
+RUN apt-get update && apt-get install -y wget autoconf automake libtool pkg-config gperf
RUN pip3 install meson ninja
RUN git clone --depth 1 https://github.com/madler/zlib.git
diff --git a/projects/poppler/build.sh b/projects/poppler/build.sh
index 4f28930..23692dd 100755
--- a/projects/poppler/build.sh
+++ b/projects/poppler/build.sh
@@ -166,7 +166,7 @@
for f in $fuzzers; do
fuzzer_name=$(basename $f .cc)
- $CXX $CXXFLAGS -std=c++11 -I$SRC/poppler/cpp \
+ $CXX $CXXFLAGS -std=c++11 -I$SRC/poppler/cpp -I$SRC/poppler/build/cpp \
$BUILD_CFLAGS \
$f -o $OUT/$fuzzer_name \
$PREDEPS_LDFLAGS \
@@ -213,7 +213,7 @@
fuzzer_name=$(basename $f .cc)
$CXX $CXXFLAGS -std=c++11 -fPIC \
- -I$SRC/poppler/qt5/src \
+ -I$SRC/poppler/qt5/src -I$SRC/poppler/build/qt5/src \
$BUILD_CFLAGS \
$f -o $OUT/$fuzzer_name \
$PREDEPS_LDFLAGS \
diff --git a/projects/postgresql/add_fuzzers.diff b/projects/postgresql/add_fuzzers.diff
index 2d3ce7b..86b106c 100644
--- a/projects/postgresql/add_fuzzers.diff
+++ b/projects/postgresql/add_fuzzers.diff
@@ -1,26 +1,25 @@
diff --git a/src/backend/tcop/postgres.c b/src/backend/tcop/postgres.c
-index c9424f167c..aa2897ec63 100644
+index cb5a96117f..c9b4880085 100644
--- a/src/backend/tcop/postgres.c
+++ b/src/backend/tcop/postgres.c
-@@ -101,6 +101,10 @@ int max_stack_depth = 100;
+@@ -102,6 +102,9 @@ int max_stack_depth = 100;
/* wait N seconds to allow attach from a debugger */
int PostAuthDelay = 0;
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+bool fuzzer_first_run = true;
+#endif
-+
/* ----------------
-@@ -505,11 +509,14 @@ static int
- ReadCommand(StringInfo inBuf)
+@@ -507,10 +510,15 @@ ReadCommand(StringInfo inBuf)
{
int result;
--
+
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-+ result = SocketBackend(inBuf);
++ result = SocketBackend(inBuf);
+#else
++
if (whereToSendOutput == DestRemote)
result = SocketBackend(inBuf);
else
@@ -29,34 +28,35 @@
return result;
}
-@@ -3784,6 +3791,10 @@ PostgresMain(int argc, char *argv[],
- volatile bool send_ready_for_query = true;
- bool disable_idle_in_transaction_timeout = false;
+@@ -3846,6 +3854,11 @@ PostgresMain(int argc, char *argv[],
+ bool idle_in_transaction_timeout_enabled = false;
+ bool idle_session_timeout_enabled = false;
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-+ if(fuzzer_first_run)
-+ {
++ if(fuzzer_first_run)
++ {
+#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
++
/* Initialize startup process environment if necessary. */
if (!IsUnderPostmaster)
InitStandaloneProcess(argv[0]);
-@@ -4151,6 +4162,11 @@ PostgresMain(int argc, char *argv[],
+@@ -4207,6 +4220,11 @@ PostgresMain(int argc, char *argv[],
if (!ignore_till_sync)
send_ready_for_query = true; /* initially, or after error */
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-+ fuzzer_first_run=false;
-+ }
++ fuzzer_first_run=false;
++ }
+#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
+
/*
* Non-error queries loop here.
*/
diff --git a/src/backend/utils/error/elog.c b/src/backend/utils/error/elog.c
-index d0b368530e..02a3e9066e 100644
+index 80c2672461..c16e0423c5 100644
--- a/src/backend/utils/error/elog.c
+++ b/src/backend/utils/error/elog.c
-@@ -513,7 +513,9 @@ errfinish(const char *filename, int lineno, const char *funcname)
+@@ -600,7 +600,9 @@ errfinish(const char *filename, int lineno, const char *funcname)
pq_endcopyout(true);
/* Emit the message to the right places */
diff --git a/projects/postgresql/fuzzer/simple_query_fuzzer.c b/projects/postgresql/fuzzer/simple_query_fuzzer.c
index 3ba6b50..29c1362 100644
--- a/projects/postgresql/fuzzer/simple_query_fuzzer.c
+++ b/projects/postgresql/fuzzer/simple_query_fuzzer.c
@@ -46,7 +46,7 @@
StartTransactionCommand();
oldcontext = MemoryContextSwitchTo(MessageContext);
- parsetree_list = raw_parser(query_string);
+ parsetree_list = raw_parser(query_string, RAW_PARSE_TYPE_NAME);
MemoryContextSwitchTo(oldcontext);
use_implicit_block = (list_length(parsetree_list) > 1);
diff --git a/projects/postgresql/project.yaml b/projects/postgresql/project.yaml
index 9517c60..5cc7a3f 100644
--- a/projects/postgresql/project.yaml
+++ b/projects/postgresql/project.yaml
@@ -1,4 +1,5 @@
homepage: "https://postgresql.org"
+main_repo: "https://git.postgresql.org/git/postgresql"
primary_contact: "sfrost@snowman.net"
language: c
auto_ccs:
@@ -8,5 +9,6 @@
fuzzing_engines:
- libfuzzer
- honggfuzz
+ - afl
sanitizers:
- address
diff --git a/projects/proj4/Dockerfile b/projects/proj4/Dockerfile
index 8d97906..da7263a 100644
--- a/projects/proj4/Dockerfile
+++ b/projects/proj4/Dockerfile
@@ -16,7 +16,7 @@
FROM gcr.io/oss-fuzz-base/base-builder
RUN apt-get update && \
- apt-get install -y make autoconf automake libtool g++ sqlite3 pkg-config
+ apt-get install -y make autoconf automake libtool g++ sqlite3 pkg-config wget
RUN git clone --depth 1 https://github.com/OSGeo/proj proj
diff --git a/projects/prometheus/Dockerfile b/projects/prometheus/Dockerfile
index d856df0..7e22750 100644
--- a/projects/prometheus/Dockerfile
+++ b/projects/prometheus/Dockerfile
@@ -15,7 +15,8 @@
################################################################################
FROM gcr.io/oss-fuzz-base/base-builder
-RUN go get github.com/prometheus/prometheus/cmd/...
+ENV GO111MODULE=on
+RUN git clone https://github.com/prometheus/prometheus $GOPATH/src/github.com/prometheus/prometheus
COPY build.sh $SRC/
-RUN mkdir $SRC/prometheus/
-WORKDIR $SRC/prometheus/
+# Required to avoid 'working directory is not part of a module' error.
+WORKDIR $GOPATH/src/github.com/prometheus/prometheus
diff --git a/projects/protobuf-c/Dockerfile b/projects/protobuf-c/Dockerfile
index e0f854a..c4407cc 100644
--- a/projects/protobuf-c/Dockerfile
+++ b/projects/protobuf-c/Dockerfile
@@ -16,9 +16,9 @@
FROM gcr.io/oss-fuzz-base/base-builder
MAINTAINER guidovranken@gmail.com
-RUN apt-get update && apt-get install -y make autoconf automake libtool
+RUN apt-get update && apt-get install -y make autoconf automake libtool pkg-config
RUN git clone --depth 1 --recursive https://github.com/protocolbuffers/protobuf.git
-RUN git clone --depth 1 https://github.com/protobuf-c/protobuf-c.git
+RUN git clone --depth 1 https://github.com/protobuf-c/protobuf-c.git -b next
RUN git clone --depth 1 https://github.com/guidovranken/fuzzing-headers.git
RUN git clone --depth 1 https://github.com/guidovranken/protobuf-c-fuzzers.git
COPY build.sh $SRC/
diff --git a/projects/protobuf-c/build.sh b/projects/protobuf-c/build.sh
index f0aabdc..8eda36a 100755
--- a/projects/protobuf-c/build.sh
+++ b/projects/protobuf-c/build.sh
@@ -27,6 +27,11 @@
export CXXFLAGS="$CXXFLAGS -DMSAN"
fi
+if [[ $SANITIZER = coverage ]]
+then
+ export CXXFLAGS="$CXXFLAGS -fno-use-cxa-atexit"
+fi
+
mkdir $SRC/protobuf-install/
cd $SRC/protobuf/
./autogen.sh
@@ -38,7 +43,8 @@
cd $SRC/protobuf-c/
./autogen.sh
-protobuf_LIBS="-L/$SRC/protobuf-install/lib -lprotobuf" protobuf_CFLAGS="-I $SRC/protobuf-install/include/" ./configure --enable-static=yes --enable-shared=false
+./configure --enable-static=yes --enable-shared=false PKG_CONFIG_PATH=$SRC/protobuf-install/lib/pkgconfig
+
make -j$(nproc)
cd $SRC/fuzzing-headers/
diff --git a/projects/protobuf-c/project.yaml b/projects/protobuf-c/project.yaml
index 6ba2998..9103f1b 100644
--- a/projects/protobuf-c/project.yaml
+++ b/projects/protobuf-c/project.yaml
@@ -1,6 +1,8 @@
homepage: "https://github.com/protobuf-c/protobuf-c"
language: c
primary_contact: "guidovranken@gmail.com"
+auto_ccs:
+ - "ilya.lipnitskiy@gmail.com"
sanitizers:
- address
- memory
@@ -8,3 +10,4 @@
- x86_64
- i386
main_repo: 'https://github.com/protobuf-c/protobuf-c.git'
+coverage_extra_args: -ignore-filename-regex=.*/protobuf-install/.*
diff --git a/projects/qemu/Dockerfile b/projects/qemu/Dockerfile
index baf4d47..779fc39 100644
--- a/projects/qemu/Dockerfile
+++ b/projects/qemu/Dockerfile
@@ -16,7 +16,8 @@
FROM gcr.io/oss-fuzz-base/base-builder
RUN apt-get update && apt-get install -y make autoconf automake libtool \
- libglib2.0-dev libfdt-dev libpixman-1-dev zlib1g-dev patchelf wget
+ libglib2.0-dev libfdt-dev libpixman-1-dev zlib1g-dev patchelf wget \
+ libattr1 libattr1-dev libcap-ng-dev
# Ninja in the apt repos is too old. Get it directly from github
RUN wget https://github.com/ninja-build/ninja/releases/latest/download/ninja-linux.zip \
&& unzip ninja-linux.zip \
diff --git a/projects/qemu/project.yaml b/projects/qemu/project.yaml
index 87a3721..0974830 100644
--- a/projects/qemu/project.yaml
+++ b/projects/qemu/project.yaml
@@ -12,7 +12,6 @@
- undefined
fuzzing_engines:
- libfuzzer
- - honggfuzz
architectures:
- x86_64
main_repo: 'https://git.qemu.org/git/qemu.git'
diff --git a/projects/qt/Dockerfile b/projects/qt/Dockerfile
index db47bed..4d5e91d 100644
--- a/projects/qt/Dockerfile
+++ b/projects/qt/Dockerfile
@@ -15,7 +15,11 @@
################################################################################
FROM gcr.io/oss-fuzz-base/base-builder
-RUN apt-get update && apt-get install -y ninja-build
+RUN apt-get update && apt-get install -y ninja-build libc6-dev:i386
+RUN git clone --depth 1 https://github.com/AFLplusplus/AFLplusplus.git myaflplusplus && \
+ cp -r myaflplusplus/dictionaries afldictionaries && \
+ cp -r myaflplusplus/testcases afltestcases && \
+ rm -rf myaflplusplus
RUN git clone --branch dev --depth 1 --shallow-submodules \
--recurse-submodules=qtbase \
--recurse-submodules=qtsvg \
diff --git a/projects/qt/project.yaml b/projects/qt/project.yaml
index d764029..9410067 100644
--- a/projects/qt/project.yaml
+++ b/projects/qt/project.yaml
@@ -5,4 +5,5 @@
- "shawn.t.rutledge@gmail.com"
architectures:
- x86_64
+ - i386
main_repo: 'git://code.qt.io/qt/qt5.git'
diff --git a/projects/quic-go/Dockerfile b/projects/quic-go/Dockerfile
index f9889e3..9ee792c 100644
--- a/projects/quic-go/Dockerfile
+++ b/projects/quic-go/Dockerfile
@@ -16,12 +16,12 @@
FROM gcr.io/oss-fuzz-base/base-builder
-RUN go get -u -d github.com/marten-seemann/qpack/ && \
- cd /root/go/src/github.com/marten-seemann/qpack && \
+RUN git clone --depth 1 https://github.com/marten-seemann/qpack/ && \
+ cd qpack && \
go build
-RUN go get -u -d github.com/lucas-clemente/quic-go/ && \
- cd /root/go/src/github.com/lucas-clemente/quic-go && \
+RUN git clone --depth 1 https://github.com/lucas-clemente/quic-go/ && \
+ cd quic-go && \
go build
COPY build.sh .
