From d82c8c1c8ffac102eca3e96d6d4d57b84c2b5e71 Mon Sep 17 00:00:00 2001 From: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com> Date: Wed, 1 May 2024 11:54:21 -0400 Subject: [PATCH 1/6] Update CITATION.cff --- CITATION.cff | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CITATION.cff b/CITATION.cff index 016524c1b507..01916db7d5e0 100644 --- a/CITATION.cff +++ b/CITATION.cff @@ -16,7 +16,7 @@ authors: affiliation: Google LLC orcid: 'https://orcid.org/0009-0006-3181-4551' - given-names: Jonathan - family-names: metzman + family-names: Metzman email: metzman@google.com affiliation: Google LLC orcid: 'https://orcid.org/0000-0002-7042-0444' From 28760cff6b5a318480357ba96bea9a3263c470ae Mon Sep 17 00:00:00 2001 From: Arjun <167687092+pkillarjun@users.noreply.github.com> Date: Thu, 2 May 2024 05:37:23 +0530 Subject: [PATCH 2/6] [inih] Fix Issue 68332 (#11836) Fix issue [68332](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68332) . Signed-off-by: Arjun --- projects/inih/Dockerfile | 5 ++-- projects/inih/build.sh | 13 +++++---- projects/inih/inihfuzz.c | 59 ++++++++++++++++++++++++++++++++++++++ projects/inih/project.yaml | 2 +- 4 files changed, 71 insertions(+), 8 deletions(-) mode change 100644 => 100755 projects/inih/build.sh create mode 100644 projects/inih/inihfuzz.c diff --git a/projects/inih/Dockerfile b/projects/inih/Dockerfile index 899d50e4177f..fab76a92a8ec 100644 --- a/projects/inih/Dockerfile +++ b/projects/inih/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update -RUN git clone https://github.com/benhoyt/inih -COPY build.sh $SRC/ +RUN git clone https://github.com/benhoyt/inih.git +COPY inihfuzz.c $SRC/inih/inihfuzz.c +COPY build.sh $SRC/build.sh WORKDIR $SRC/inih/ diff --git a/projects/inih/build.sh b/projects/inih/build.sh old mode 100644 new mode 100755 index 520139085188..ff101f264dfd --- a/projects/inih/build.sh +++ b/projects/inih/build.sh @@ -1,5 +1,5 @@ #!/bin/bash -eu -# Copyright 2023 Google LLC +# Copyright 2024 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,10 +14,13 @@ # limitations under the License. # ################################################################################ -pushd fuzzing/ -bash oss-fuzz.sh -cp inihfuzz $OUT/ -popd +# Compile the fuzzer binary for oss-fuzz infrastructure. +$CC $CFLAGS -c ini.c +$CC $CFLAGS -c inihfuzz.c +$CXX $CFLAGS $LIB_FUZZING_ENGINE inihfuzz.o ini.o -o inihfuzz + +# Setup for oss-fuzz infrastructure. +cp inihfuzz $OUT/ zip -r inihfuzz_seed_corpus.zip tests/*.ini mv inihfuzz_seed_corpus.zip $OUT/ diff --git a/projects/inih/inihfuzz.c b/projects/inih/inihfuzz.c new file mode 100644 index 000000000000..c08d106a126b --- /dev/null +++ b/projects/inih/inihfuzz.c @@ -0,0 +1,59 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +#include +#include +#include +#include "ini.h" + +#define kMinInputLength 8 +#define kMaxInputLength 512 + +int User; +char Prev_section[50]; + +int dumper(void* user, const char* section, const char* name, + const char* value) +{ + User = *((int*)user); + if (strcmp(section, Prev_section)) { + strncpy(Prev_section, section, sizeof(Prev_section)); + Prev_section[sizeof(Prev_section) - 1] = '\0'; + } + return 1; +} + +extern int LLVMFuzzerTestOneInput(const char *data, size_t size) { + if (size < kMinInputLength || size > kMaxInputLength) { + return 0; + } + + int e; + static int u = 100; + Prev_section[0] = '\0'; + + char *data_in = malloc(size + 1); + if (!data_in) return 0; // Just in case malloc fails + + memcpy(data_in, data, size); + data_in[size] = '\0'; + + e = ini_parse_string(data_in, dumper, &u); + + free(data_in); + + return e; +} diff --git a/projects/inih/project.yaml b/projects/inih/project.yaml index 75f4eda674c5..87e36050a1b7 100644 --- a/projects/inih/project.yaml +++ b/projects/inih/project.yaml @@ -2,7 +2,7 @@ homepage: "https://github.com/benhoyt/inih" language: c primary_contact: "benhoyt@gmail.com" auto_ccs: - - "ajsinghyadav00@gmail.com" + - "pkillarjun@protonmail.com" fuzzing_engines: - libfuzzer - afl From 85afbaf22b23974ba0db1c8d46c5ec029e5323e2 Mon Sep 17