diff --git a/projects/quic-go/build.sh b/projects/quic-go/build.sh
index 6be3fae..4ed3b62 100644
--- a/projects/quic-go/build.sh
+++ b/projects/quic-go/build.sh
@@ -17,11 +17,14 @@
set -ex
-
-
+(
+cd qpack
# Fuzz qpack
compile_go_fuzzer github.com/marten-seemann/qpack/fuzzing Fuzz qpack_fuzzer
+)
+(
+cd quic-go
# Fuzz quic-go
compile_go_fuzzer github.com/lucas-clemente/quic-go/fuzzing/frames Fuzz frame_fuzzer
compile_go_fuzzer github.com/lucas-clemente/quic-go/fuzzing/header Fuzz header_fuzzer
@@ -29,13 +32,18 @@
compile_go_fuzzer github.com/lucas-clemente/quic-go/fuzzing/tokens Fuzz token_fuzzer
compile_go_fuzzer github.com/lucas-clemente/quic-go/fuzzing/handshake Fuzz handshake_fuzzer
+if [ $SANITIZER == "coverage" ]; then
+ # no need for corpuses if coverage
+ exit 0
+fi
# generate seed corpora
-go generate $GOPATH/src/github.com/lucas-clemente/quic-go/fuzzing/...
+go generate ./fuzzing/...
-zip --quiet -r $OUT/header_fuzzer_seed_corpus.zip $GOPATH/src/github.com/lucas-clemente/quic-go/fuzzing/header/corpus
-zip --quiet -r $OUT/frame_fuzzer_seed_corpus.zip $GOPATH/src/github.com/lucas-clemente/quic-go/fuzzing/frames/corpus
-zip --quiet -r $OUT/transportparameter_fuzzer_seed_corpus.zip $GOPATH/src/github.com/lucas-clemente/quic-go/fuzzing/transportparameters/corpus
-zip --quiet -r $OUT/handshake_fuzzer_seed_corpus.zip $GOPATH/src/github.com/lucas-clemente/quic-go/fuzzing/handshake/corpus
+zip --quiet -r $OUT/header_fuzzer_seed_corpus.zip fuzzing/header/corpus
+zip --quiet -r $OUT/frame_fuzzer_seed_corpus.zip fuzzing/frames/corpus
+zip --quiet -r $OUT/transportparameter_fuzzer_seed_corpus.zip fuzzing/transportparameters/corpus
+zip --quiet -r $OUT/handshake_fuzzer_seed_corpus.zip fuzzing/handshake/corpus
+)
# for debugging
ls -al $OUT
diff --git a/projects/radon/Dockerfile b/projects/radon/Dockerfile
index 9dbcd12..fe4c6ca 100644
--- a/projects/radon/Dockerfile
+++ b/projects/radon/Dockerfile
@@ -15,6 +15,6 @@
################################################################################
FROM gcr.io/oss-fuzz-base/base-builder
-RUN go get github.com/radondb/radon/src/fuzz/sqlparser
+RUN git clone --depth 1 https://github.com/radondb/radon
COPY build.sh $SRC/
-WORKDIR $SRC/
+WORKDIR $SRC/radon
diff --git a/projects/radon/build.sh b/projects/radon/build.sh
index 8bbc04a..ffc9789 100644
--- a/projects/radon/build.sh
+++ b/projects/radon/build.sh
@@ -16,4 +16,6 @@
################################################################################
-compile_go_fuzzer github.com/radondb/radon/src/fuzz/sqlparser Fuzz fuzz
+cd ./src/fuzz/sqlparser
+go mod init github.com/radondb/radon/src/fuzz/sqlparser
+compile_go_fuzzer . Fuzz fuzz
diff --git a/projects/relic/build.sh b/projects/relic/build.sh
index feda5d7..552b14f 100755
--- a/projects/relic/build.sh
+++ b/projects/relic/build.sh
@@ -33,7 +33,13 @@
cd $SRC/relic/
mkdir build/
cd build/
-cmake .. -DCOMP="$CFLAGS" -DQUIET=on -DRAND=CALL -DSHLIB=off -DSTBIN=off -DTESTS=0 -DBENCH=0 -DALLOC=DYNAMIC
+if [[ $CFLAGS = *-m32* ]]
+then
+ export RELIC_ARCH="X86"
+else
+ export RELIC_ARCH="X64"
+fi
+cmake .. -DCOMP="$CFLAGS" -DQUIET=on -DRAND=CALL -DSHLIB=off -DSTBIN=off -DTESTS=0 -DBENCH=0 -DALLOC=DYNAMIC -DARCH=$RELIC_ARCH
make -j$(nproc)
cd ../..
export RELIC_PATH=$(realpath relic)
@@ -49,7 +55,7 @@
fi
make -j$(nproc)
-export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_BOTAN"
+export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_BOTAN -DCRYPTOFUZZ_BOTAN_IS_ORACLE"
export LIBBOTAN_A_PATH="$SRC/botan/libbotan-3.a"
export BOTAN_INCLUDE_PATH="$SRC/botan/build/include"
@@ -59,9 +65,10 @@
rm extra_options.h
echo -n '"' >>extra_options.h
echo -n '--force-module=relic ' >>extra_options.h
-echo -n '--operations=BignumCalc,ECC_PrivateToPublic,ECDSA_Sign,ECDSA_Verify ' >>extra_options.h
+echo -n '--operations=BignumCalc,ECC_PrivateToPublic,ECC_ValidatePubkey,ECDSA_Sign,ECDSA_Verify,Digest,HMAC,KDF_X963 ' >>extra_options.h
echo -n '--curves=secp256k1,secp256r1 ' >>extra_options.h
-echo -n '--digests=NULL ' >>extra_options.h
+echo -n '--digests=NULL,SHA224,SHA256,SHA384,SHA512,BLAKE2S160,BLAKE2S256 ' >>extra_options.h
+echo -n '--calcops=Abs,Add,Bit,ClearBit,Cmp,CmpAbs,Div,ExpMod,GCD,InvMod,IsEven,IsOdd,IsZero,Jacobi,LCM,LShift1,Mod,Mul,Neg,NumBits,RShift,SetBit,Sqr,Sqrt,Sub ' >>extra_options.h
echo -n '"' >>extra_options.h
cd modules/relic/
make -B -j$(nproc)
diff --git a/projects/relic/project.yaml b/projects/relic/project.yaml
index 823b4f9..98fb04f 100644
--- a/projects/relic/project.yaml
+++ b/projects/relic/project.yaml
@@ -10,3 +10,4 @@
- memory
architectures:
- x86_64
+ - i386
diff --git a/projects/rnp/build.sh b/projects/rnp/build.sh
index 7e0833c..1bfd8aa 100755
--- a/projects/rnp/build.sh
+++ b/projects/rnp/build.sh
@@ -60,6 +60,6 @@
done
mkdir -p "${OUT}/lib"
-cp src/lib/librnp-0.so.0 "${OUT}/lib/"
+cp src/lib/librnp.so.0 "${OUT}/lib/"
cp /usr/lib/libbotan-2.so.16 "${OUT}/lib/"
cp /lib/x86_64-linux-gnu/libjson-c.so.2 "${OUT}/lib/"
diff --git a/projects/runc/Dockerfile b/projects/runc/Dockerfile
new file mode 100644
index 0000000..78616e9
--- /dev/null
+++ b/projects/runc/Dockerfile
@@ -0,0 +1,20 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN git clone --depth 1 https://github.com/opencontainers/runc
+COPY build.sh $SRC/
+WORKDIR $SRC/runc
diff --git a/projects/runc/build.sh b/projects/runc/build.sh
new file mode 100644
index 0000000..4f0b084
--- /dev/null
+++ b/projects/runc/build.sh
@@ -0,0 +1,18 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+$SRC/runc/tests/fuzzing/oss_fuzz_build.sh
diff --git a/projects/runc/project.yaml b/projects/runc/project.yaml
new file mode 100644
index 0000000..fc387c8
--- /dev/null
+++ b/projects/runc/project.yaml
@@ -0,0 +1,16 @@
+homepage: "https://github.com/opencontainers/runc"
+main_repo: "https://github.com/opencontainers/runc"
+primary_contact: "cyphar@cyphar.com"
+auto_ccs:
+ - "adam@adalogics.com"
+ - "michael@docker.com"
+ - "mpatel@redhat.com"
+ - "dqminh89@gmail.com"
+ - "h.huangqiang@huawei.com"
+ - "akihiro.suda.cz@hco.ntt.co.jp"
+ - "kolyshkin@gmail.com"
+language: go
+fuzzing_engines:
+ - libfuzzer
+sanitizers:
+ - address
diff --git a/projects/rustls/Dockerfile b/projects/rustls/Dockerfile
new file mode 100644
index 0000000..7406a47
--- /dev/null
+++ b/projects/rustls/Dockerfile
@@ -0,0 +1,25 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y make autoconf automake libtool curl cmake python llvm-dev libclang-dev clang
+
+RUN git clone https://github.com/ctz/rustls
+
+WORKDIR $SRC
+
+COPY build.sh $SRC/
+COPY persist.rs $SRC/rustls/fuzz/fuzzers/persist.rs
diff --git a/projects/rustls/build.sh b/projects/rustls/build.sh
new file mode 100755
index 0000000..d00359e
--- /dev/null
+++ b/projects/rustls/build.sh
@@ -0,0 +1,25 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+cd $SRC/rustls
+cargo fuzz build -O
+cp fuzz/target/x86_64-unknown-linux-gnu/release/client $OUT/
+cp fuzz/target/x86_64-unknown-linux-gnu/release/deframer $OUT/
+cp fuzz/target/x86_64-unknown-linux-gnu/release/fragment $OUT/
+cp fuzz/target/x86_64-unknown-linux-gnu/release/hsjoiner $OUT/
+cp fuzz/target/x86_64-unknown-linux-gnu/release/message $OUT/
+cp fuzz/target/x86_64-unknown-linux-gnu/release/server $OUT/
diff --git a/projects/rustls/persist.rs b/projects/rustls/persist.rs
new file mode 100644
index 0000000..186cd9a
--- /dev/null
+++ b/projects/rustls/persist.rs
@@ -0,0 +1,30 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+//limitations under the License.
+//
+//################################################################################
+#![no_main]
+#[macro_use] extern crate libfuzzer_sys;
+extern crate rustls;
+
+use rustls::internal::msgs::persist;
+use rustls::internal::msgs::codec::{Reader, Codec};
+
+fn try_type<T>(data: &[u8]) where T: Codec {
+ let mut rdr = Reader::init(data);
+ T::read(&mut rdr);
+}
+
+fuzz_target!(|data: &[u8]| {
+ try_type::<persist::ServerSessionValue>(data);
+});
diff --git a/projects/rustls/project.yaml b/projects/rustls/project.yaml
new file mode 100644
index 0000000..73e4f27
--- /dev/null
+++ b/projects/rustls/project.yaml
@@ -0,0 +1,10 @@
+homepage: "https://github.com/ctz/rustls"
+main_repo: "https://github.com/ctz/rustls"
+primary_contact: "jpixton@gmail.com"
+sanitizers:
+ - address
+fuzzing_engines:
+ - libfuzzer
+language: rust
+auto_ccs:
+ - "david@adalogics.com"
diff --git a/projects/serenity/project.yaml b/projects/serenity/project.yaml
index b781d18..70acba0 100644
--- a/projects/serenity/project.yaml
+++ b/projects/serenity/project.yaml
@@ -8,6 +8,7 @@
- "luke.wilde@live.co.uk"
- "bugaevc@serenityos.org"
- "b.gianfo@gmail.com"
+ - "idan.horowitz@gmail.com"
- "~awesomekling/serenityos-dev@lists.sr.ht"
# Bug reports are public by default:
diff --git a/projects/skia/build.sh b/projects/skia/build.sh
index a8b111d..0f6d73f 100644
--- a/projects/skia/build.sh
+++ b/projects/skia/build.sh
@@ -15,12 +15,6 @@
#
################################################################################
-# afl++ CMPLOG test:
-test "$FUZZING_ENGINE" = "afl" && {
- export AFL_LLVM_CMPLOG=1
- touch $OUT/afl_cmplog.txt
-}
-
# Build SwiftShader
pushd third_party/externals/swiftshader/
export SWIFTSHADER_INCLUDE_PATH=$PWD/include
@@ -44,13 +38,15 @@
CMAKE_SANITIZER="SWIFTSHADER_UBSAN_DISABLED"
elif [ $SANITIZER == "coverage" ]; then
CMAKE_SANITIZER="SWIFTSHADER_EMIT_COVERAGE"
+elif [ $SANITIZER == "thread" ]; then
+ CMAKE_SANITIZER="SWIFTSHADER_UBSAN_DISABLED"
else
exit 1
fi
CFLAGS= CXXFLAGS="-stdlib=libc++" cmake .. -GNinja -DCMAKE_MAKE_PROGRAM="$SRC/depot_tools/ninja" -D$CMAKE_SANITIZER=1
$SRC/depot_tools/ninja libGLESv2 libEGL
-cp libGLESv2.so libEGL.so $OUT
+mv libGLESv2.so libEGL.so $OUT
export SWIFTSHADER_LIB_PATH=$OUT
popd
@@ -104,6 +100,7 @@
android_codec \
animated_image_decode \
api_create_ddl \
+ api_ddl_threading \
api_draw_functions \
api_gradients \
api_image_filter \
@@ -113,6 +110,7 @@
api_pathop \
api_polyutils \
api_raster_n32_canvas \
+ api_regionop \
api_skparagraph \
api_svg_canvas \
image_decode \
@@ -139,25 +137,19 @@
rm -rf $OUT/data
mkdir $OUT/data
-cp out/Fuzz/region_deserialize $OUT/region_deserialize
+mv out/Fuzz/region_deserialize $OUT/region_deserialize
-cp out/Fuzz/region_set_path $OUT/region_set_path
-cp ../skia_data/region_set_path_seed_corpus.zip $OUT/region_set_path_seed_corpus.zip
+mv out/Fuzz/region_set_path $OUT/region_set_path
+mv ../skia_data/region_set_path_seed_corpus.zip $OUT/region_set_path_seed_corpus.zip
-cp out/Fuzz/textblob_deserialize $OUT/textblob_deserialize
-cp ../skia_data/textblob_deserialize_seed_corpus.zip $OUT/textblob_deserialize_seed_corpus.zip
+mv out/Fuzz/textblob_deserialize $OUT/textblob_deserialize
+mv ../skia_data/textblob_deserialize_seed_corpus.zip $OUT/textblob_deserialize_seed_corpus.zip
-cp out/Fuzz/path_deserialize $OUT/path_deserialize
-cp ../skia_data/path_deserialize_seed_corpus.zip $OUT/path_deserialize_seed_corpus.zip
+mv out/Fuzz/path_deserialize $OUT/path_deserialize
+mv ../skia_data/path_deserialize_seed_corpus.zip $OUT/path_deserialize_seed_corpus.zip
-cp out/Fuzz/image_decode $OUT/image_decode
-cp ../skia_data/image_decode_seed_corpus.zip $OUT/image_decode_seed_corpus.zip
-
-cp out/Fuzz/animated_image_decode $OUT/animated_image_decode
-cp ../skia_data/animated_image_decode_seed_corpus.zip $OUT/animated_image_decode_seed_corpus.zip
-
-cp out/Fuzz/image_filter_deserialize $OUT/image_filter_deserialize
-cp ../skia_data/image_filter_deserialize_seed_corpus.zip $OUT/image_filter_deserialize_seed_corpus.zip
+mv out/Fuzz/animated_image_decode $OUT/animated_image_decode
+mv ../skia_data/animated_image_decode_seed_corpus.zip $OUT/animated_image_decode_seed_corpus.zip
# Only create the width version of image_filter_deserialize if building with
# libfuzzer, since it depends on a libfuzzer specific flag.
@@ -165,87 +157,101 @@
then
# Use the same binary as image_filter_deserialize.
cp out/Fuzz/image_filter_deserialize $OUT/image_filter_deserialize_width
- cp ../skia_data/image_filter_deserialize_width.options $OUT/image_filter_deserialize_width.options
+ mv ../skia_data/image_filter_deserialize_width.options $OUT/image_filter_deserialize_width.options
# Use the same seed corpus as image_filter_deserialize.
cp ../skia_data/image_filter_deserialize_seed_corpus.zip $OUT/image_filter_deserialize_width_seed_corpus.zip
fi
-cp out/Fuzz/api_draw_functions $OUT/api_draw_functions
-cp ../skia_data/api_draw_functions_seed_corpus.zip $OUT/api_draw_functions_seed_corpus.zip
+mv out/Fuzz/image_filter_deserialize $OUT/image_filter_deserialize
+mv ../skia_data/image_filter_deserialize_seed_corpus.zip $OUT/image_filter_deserialize_seed_corpus.zip
-cp out/Fuzz/api_gradients $OUT/api_gradients
-cp ../skia_data/api_gradients_seed_corpus.zip $OUT/api_gradients_seed_corpus.zip
+mv out/Fuzz/api_draw_functions $OUT/api_draw_functions
+mv ../skia_data/api_draw_functions_seed_corpus.zip $OUT/api_draw_functions_seed_corpus.zip
-cp out/Fuzz/api_path_measure $OUT/api_path_measure
-cp ../skia_data/api_path_measure_seed_corpus.zip $OUT/api_path_measure_seed_corpus.zip
+mv out/Fuzz/api_gradients $OUT/api_gradients
+mv ../skia_data/api_gradients_seed_corpus.zip $OUT/api_gradients_seed_corpus.zip
-cp out/Fuzz/api_pathop $OUT/api_pathop
-cp ../skia_data/api_pathop_seed_corpus.zip $OUT/api_pathop_seed_corpus.zip
+mv out/Fuzz/api_path_measure $OUT/api_path_measure
+mv ../skia_data/api_path_measure_seed_corpus.zip $OUT/api_path_measure_seed_corpus.zip
-cp out/Fuzz/png_encoder $OUT/png_encoder
+mv out/Fuzz/api_pathop $OUT/api_pathop
+mv ../skia_data/api_pathop_seed_corpus.zip $OUT/api_pathop_seed_corpus.zip
+
+# These 3 use the same corpus.
+mv out/Fuzz/png_encoder $OUT/png_encoder
cp ../skia_data/encoder_seed_corpus.zip $OUT/png_encoder_seed_corpus.zip
-cp out/Fuzz/jpeg_encoder $OUT/jpeg_encoder
+mv out/Fuzz/jpeg_encoder $OUT/jpeg_encoder
cp ../skia_data/encoder_seed_corpus.zip $OUT/jpeg_encoder_seed_corpus.zip
-cp out/Fuzz/webp_encoder $OUT/webp_encoder
-cp ../skia_data/encoder_seed_corpus.zip $OUT/webp_encoder_seed_corpus.zip
+mv out/Fuzz/webp_encoder $OUT/webp_encoder
+mv ../skia_data/encoder_seed_corpus.zip $OUT/webp_encoder_seed_corpus.zip
-cp out/Fuzz/skottie_json $OUT/skottie_json
-cp ../skia_data/skottie_json_seed_corpus.zip $OUT/skottie_json_seed_corpus.zip
+mv out/Fuzz/skottie_json $OUT/skottie_json
+mv ../skia_data/skottie_json_seed_corpus.zip $OUT/skottie_json_seed_corpus.zip
-cp out/Fuzz/skjson $OUT/skjson
-cp ../skia_data/json.dict $OUT/skjson.dict
-cp ../skia_data/skjson_seed_corpus.zip $OUT/skjson_seed_corpus.zip
+mv out/Fuzz/skjson $OUT/skjson
+mv ../skia_data/json.dict $OUT/skjson.dict
+mv ../skia_data/skjson_seed_corpus.zip $OUT/skjson_seed_corpus.zip
-cp out/Fuzz/api_mock_gpu_canvas $OUT/api_mock_gpu_canvas
+# These 4 use the same canvas_seed_corpus.
+mv out/Fuzz/api_mock_gpu_canvas $OUT/api_mock_gpu_canvas
cp ../skia_data/canvas_seed_corpus.zip $OUT/api_mock_gpu_canvas_seed_corpus.zip
-cp out/Fuzz/api_raster_n32_canvas $OUT/api_raster_n32_canvas
+mv out/Fuzz/api_raster_n32_canvas $OUT/api_raster_n32_canvas
cp ../skia_data/canvas_seed_corpus.zip $OUT/api_raster_n32_canvas_seed_corpus.zip
-cp out/Fuzz/api_image_filter $OUT/api_image_filter
-cp ../skia_data/api_image_filter_seed_corpus.zip $OUT/api_image_filter_seed_corpus.zip
-
-cp out/Fuzz/api_null_canvas $OUT/api_null_canvas
-cp ../skia_data/canvas_seed_corpus.zip $OUT/api_null_canvas_seed_corpus.zip
-
-cp out/Fuzz/api_polyutils $OUT/api_polyutils
-cp ../skia_data/api_polyutils_seed_corpus.zip $OUT/api_polyutils_seed_corpus.zip
-
-# These 2 can use the same corpus as the (non animated) image_decode.
-cp out/Fuzz/android_codec $OUT/android_codec
-cp ../skia_data/image_decode_seed_corpus.zip $OUT/android_codec_seed_corpus.zip.
-
-cp out/Fuzz/image_decode_incremental $OUT/image_decode_incremental
-cp ../skia_data/image_decode_seed_corpus.zip $OUT/image_decode_incremental_seed_corpus.zip
-
-cp out/Fuzz/sksl2glsl $OUT/sksl2glsl
-cp ../skia_data/sksl_seed_corpus.zip $OUT/sksl2glsl_seed_corpus.zip
-
-cp out/Fuzz/sksl2spirv $OUT/sksl2spirv
-cp ../skia_data/sksl_seed_corpus.zip $OUT/sksl2spirv_seed_corpus.zip
-
-cp out/Fuzz/sksl2metal $OUT/sksl2metal
-cp ../skia_data/sksl_seed_corpus.zip $OUT/sksl2metal_seed_corpus.zip
-
-cp out/Fuzz/sksl2pipeline $OUT/sksl2pipeline
-cp ../skia_data/sksl_seed_corpus.zip $OUT/sksl2pipeline_seed_corpus.zip
-
-cp out/Fuzz/skdescriptor_deserialize $OUT/skdescriptor_deserialize
-
-cp out/Fuzz/svg_dom $OUT/svg_dom
-cp ../skia_data/svg_dom_seed_corpus.zip $OUT/svg_dom_seed_corpus.zip
-
-cp out/Fuzz/api_svg_canvas $OUT/api_svg_canvas
+mv out/Fuzz/api_svg_canvas $OUT/api_svg_canvas
cp ../skia_data/canvas_seed_corpus.zip $OUT/api_svg_canvas_seed_corpus.zip
-cp out/Fuzz/skruntimeeffect $OUT/skruntimeeffect
-cp ../skia_data/sksl_with_256_padding_seed_corpus.zip $OUT/skruntimeeffect_seed_corpus.zip
+mv out/Fuzz/api_null_canvas $OUT/api_null_canvas
+mv ../skia_data/canvas_seed_corpus.zip $OUT/api_null_canvas_seed_corpus.zip
-cp out/Fuzz/api_create_ddl $OUT/api_create_ddl
+mv out/Fuzz/api_image_filter $OUT/api_image_filter
+mv ../skia_data/api_image_filter_seed_corpus.zip $OUT/api_image_filter_seed_corpus.zip
-cp out/Fuzz/skp $OUT/skp
-cp ../skia_data/skp_seed_corpus.zip $OUT/skp_seed_corpus.zip
+mv out/Fuzz/api_polyutils $OUT/api_polyutils
+mv ../skia_data/api_polyutils_seed_corpus.zip $OUT/api_polyutils_seed_corpus.zip
-cp out/Fuzz/api_skparagraph $OUT/api_skparagraph
+# These 3 use the same corpus.
+mv out/Fuzz/image_decode $OUT/image_decode
+cp ../skia_data/image_decode_seed_corpus.zip $OUT/image_decode_seed_corpus.zip
+
+mv out/Fuzz/android_codec $OUT/android_codec
+cp ../skia_data/image_decode_seed_corpus.zip $OUT/android_codec_seed_corpus.zip.
+
+mv out/Fuzz/image_decode_incremental $OUT/image_decode_incremental
+mv ../skia_data/image_decode_seed_corpus.zip $OUT/image_decode_incremental_seed_corpus.zip
+
+# These 4 use the same sksl_seed_corpus.
+mv out/Fuzz/sksl2glsl $OUT/sksl2glsl
+cp ../skia_data/sksl_seed_corpus.zip $OUT/sksl2glsl_seed_corpus.zip
+
+mv out/Fuzz/sksl2spirv $OUT/sksl2spirv
+cp ../skia_data/sksl_seed_corpus.zip $OUT/sksl2spirv_seed_corpus.zip
+
+mv out/Fuzz/sksl2metal $OUT/sksl2metal
+cp ../skia_data/sksl_seed_corpus.zip $OUT/sksl2metal_seed_corpus.zip
+
+mv out/Fuzz/sksl2pipeline $OUT/sksl2pipeline
+mv ../skia_data/sksl_seed_corpus.zip $OUT/sksl2pipeline_seed_corpus.zip
+
+mv out/Fuzz/skdescriptor_deserialize $OUT/skdescriptor_deserialize
+
+mv out/Fuzz/svg_dom $OUT/svg_dom
+mv ../skia_data/svg_dom_seed_corpus.zip $OUT/svg_dom_seed_corpus.zip
+
+
+mv out/Fuzz/skruntimeeffect $OUT/skruntimeeffect
+mv ../skia_data/sksl_with_256_padding_seed_corpus.zip $OUT/skruntimeeffect_seed_corpus.zip
+
+mv out/Fuzz/api_create_ddl $OUT/api_create_ddl
+
+mv out/Fuzz/api_ddl_threading $OUT/api_ddl_threading
+
+mv out/Fuzz/skp $OUT/skp
+mv ../skia_data/skp_seed_corpus.zip $OUT/skp_seed_corpus.zip
+
+mv out/Fuzz/api_skparagraph $OUT/api_skparagraph
+
+mv out/Fuzz/api_regionop $OUT/api_regionop
diff --git a/projects/snappy/project.yaml b/projects/snappy/project.yaml
index da83622..6e5338a 100644
--- a/projects/snappy/project.yaml
+++ b/projects/snappy/project.yaml
@@ -3,8 +3,9 @@
primary_contact: "costan@google.com"
auto_ccs:
- "Adam@adalogics.com"
-sanitizers:
- - address
fuzzing_engines:
- libfuzzer
+ - afl
+sanitizers:
+ - address
main_repo: 'https://github.com/google/snappy'
diff --git a/projects/sound-open-firmware/project.yaml b/projects/sound-open-firmware/project.yaml
index dbef99a..4065def 100644
--- a/projects/sound-open-firmware/project.yaml
+++ b/projects/sound-open-firmware/project.yaml
@@ -3,7 +3,4 @@
language: c
auto_ccs:
- "ranjani.sridharan@intel.corp-partner.google.com"
-fuzzing_engines:
- - libfuzzer
- - honggfuzz
main_repo: "https://github.com/thesofproject/sof"
diff --git a/projects/spidermonkey-ufi/Dockerfile b/projects/spidermonkey-ufi/Dockerfile
index bf95bdf..25e4d2d 100644
--- a/projects/spidermonkey-ufi/Dockerfile
+++ b/projects/spidermonkey-ufi/Dockerfile
@@ -19,7 +19,12 @@
autoconf2.13 \
python \
libc++1 \
- libc++abi1
+ libc++abi1 \
+ m4
+
+# This wrapper of cargo seems to interfere with our build system.
+RUN rm -f /usr/local/bin/cargo
+
RUN git clone --depth=1 https://github.com/mozilla/gecko-dev mozilla-central
WORKDIR mozilla-central/js/src/
COPY build.sh target.c $SRC/
diff --git a/projects/spidermonkey-ufi/build.sh b/projects/spidermonkey-ufi/build.sh
index 31c5b95..9f70330 100755
--- a/projects/spidermonkey-ufi/build.sh
+++ b/projects/spidermonkey-ufi/build.sh
@@ -23,7 +23,7 @@
# Install dependencies.
export SHELL=/bin/bash
-../../mach bootstrap --no-interactive --application-choice browser
+../../mach --no-interactive bootstrap --application-choice browser
autoconf2.13
diff --git a/projects/spidermonkey/Dockerfile b/projects/spidermonkey/Dockerfile
index 91c8332..9c74dce 100644
--- a/projects/spidermonkey/Dockerfile
+++ b/projects/spidermonkey/Dockerfile
@@ -19,9 +19,13 @@
autoconf2.13 \
libc++1 \
libc++abi1 \
+ m4 \
yasm \
python
+# This wrapper of cargo seems to interfere with our build system.
+RUN rm -f /usr/local/bin/cargo
+
RUN git clone --depth=1 https://github.com/mozilla/gecko-dev mozilla-central
WORKDIR mozilla-central/js/src/
COPY build.sh $SRC/
diff --git a/projects/spidermonkey/build.sh b/projects/spidermonkey/build.sh
index d5f34b8..bf2e03b 100755
--- a/projects/spidermonkey/build.sh
+++ b/projects/spidermonkey/build.sh
@@ -17,7 +17,7 @@
# Install dependencies.
export SHELL=/bin/bash
-../../mach bootstrap --no-interactive --application-choice browser
+../../mach --no-interactive bootstrap --application-choice browser
autoconf2.13
diff --git a/projects/spotify-json/Dockerfile b/projects/spotify-json/Dockerfile
new file mode 100755
index 0000000..b39e5f9
--- /dev/null
+++ b/projects/spotify-json/Dockerfile
@@ -0,0 +1,21 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN git clone https://github.com/spotify/spotify-json
+
+WORKDIR $SRC/spotify-json
+COPY build.sh $SRC/
diff --git a/projects/spotify-json/build.sh b/projects/spotify-json/build.sh
new file mode 100755
index 0000000..9d15061
--- /dev/null
+++ b/projects/spotify-json/build.sh
@@ -0,0 +1,24 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+mkdir build && cd build
+cmake -DSPOTIFY_JSON_BUILD_TESTS=OFF ../
+make
+
+$CXX $CXXFLAGS $LIB_FUZZING_ENGINE ../fuzzers//fuzz_decode.cpp \
+ -I../include -I../vendor/double-conversion \
+ ./libspotify-json.a ./vendor/double-conversion/libdouble-conversion.a -lpthread -o $OUT/fuzz_decode
diff --git a/projects/spotify-json/project.yaml b/projects/spotify-json/project.yaml
new file mode 100755
index 0000000..134dd78
--- /dev/null
+++ b/projects/spotify-json/project.yaml
@@ -0,0 +1,6 @@
+homepage: "https://github.com/spotify/spotify-json"
+main_repo: 'https://github.com/spotify/spotify-json'
+primary_contact: "johanl@spotify.com"
+language: c++
+auto_ccs:
+ - "david@adalogics.com"
diff --git a/projects/sudoers/build.sh b/projects/sudoers/build.sh
index 6357394..905450c 100755
--- a/projects/sudoers/build.sh
+++ b/projects/sudoers/build.sh
@@ -18,67 +18,22 @@
# Debugging
env
-# Move ASAN-specific flags into ASAN_CFLAGS and ASAN_LDFLAGS
-# That way they don't affect configure but will get used when building.
+# Some of the sanitizer flags cause issues with configure tests.
+# Pull them out of CFLAGS and pass them to configure instead.
if [ $SANITIZER == "coverage" ]; then
- export ASAN_CFLAGS="$COVERAGE_FLAGS"
- export ASAN_LDFLAGS="$COVERAGE_FLAGS"
CFLAGS="`echo \"$CFLAGS\" | sed \"s/ $COVERAGE_FLAGS//\"`"
+ sanitizer_opts="$COVERAGE_FLAGS"
else
- export ASAN_CFLAGS="$SANITIZER_FLAGS"
- export ASAN_LDFLAGS="$SANITIZER_FLAGS"
CFLAGS="`echo \"$CFLAGS\" | sed \"s/ $SANITIZER_FLAGS//\"`"
+ sanitizer_opts="$SANITIZER_FLAGS"
fi
+# This is already added by --enable-fuzzer
+CFLAGS="`echo \"$CFLAGS\" | sed \"s/ -fsanitize=fuzzer-no-link//\"`"
-# Build sudo with static libs for simpler fuzzing
-./configure --enable-static-sudoers --enable-static --disable-shared-libutil \
- --disable-leaks --enable-warnings --enable-werror
-make -j$(nproc)
-
-# Fuzz I/O log JSON parser
-cd lib/iolog
-$CC $CFLAGS $ASAN_CFLAGS -c -I../../include -I../.. -I. \
- regress/fuzz/fuzz_iolog_json.c
-$CXX $CXXFLAGS $LIB_FUZZING_ENGINE -o $OUT/fuzz_iolog_json \
- fuzz_iolog_json.o .libs/libsudo_iolog.a \
- ../eventlog/.libs/libsudo_eventlog.a ../util/.libs/libsudo_util.a
-
-# Corpus for fuzzing I/O log JSON parser
-mkdir $WORK/corpus
-for f in `find regress/iolog_json -name '*.in'`; do
- cp $f $WORK/corpus/`sha1sum $f | cut -d' ' -f1`
-done
-zip -j $OUT/fuzz_iolog_json_seed_corpus.zip $WORK/corpus/*
-rm -rf $WORK/corpus
-
-# Fuzz sudoers parser
-cd ../../plugins/sudoers
-$CC $CFLAGS $ASAN_CFLAGS -c -I../../include -I../.. -I. \
- regress/fuzz/fuzz_sudoers.c
-$CXX $CXXFLAGS $LIB_FUZZING_ENGINE -o $OUT/fuzz_sudoers \
- fuzz_sudoers.o locale.o stubs.o sudo_printf.o \
- .libs/libparsesudoers.a ../../lib/util/.libs/libsudo_util.a
-
-# Corpus for fuzzing sudoers parser
-mkdir $WORK/corpus
-for f in sudoers `find regress/sudoers -name '*.in'`; do
- cp $f $WORK/corpus/`sha1sum $f | cut -d' ' -f1`
-done
-zip -j $OUT/fuzz_sudoers_seed_corpus.zip $WORK/corpus/*
-rm -rf $WORK/corpus
-
-# Fuzz sudoers LDIF parser (used by cvtsudoers)
-cd ../../plugins/sudoers
-$CC $CFLAGS $ASAN_CFLAGS -c -I../../include -I../.. -I. \
- regress/fuzz/fuzz_sudoers_ldif.c
-$CXX $CXXFLAGS $LIB_FUZZING_ENGINE -o $OUT/fuzz_sudoers_ldif \
- fuzz_sudoers_ldif.o parse_ldif.o ldap_util.o fmtsudoers.o locale.o stubs.o \
- sudo_printf.o .libs/libparsesudoers.a ../../lib/util/.libs/libsudo_util.a
-
-# Corpus for fuzzing sudoers LDIF parser
-mkdir $WORK/corpus
-for f in `find regress/sudoers -name '*.ldif.ok' \! -size 0`; do
- cp $f $WORK/corpus/`sha1sum $f | cut -d' ' -f1`
-done
-zip -j $OUT/fuzz_sudoers_ldif_seed_corpus.zip $WORK/corpus/*
-rm -rf $WORK/corpus
+# Build sudo with static libs and enable fuzzing targets.
+# All fuzz targets are integrated into the build process.
+./configure --disable-shared --disable-shared-libutil --enable-static-sudoers \
+ --enable-sanitizer="$sanitizer_opts" --enable-fuzzer \
+ --enable-fuzzer-engine="$LIB_FUZZING_ENGINE" --enable-fuzzer-linker="$CXX" \
+ --enable-warnings --enable-werror
+make -j$(nproc) && make FUZZ_DESTDIR=$OUT install-fuzzer
diff --git a/projects/suricata/Dockerfile b/projects/suricata/Dockerfile
index 4035207..257e7fb 100644
--- a/projects/suricata/Dockerfile
+++ b/projects/suricata/Dockerfile
@@ -15,13 +15,14 @@
################################################################################
FROM gcr.io/oss-fuzz-base/base-builder
-RUN apt-get update && apt-get install -y build-essential autoconf automake libtool make pkg-config python flex bison zlib1g-dev libpcre3-dev
+RUN apt-get update && apt-get install -y build-essential autoconf automake libtool make pkg-config python flex bison zlib1g-dev libpcre3-dev libpcre2-dev cmake tshark
#TODO libmagic, liblzma, pcre and other optional libraries
ADD https://www.tcpdump.org/release/libpcap-1.9.1.tar.gz libpcap-1.9.1.tar.gz
ADD http://www.digip.org/jansson/releases/jansson-2.12.tar.gz jansson-2.12.tar.gz
RUN git clone --depth=1 https://github.com/yaml/libyaml
ADD https://github.com/lz4/lz4/archive/v1.9.2.tar.gz lz4-1.9.2.tar.gz
+RUN git clone --depth=1 https://github.com/catenacyber/fuzzpcap
ADD https://rules.emergingthreats.net/open/suricata/emerging.rules.zip emerging.rules.zip
diff --git a/projects/suricata/build.sh b/projects/suricata/build.sh
index d0e152d..18f2280 100755
--- a/projects/suricata/build.sh
+++ b/projects/suricata/build.sh
@@ -37,6 +37,13 @@
make install
cd ..
+cd fuzzpcap
+mkdir build
+cd build
+cmake ..
+make install
+cd ../..
+
cd libyaml
./bootstrap
./configure --disable-shared
@@ -52,8 +59,12 @@
cd suricata
sh autogen.sh
#run configure with right options
+if [ "$SANITIZER" = "address" ]
+then
+ export RUSTFLAGS="$RUSTFLAGS -Cpasses=sancov -Cllvm-args=-sanitizer-coverage-level=4 -Cllvm-args=-sanitizer-coverage-trace-compares -Cllvm-args=-sanitizer-coverage-inline-8bit-counters -Cllvm-args=-sanitizer-coverage-trace-geps -Cllvm-args=-sanitizer-coverage-prune-blocks=0 -Cllvm-args=-sanitizer-coverage-pc-table -Clink-dead-code -Cllvm-args=-sanitizer-coverage-stack-depth"
+fi
./src/tests/fuzz/oss-fuzz-configure.sh
-make
+make -j$(nproc)
cp src/fuzz_* $OUT/
@@ -90,3 +101,13 @@
done
set -x
zip -q -r $OUT/fuzz_sigpcap_seed_corpus.zip corpus
+rm -Rf corpus
+mkdir corpus
+set +x
+ls | grep -v corpus | while read t; do
+cat $t/*.rules > corpus/$i || true; echo -ne '\0' >> corpus/$i; fpc_bin $t/*.pcap >> corpus/$i || rm corpus/$i; i=$((i+1));
+echo -ne '\0' >> corpus/$i; python3 $SRC/fuzzpcap/tcptofpc.py $t/*.pcap >> corpus/$i || rm corpus/$i; i=$((i+1));
+done
+set -x
+zip -q -r $OUT/fuzz_sigpcap_aware_seed_corpus.zip corpus
+echo "\"FPC0\"" > $OUT/fuzz_sigpcap_aware.dict
diff --git a/projects/systemd/Dockerfile b/projects/systemd/Dockerfile
index ee351ed..0705c56 100644
--- a/projects/systemd/Dockerfile
+++ b/projects/systemd/Dockerfile
@@ -19,7 +19,7 @@
apt-get install -y gperf m4 gettext python3-pip \
libcap-dev libmount-dev libkmod-dev \
pkg-config wget &&\
- pip3 install meson ninja
+ pip3 install meson==0.56.2 ninja
RUN git clone --depth 1 https://github.com/systemd/systemd systemd
WORKDIR systemd
COPY build.sh $SRC/
diff --git a/projects/syzkaller/Dockerfile b/projects/syzkaller/Dockerfile
index 142313f..fdef5b4 100644
--- a/projects/syzkaller/Dockerfile
+++ b/projects/syzkaller/Dockerfile
@@ -16,11 +16,7 @@
FROM gcr.io/oss-fuzz-base/base-builder
-RUN go get -u -d github.com/google/syzkaller/prog
+RUN git clone --depth 1 https://github.com/google/syzkaller/
-# Dependency for one of the fuzz targets.
-# Note: this should not be necessary because this package is in syzkaller/vendor.
-RUN go get github.com/ianlancetaylor/demangle
-
-WORKDIR /root/go/src/github.com/google/syzkaller
+WORKDIR $SRC/syzkaller
COPY build.sh $SRC/
diff --git a/projects/syzkaller/build.sh b/projects/syzkaller/build.sh
index e47096b..0e98093 100755
--- a/projects/syzkaller/build.sh
+++ b/projects/syzkaller/build.sh
@@ -18,6 +18,9 @@
make descriptions
+
+go mod tidy && go mod vendor
+
compile_go_fuzzer github.com/google/syzkaller/pkg/compiler Fuzz compiler_fuzzer
compile_go_fuzzer github.com/google/syzkaller/prog/test FuzzDeserialize prog_deserialize_fuzzer
compile_go_fuzzer github.com/google/syzkaller/prog/test FuzzParseLog prog_parselog_fuzzer
diff --git a/projects/tarantool/Dockerfile b/projects/tarantool/Dockerfile
new file mode 100644
index 0000000..7a40b0f
--- /dev/null
+++ b/projects/tarantool/Dockerfile
@@ -0,0 +1,26 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y \
+ build-essential cmake make coreutils sed \
+ autoconf automake libtool zlib1g-dev \
+ libreadline-dev libncurses5-dev libssl-dev \
+ libunwind-dev libicu-dev luajit
+RUN git clone https://github.com/tarantool/tarantool
+WORKDIR tarantool
+RUN git submodule update --init --recursive
+COPY build.sh $SRC/
diff --git a/projects/tarantool/build.sh b/projects/tarantool/build.sh
new file mode 100755
index 0000000..940d88a
--- /dev/null
+++ b/projects/tarantool/build.sh
@@ -0,0 +1,62 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+case $SANITIZER in
+ address) SANITIZERS_ARGS="-DENABLE_ASAN=ON" ;;
+ undefined) SANITIZERS_ARGS="-DENABLE_UB_SANITIZER=ON" ;;
+ *) SANITIZERS_ARGS="" ;;
+esac
+
+: ${LD:="${CXX}"}
+: ${LDFLAGS:="${CXXFLAGS}"} # to make sure we link with sanitizer runtime
+
+cmake_args=(
+ # Specific to Tarantool
+ -DENABLE_FUZZER=ON
+ -DOSS_FUZZ=ON
+ $SANITIZERS_ARGS
+
+ # C compiler
+ -DCMAKE_C_COMPILER="${CC}"
+ -DCMAKE_C_FLAGS="${CFLAGS}"
+
+ # C++ compiler
+ -DCMAKE_CXX_COMPILER="${CXX}"
+ -DCMAKE_CXX_FLAGS="${CXXFLAGS}"
+
+ # Linker
+ -DCMAKE_LINKER="${LD}"
+ -DCMAKE_EXE_LINKER_FLAGS="${LDFLAGS}"
+ -DCMAKE_MODULE_LINKER_FLAGS="${LDFLAGS}"
+ -DCMAKE_SHARED_LINKER_FLAGS="${LDFLAGS}"
+)
+
+# Build the project and fuzzers.
+[[ -e build ]] && rm -rf build
+cmake "${cmake_args[@]}" -S . -B build
+make -j$(nproc) VERBOSE=1 -C build fuzzers
+
+# Archive and copy to $OUT seed corpus if the build succeeded.
+for f in $(ls build/test/fuzz/*_fuzzer);
+do
+ name=$(basename $f);
+ module=$(echo $name | sed 's/_fuzzer//')
+ corpus_dir="test/static/corpus/$module"
+ echo "Copying for $module";
+ cp $f $OUT/
+ [[ -e $corpus_dir ]] && zip -j $OUT/"$module"_fuzzer_seed_corpus.zip $corpus_dir/*
+done
diff --git a/projects/tarantool/project.yaml b/projects/tarantool/project.yaml
new file mode 100644
index 0000000..c757a53
--- /dev/null
+++ b/projects/tarantool/project.yaml
@@ -0,0 +1,16 @@
+homepage: "https://www.tarantool.io/en/"
+language: c
+builds_per_day: 4
+primary_contact: "kirill.yukhin@gmail.com"
+auto_ccs:
+ - "estetus@gmail.com"
+ - "totktonada.ru@gmail.com"
+fuzzing_engines:
+ - libfuzzer
+ - honggfuzz
+sanitizers:
+ - address
+ - undefined
+architectures:
+ - x86_64
+main_repo: "https://github.com/tarantool/tarantool"
diff --git a/projects/teleport/Dockerfile b/projects/teleport/Dockerfile
index bd06581..8ffafb3 100644
--- a/projects/teleport/Dockerfile
+++ b/projects/teleport/Dockerfile
@@ -15,5 +15,6 @@
################################################################################
FROM gcr.io/oss-fuzz-base/base-builder
+RUN git clone --depth 1 https://github.com/gravitational/teleport.git
COPY build.sh $SRC/
-WORKDIR $SRC/
+WORKDIR $SRC/teleport
diff --git a/projects/teleport/build.sh b/projects/teleport/build.sh
index f5d464e..260d479 100644
--- a/projects/teleport/build.sh
+++ b/projects/teleport/build.sh
@@ -15,10 +15,7 @@
#
################################################################################
-
-mkdir -p $GOPATH/src/github.com/gravitational
-cd $GOPATH/src/github.com/gravitational
-git clone https://github.com/gravitational/teleport.git
+make update-vendor
compile_go_fuzzer github.com/gravitational/teleport/lib/fuzz FuzzParseProxyJump utils_fuzz gofuzz
compile_go_fuzzer github.com/gravitational/teleport/lib/fuzz FuzzNewExpression parse_fuzz gofuzz
diff --git a/projects/tensorflow/build.sh b/projects/tensorflow/build.sh
index 8f79395..b59e4a5 100755
--- a/projects/tensorflow/build.sh
+++ b/projects/tensorflow/build.sh
@@ -47,8 +47,8 @@
# Determine all fuzz targets. To control what gets fuzzed with OSSFuzz, all
# supported fuzzers are in `//tensorflow/security/fuzzing`.
-# Ignore the identity and AttrValues fuzzer in opensource.
-declare -r FUZZERS=$(bazel query 'kind(cc_.*, tests(//tensorflow/security/fuzzing/...))' | grep -v identity | grep -v AttrValues | grep -v bfloat16)
+# Ignore fuzzers tagged with `no_oss` in opensource.
+declare -r FUZZERS=$(bazel query 'kind(cc_.*, tests(//tensorflow/security/fuzzing/...)) - attr(tags, no_oss, kind(cc_.*, tests(//tensorflow/security/fuzzing/...)))')
# Build the fuzzer targets.
# Pass in `--config=libc++` to link against libc++.
@@ -92,7 +92,11 @@
${RSYNC_CMD} ./bazel-out/k8-opt/bin/tensorflow/core/protobuf ${REMAP_PATH}
# Sync external dependencies. We don't need to include `bazel-tensorflow`.
+ # Also, remove `external/org_tensorflow` which is a copy of the entire source
+ # code that Bazel creates. Not removing this would cause `rsync` to expand a
+ # symlink that ends up pointing to itself!
pushd bazel-tensorflow
+ [[ -e external/org_tensorflow ]] && unlink external/org_tensorflow
${RSYNC_CMD} external/ ${REMAP_PATH}
popd
fi
diff --git a/projects/tesseract-ocr/project.yaml b/projects/tesseract-ocr/project.yaml
index 8e22d66..522ba2b 100644
--- a/projects/tesseract-ocr/project.yaml
+++ b/projects/tesseract-ocr/project.yaml
@@ -1,7 +1,4 @@
homepage: "https://github.com/tesseract-ocr/tesseract"
language: c++
primary_contact: "stjoweil@googlemail.com"
-fuzzing_engines:
- - libfuzzer
- - honggfuzz
main_repo: 'https://github.com/tesseract-ocr/tesseract'
diff --git a/projects/thrift/Dockerfile b/projects/thrift/Dockerfile
new file mode 100644
index 0000000..0401883
--- /dev/null
+++ b/projects/thrift/Dockerfile
@@ -0,0 +1,21 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y libssl-dev pkg-config autoconf automake libtool bison flex libboost-all-dev
+RUN git clone --depth 1 https://github.com/apache/thrift
+WORKDIR $SRC/thrift
+COPY build.sh $SRC/
diff --git a/projects/thrift/build.sh b/projects/thrift/build.sh
new file mode 100755
index 0000000..8194063
--- /dev/null
+++ b/projects/thrift/build.sh
@@ -0,0 +1,32 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# build project
+export ASAN_OPTIONS=detect_leaks=0
+
+./bootstrap.sh
+# rust fails compilation with clippy warnings
+./configure --with-rs=no
+make -j$(nproc)
+make install
+
+cd lib/go/test/fuzz
+thrift -r --gen go ../../../../tutorial/tutorial.thrift
+(cd ./gen-go/shared && go mod init shared)
+(cd ./gen-go/tutorial && go mod init tutorial)
+go mod tidy || true
+compile_go_fuzzer . Fuzz fuzz_go_tutorial
diff --git a/projects/thrift/project.yaml b/projects/thrift/project.yaml
new file mode 100644
index 0000000..586da66
--- /dev/null
+++ b/projects/thrift/project.yaml
@@ -0,0 +1,11 @@
+homepage: "https://thrift.apache.org/"
+language: c++
+primary_contact: "jensg@apache.org"
+auto_ccs :
+- "p.antoine@catenacyber.fr"
+
+fuzzing_engines:
+ - libfuzzer
+sanitizers:
+ - address
+main_repo: 'https://github.com/apache/thrift'
diff --git a/projects/tidb/Dockerfile b/projects/tidb/Dockerfile
index b06a2b5..5c7d0fd 100644
--- a/projects/tidb/Dockerfile
+++ b/projects/tidb/Dockerfile
@@ -17,4 +17,4 @@
FROM gcr.io/oss-fuzz-base/base-builder
RUN git clone --depth 1 https://github.com/pingcap/tidb
COPY build.sh $SRC/
-WORKDIR $SRC/
+WORKDIR $SRC/tidb
diff --git a/projects/tidb/build.sh b/projects/tidb/build.sh
index ee6fbd3..c11028f 100755
--- a/projects/tidb/build.sh
+++ b/projects/tidb/build.sh
@@ -18,9 +18,7 @@
# Insert empty main function
sed -i '23 i\func main(){}'\\n $SRC/tidb/plugin/conn_ip_example/conn_ip_example.go
-mkdir $GOPATH/src/github.com/pingcap
-mv $SRC/tidb $GOPATH/src/github.com/pingcap/
-cd $GOPATH/src/github.com/pingcap/tidb && go get ./...
+go get ./...
compile_go_fuzzer github.com/pingcap/tidb/types FuzzMarshalJSON fuzzMarshalJSON
compile_go_fuzzer github.com/pingcap/tidb/types FuzzNewBitLiteral fuzzNewBitLiteral
diff --git a/projects/tinygltf/Dockerfile b/projects/tinygltf/Dockerfile
new file mode 100644
index 0000000..218baeb
--- /dev/null
+++ b/projects/tinygltf/Dockerfile
@@ -0,0 +1,21 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN pip3 install meson ninja
+RUN git clone --depth 1 https://github.com/syoyo/tinygltf.git
+WORKDIR $SRC/tinygltf
+COPY build.sh $SRC/
diff --git a/projects/tinygltf/build.sh b/projects/tinygltf/build.sh
new file mode 100755
index 0000000..7c54294
--- /dev/null
+++ b/projects/tinygltf/build.sh
@@ -0,0 +1,23 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# build project
+cd tests/fuzzer/
+meson build
+cd build
+ninja -j$(nproc)
+cp fuzz_gltf $OUT/
diff --git a/projects/tinygltf/project.yaml b/projects/tinygltf/project.yaml
new file mode 100644
index 0000000..1b14873
--- /dev/null
+++ b/projects/tinygltf/project.yaml
@@ -0,0 +1,10 @@
+homepage: "https://github.com/syoyo/tinygltf"
+language: c++
+primary_contact: "syoyo@lighttransport.com"
+auto_ccs:
+ - "p.antoine@catenacyber.fr"
+fuzzing_engines:
+- libfuzzer
+sanitizers:
+- address
+main_repo: 'https://github.com/syoyo/tinygltf.git'
diff --git a/projects/tpm2-tss/Dockerfile b/projects/tpm2-tss/Dockerfile
index 47c6c44..9f74c7a 100644
--- a/projects/tpm2-tss/Dockerfile
+++ b/projects/tpm2-tss/Dockerfile
@@ -50,7 +50,8 @@
python3-pip \
libsqlite3-dev \
python-cryptography \
- python3-cryptography
+ python3-cryptography \
+ acl
RUN pip3 install cpp-coveralls
diff --git a/projects/tpm2-tss/project.yaml b/projects/tpm2-tss/project.yaml
index 65b8e3c..04af6fe 100644
--- a/projects/tpm2-tss/project.yaml
+++ b/projects/tpm2-tss/project.yaml
@@ -5,6 +5,7 @@
- "andreas.fuchs@sit.fraunhofer.de"
- "john.s.andersen@intel.com"
- "william.c.roberts@intel.com"
+ - "tstruk@gmail.com"
sanitizers:
- address
- memory
diff --git a/projects/ujson/Dockerfile b/projects/ujson/Dockerfile
index f044df6..81550c6 100644
--- a/projects/ujson/Dockerfile
+++ b/projects/ujson/Dockerfile
@@ -25,4 +25,4 @@
WORKDIR ultrajson
-COPY build.sh json_differential_fuzzer.py ujson_fuzzer.py $SRC/
+COPY build.sh json_differential_fuzzer.py ujson_fuzzer.py hypothesis_structured_fuzzer.py $SRC/
diff --git a/projects/unbound/build.sh b/projects/unbound/build.sh
index cd539d8..697e457 100755
--- a/projects/unbound/build.sh
+++ b/projects/unbound/build.sh
@@ -39,7 +39,7 @@
rbtree.o regional.o rtt.o dnstree.o lookup3.o lruhash.o slabhash.o \
tcp_conn_limit.o timehist.o tube.o winsock_event.o autotrust.o val_anchor.o \
validator.o val_kcache.o val_kentry.o val_neg.o val_nsec3.o val_nsec.o \
- val_secalgo.o val_sigcrypt.o val_utils.o dns64.o cachedb.o redis.o authzone.o \
+ val_secalgo.o val_sigcrypt.o val_utils.o dns64.o authzone.o \
respip.o netevent.o listen_dnsport.o outside_network.o ub_event.o keyraw.o \
sbuffer.o wire2str.o parse.o parseutil.o rrdef.o str2wire.o libunbound.o \
libworker.o context.o rpz.o"
diff --git a/projects/unrar/build.sh b/projects/unrar/build.sh
index d597942..9469682 100644
--- a/projects/unrar/build.sh
+++ b/projects/unrar/build.sh
@@ -19,6 +19,10 @@
UNRAR_WNOS="-Wno-logical-op-parentheses -Wno-switch -Wno-dangling-else"
UNRAR_SRC_DIR="$SRC/unrar"
+# See: https://crbug.com/oss-fuzz/19333#c3
+CFLAGS="$CFLAGS -fno-sanitize=enum"
+CXXFLAGS="$CXXFLAGS -fno-sanitize=enum"
+
# build 'lib'. This builds libunrar.a and libunrar.so
# -fPIC is required for successful compilation.
make CXX=$CXX CXXFLAGS="$CXXFLAGS -fPIC $UNRAR_DEFINES $UNRAR_WNOS" \
diff --git a/projects/usbguard/project.yaml b/projects/usbguard/project.yaml
index ae1a007..a372cd3 100644
--- a/projects/usbguard/project.yaml
+++ b/projects/usbguard/project.yaml
@@ -1,9 +1,12 @@
homepage: "https://usbguard.github.io/"
language: c++
-primary_contact: "dkopecek@redhat.com"
+primary_contact: "rsroka@redhat.com"
sanitizers:
- address
- undefined
- memory
auto_ccs:
+ - "alakatos@redhat.com"
- "allenwebb@google.com"
+ - "zfridric@redhat.com"
+main_repo: "https://github.com/USBGuard/usbguard"
diff --git a/projects/utf8proc/project.yaml b/projects/utf8proc/project.yaml
index 8bad63f..c35bcea 100644
--- a/projects/utf8proc/project.yaml
+++ b/projects/utf8proc/project.yaml
@@ -6,9 +6,6 @@
sanitizers:
- address
- memory
- - undefined
-fuzzing_engines:
- - libfuzzer
- - honggfuzz
+ - undefined
main_repo: 'https://github.com/JuliaStrings/utf8proc'
diff --git a/projects/vitess/Dockerfile b/projects/vitess/Dockerfile
index 8c242c0..8f066c8 100644
--- a/projects/vitess/Dockerfile
+++ b/projects/vitess/Dockerfile
@@ -15,13 +15,6 @@
################################################################################
FROM gcr.io/oss-fuzz-base/base-builder
-RUN go get github.com/vitessio/vitess \
- vitess.io/vitess/go/bytes2 \
- vitess.io/vitess/go/sqltypes \
- vitess.io/vitess/go/vt/log \
- vitess.io/vitess/go/vt/proto/query \
- vitess.io/vitess/go/vt/proto/vtrpc \
- vitess.io/vitess/go/vt/vterrors \
- vitess.io/vitess/go/vt/vtgate/evalengine
+RUN git clone --depth 1 https://github.com/vitessio/vitess
COPY build.sh $SRC/
-WORKDIR $SRC/
+WORKDIR $SRC/vitess
diff --git a/projects/vitess/build.sh b/projects/vitess/build.sh
index d8e9780..8a085f4 100755
--- a/projects/vitess/build.sh
+++ b/projects/vitess/build.sh
@@ -15,4 +15,5 @@
#
################################################################################
-compile_go_fuzzer github.com/vitessio/vitess/go/vt/sqlparser Fuzz fuzz
+chmod +x $SRC/vitess/go/test/fuzzing/oss_fuzz_build.sh
+$SRC/vitess/go/test/fuzzing/oss_fuzz_build.sh
diff --git a/projects/vitess/project.yaml b/projects/vitess/project.yaml
index 6d20f64..82d0529 100644
--- a/projects/vitess/project.yaml
+++ b/projects/vitess/project.yaml
@@ -2,6 +2,10 @@
primary_contact: "andres@planetscale.com"
auto_ccs :
- "adam@adalogics.com"
+ - "team-ps-vitess@planetscale.com"
+ - "manan@planetscale.com"
+ - "harshit@planetscale.com"
+ - "florent@planetscale.com"
language: go
fuzzing_engines:
- libfuzzer
diff --git a/projects/w3m/Dockerfile b/projects/w3m/Dockerfile
new file mode 100755
index 0000000..8106344
--- /dev/null
+++ b/projects/w3m/Dockerfile
@@ -0,0 +1,22 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y libgc-dev
+RUN git clone https://github.com/tats/w3m
+
+WORKDIR $SRC
+COPY build.sh $SRC/
diff --git a/projects/w3m/build.sh b/projects/w3m/build.sh
new file mode 100755
index 0000000..eccb30c
--- /dev/null
+++ b/projects/w3m/build.sh
@@ -0,0 +1,32 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+#export CFLAGS="${CFLAGS} -"
+#export CXXFLAGS="${CXXFLAGS} -ltinfo"
+
+cd w3m
+./configure
+
+make myctype.o
+make Str.o
+make libwc
+
+cd libwc
+$CC $CFLAGS -c ../fuzz/fuzz-conv.c -o fuzz_conv.o -I../ -I./
+static_libgc=($(find /usr/lib -name "libgc.a"))
+$CXX $CXXFLAGS $LIB_FUZZING_ENGINE fuzz_conv.o -o $OUT/fuzz_conv \
+ -I./libwc -DUSE_UNICODE -I. -I./.. -DHAVE_CONFIG_H ../Str.o ../myctype.o libwc.a ${static_libgc}
diff --git a/projects/w3m/project.yaml b/projects/w3m/project.yaml
new file mode 100755
index 0000000..86409e7
--- /dev/null
+++ b/projects/w3m/project.yaml
@@ -0,0 +1,6 @@
+homepage: "https://tracker.debian.org/pkg/w3m"
+primary_contact: "tats@debian.org"
+language: c
+auto_ccs :
+ - "david@adalogics.com"
+main_repo: 'https://github.com/tats/w3m'
diff --git a/projects/wasmtime/build.sh b/projects/wasmtime/build.sh
index d302851..80423e3 100755
--- a/projects/wasmtime/build.sh
+++ b/projects/wasmtime/build.sh
@@ -26,6 +26,13 @@
shift
PROJECT_DIR=$SRC/$project
+ # ensure we get absolute paths for the coverage report
+ cd $PROJECT_DIR
+ crate_src_abspath=`cargo metadata --no-deps --format-version 1 | jq -r '.workspace_root'`
+ while read i; do
+ export RUSTFLAGS="$RUSTFLAGS --remap-path-prefix $i=$crate_src_abspath/$i"
+ done <<< "$(find . -name "*.rs" | cut -d/ -f2 | uniq)"
+
cd $PROJECT_DIR/fuzz && cargo fuzz build -O --debug-assertions "$@"
FUZZ_TARGET_OUTPUT_DIR=$PROJECT_DIR/target/x86_64-unknown-linux-gnu/release
@@ -50,10 +57,7 @@
}
# Build with peepmatic in order to enable the related fuzz targets.
-build wasmtime "" "" --features peepmatic-fuzzing
-
-# Build the differential fuzzer with the new x86-64 backend as well.
-build wasmtime diff-newbe- differential_wasmi --features experimental_x64
+build wasmtime "" "" --features "peepmatic-fuzzing experimental_x64"
build wasm-tools wasm-tools- ""
build regalloc.rs regalloc- bt bt
diff --git a/projects/wasmtime/project.yaml b/projects/wasmtime/project.yaml
index e18ebf7..01c7f46 100644
--- a/projects/wasmtime/project.yaml
+++ b/projects/wasmtime/project.yaml
@@ -6,6 +6,7 @@
- "till@tillschneidereit.net"
- "ydelendik@mozilla.com"
- "cfallin@gmail.com"
+ - "andrew.s.brown2@gmail.com"
sanitizers:
- address
fuzzing_engines:
diff --git a/projects/wireshark/build.sh b/projects/wireshark/build.sh
index de41e07..bdb34eb 100755
--- a/projects/wireshark/build.sh
+++ b/projects/wireshark/build.sh
@@ -15,12 +15,6 @@
#
################################################################################
-# afl++ CMPLOG test:
-test "$FUZZING_ENGINE" = "afl" && {
- export AFL_LLVM_CMPLOG=1
- touch $OUT/afl_cmplog.txt
-}
-
WIRESHARK_BUILD_PATH="$WORK/build"
mkdir -p "$WIRESHARK_BUILD_PATH"
diff --git a/projects/wolfssl/Dockerfile b/projects/wolfssl/Dockerfile
index 39742cc..963f5e0 100644
--- a/projects/wolfssl/Dockerfile
+++ b/projects/wolfssl/Dockerfile
@@ -23,6 +23,7 @@
RUN git clone --depth 1 https://github.com/guidovranken/wolf-ssl-ssh-fuzzers
RUN git clone --depth 1 https://github.com/guidovranken/cryptofuzz
RUN git clone --depth 1 https://github.com/randombit/botan.git
+RUN git clone --depth 1 https://github.com/google/wycheproof.git
RUN wget https://dl.bintray.com/boostorg/release/1.74.0/source/boost_1_74_0.tar.bz2
RUN git clone https://github.com/wolfssl/oss-fuzz-targets --depth 1 $SRC/fuzz-targets
diff --git a/projects/wolfssl/build.sh b/projects/wolfssl/build.sh
index 850ef2c..70db453 100755
--- a/projects/wolfssl/build.sh
+++ b/projects/wolfssl/build.sh
@@ -114,6 +114,55 @@
unset WOLFCRYPT_LIBWOLFSSL_A_PATH
unset WOLFCRYPT_INCLUDE_PATH
+ # Build sp-math-all 8bit fuzzer
+ cp -R $SRC/cryptofuzz/ $SRC/cryptofuzz-sp-math-all-8bit/
+ cp -R $SRC/wolfssl/ $SRC/wolfssl-sp-math-all-8bit/
+ cd $SRC/wolfssl-sp-math-all-8bit/
+ autoreconf -ivf
+ CFLAGS="$CFLAGS -DHAVE_AES_ECB -DWOLFSSL_DES_ECB -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ -DWOLFSSL_ECDSA_SET_K -DWOLFSSL_ECDSA_SET_K_ONE_LOOP -DSP_WORD_SIZE=8"
+ ./configure $WOLFCRYPT_CONFIGURE_PARAMS --enable-sp-math-all
+ make -j$(nproc)
+ export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NO_OPENSSL -DCRYPTOFUZZ_WOLFCRYPT -DCRYPTOFUZZ_BOTAN"
+ export WOLFCRYPT_LIBWOLFSSL_A_PATH="$SRC/wolfssl-sp-math-all-8bit/src/.libs/libwolfssl.a"
+ export WOLFCRYPT_INCLUDE_PATH="$SRC/wolfssl-sp-math-all-8bit/"
+ cd $SRC/cryptofuzz-sp-math-all-8bit/modules/wolfcrypt
+ make -j$(nproc)
+ cd $SRC/cryptofuzz-sp-math-all-8bit/modules/botan
+ make -j$(nproc)
+ cd $SRC/cryptofuzz-sp-math-all-8bit/
+ LIBFUZZER_LINK="$LIB_FUZZING_ENGINE" make -B -j$(nproc)
+ cp cryptofuzz $OUT/cryptofuzz-sp-math-all-8bit
+ CFLAGS="$OLD_CFLAGS"
+ CXXFLAGS="$OLD_CXXFLAGS"
+ unset WOLFCRYPT_LIBWOLFSSL_A_PATH
+ unset WOLFCRYPT_INCLUDE_PATH
+
+ # Build sp-math fuzzer
+ cp -R $SRC/cryptofuzz/ $SRC/cryptofuzz-sp-math/
+ cp -R $SRC/wolfssl/ $SRC/wolfssl-sp-math/
+ cd $SRC/wolfssl-sp-math/
+ autoreconf -ivf
+ # -DHAVE_ECC_BRAINPOOL and -DHAVE_ECC_KOBLITZ are lacking from the CFLAGS; these are not supported by SP math
+ CFLAGS="$CFLAGS -DHAVE_AES_ECB -DWOLFSSL_DES_ECB -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DWOLFSSL_ECDSA_SET_K -DWOLFSSL_ECDSA_SET_K_ONE_LOOP"
+ # SP math does not support custom curves, so remove that flag
+ export WOLFCRYPT_CONFIGURE_PARAMS_SP_MATH=${WOLFCRYPT_CONFIGURE_PARAMS//"--enable-ecccustcurves"/}
+ ./configure $WOLFCRYPT_CONFIGURE_PARAMS_SP_MATH --enable-sp --enable-sp-math
+ make -j$(nproc)
+ export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NO_OPENSSL -DCRYPTOFUZZ_WOLFCRYPT -DCRYPTOFUZZ_BOTAN"
+ export WOLFCRYPT_LIBWOLFSSL_A_PATH="$SRC/wolfssl-sp-math/src/.libs/libwolfssl.a"
+ export WOLFCRYPT_INCLUDE_PATH="$SRC/wolfssl-sp-math/"
+ cd $SRC/cryptofuzz-sp-math/modules/wolfcrypt
+ make -j$(nproc)
+ cd $SRC/cryptofuzz-sp-math/modules/botan
+ make -j$(nproc)
+ cd $SRC/cryptofuzz-sp-math/
+ LIBFUZZER_LINK="$LIB_FUZZING_ENGINE" make -B -j$(nproc)
+ cp cryptofuzz $OUT/cryptofuzz-sp-math
+ CFLAGS="$OLD_CFLAGS"
+ CXXFLAGS="$OLD_CXXFLAGS"
+ unset WOLFCRYPT_LIBWOLFSSL_A_PATH
+ unset WOLFCRYPT_INCLUDE_PATH
+
# Build disable-fastmath fuzzer
cp -R $SRC/cryptofuzz/ $SRC/cryptofuzz-disable-fastmath/
cp -R $SRC/wolfssl/ $SRC/wolfssl-disable-fastmath/
@@ -137,6 +186,17 @@
unset WOLFCRYPT_LIBWOLFSSL_A_PATH
unset WOLFCRYPT_INCLUDE_PATH
+ # Convert Wycheproof test vectors to Cryptofuzz corpus format
+ mkdir $SRC/corpus-cryptofuzz-wycheproof/
+ find $SRC/wycheproof/testvectors/ -type f -name 'ecdsa_*' -exec $SRC/cryptofuzz-disable-fastmath/cryptofuzz --from-wycheproof={},$SRC/corpus-cryptofuzz-wycheproof/ \;
+ # Pack it
+ zip -j $SRC/cryptofuzz_wycheproof_seed_corpus.zip $SRC/corpus-cryptofuzz-wycheproof/*
+ # Use it as the seed corpus for each Cryptofuzz-based fuzzer
+ cp $SRC/cryptofuzz_wycheproof_seed_corpus.zip $OUT/cryptofuzz-sp-math-all_seed_corpus.zip
+ cp $SRC/cryptofuzz_wycheproof_seed_corpus.zip $OUT/cryptofuzz-sp-math-all-8bit_seed_corpus.zip
+ cp $SRC/cryptofuzz_wycheproof_seed_corpus.zip $OUT/cryptofuzz-sp-math_seed_corpus.zip
+ cp $SRC/cryptofuzz_wycheproof_seed_corpus.zip $OUT/cryptofuzz-disable-fastmath_seed_corpus.zip
+
# Build SSL/SSH fuzzers
NEW_SRC=$SRC/wolf-ssl-ssh-fuzzers/oss-fuzz/projects/wolf-ssl-ssh/
cp -R $SRC/wolfssl/ $NEW_SRC
diff --git a/projects/wuffs/build.sh b/projects/wuffs/build.sh
index d51af38..b8d4f53 100755
--- a/projects/wuffs/build.sh
+++ b/projects/wuffs/build.sh
@@ -26,7 +26,7 @@
# Make the "gzip_fuzzer" binary. First compile the (C) Wuffs code, then link
# the (C++) fuzzing library.
- $CC $CFLAGS -c -std=c99 $f -o $WORK/${b}_fuzzer.o
+ $CC $CFLAGS -c $f -o $WORK/${b}_fuzzer.o
$CXX $CXXFLAGS $WORK/${b}_fuzzer.o -o $OUT/${b}_fuzzer $LIB_FUZZING_ENGINE
# Make the optional "gzip_fuzzer_seed_corpus.zip" archive. This means
diff --git a/projects/ygot/Dockerfile b/projects/ygot/Dockerfile
new file mode 100644
index 0000000..b592c30
--- /dev/null
+++ b/projects/ygot/Dockerfile
@@ -0,0 +1,22 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN git clone --depth 1 https://github.com/openconfig/ygot
+
+COPY build.sh $SRC/
+COPY fuzz.go $SRC/ygot/exampleoc/
+WORKDIR $SRC/ygot
diff --git a/projects/ygot/build.sh b/projects/ygot/build.sh
new file mode 100755
index 0000000..3a34ffc
--- /dev/null
+++ b/projects/ygot/build.sh
@@ -0,0 +1,18 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+compile_go_fuzzer github.com/openconfig/ygot/exampleoc Fuzz fuzz_oc_unmarshall gofuzz
diff --git a/projects/ygot/fuzz.go b/projects/ygot/fuzz.go
new file mode 100644
index 0000000..c9a0882
--- /dev/null
+++ b/projects/ygot/fuzz.go
@@ -0,0 +1,12 @@
+// +build gofuzz
+
+package exampleoc
+
+func Fuzz(data []byte) int {
+ nd := &Device{}
+ err := Unmarshal([]byte(data), nd)
+ if err != nil {
+ return 0
+ }
+ return 1
+}
diff --git a/projects/ygot/project.yaml b/projects/ygot/project.yaml
new file mode 100644
index 0000000..bd4ef7a
--- /dev/null
+++ b/projects/ygot/project.yaml
@@ -0,0 +1,10 @@
+homepage: "https://github.com/openconfig/ygot"
+primary_contact: "ygot-maintainers@google.com"
+auto_ccs:
+ - "p.antoine@catenacyber.fr"
+language: go
+fuzzing_engines:
+ - libfuzzer
+sanitizers:
+ - address
+main_repo: 'https://github.com/openconfig/ygot'
diff --git a/projects/zeek/build.sh b/projects/zeek/build.sh
index 5e12504..996fe9c 100644
--- a/projects/zeek/build.sh
+++ b/projects/zeek/build.sh
@@ -25,6 +25,7 @@
--disable-auxtools \
--disable-broker-tests
+
cd build
ninja install
diff --git a/projects/zeek/project.yaml b/projects/zeek/project.yaml
index 3cd5de3..b0239da 100644
--- a/projects/zeek/project.yaml
+++ b/projects/zeek/project.yaml
@@ -10,9 +10,7 @@
- "justin@corelight.com"
- "vern@corelight.com"
- "vlad@es.net"
-fuzzing_engines:
- - libfuzzer
- - honggfuzz
+ - "dominik.charousset@corelight.com"
sanitizers:
- address
main_repo: 'https://github.com/zeek/zeek'
diff --git a/projects/zlib-ng/build.sh b/projects/zlib-ng/build.sh
index cb225ec..606c5af 100755
--- a/projects/zlib-ng/build.sh
+++ b/projects/zlib-ng/build.sh
@@ -15,11 +15,11 @@
#
################################################################################
-export LDSHARED=$CXX
+export LDSHARED=lld
export LDFLAGS="$CFLAGS -stdlib=libc++"
+
./configure
-sed -i "/^LDSHARED=.*/s#=.*#=$CXX#" Makefile
sed -i 's/$(CC) $(LDFLAGS)/$(CXX) $(LDFLAGS)/g' Makefile
make -j$(nproc) clean
diff --git a/projects/zlib-ng/project.yaml b/projects/zlib-ng/project.yaml
index d4b41ce..688f359 100644
--- a/projects/zlib-ng/project.yaml
+++ b/projects/zlib-ng/project.yaml
@@ -1,4 +1,4 @@
-homepage: "https://github.com/Dead2/zlib-ng"
+homepage: "https://github.com/zlib-ng/zlib-ng"
language: c++
primary_contact: "zlib-ng@circlestorm.org"
auto_ccs:
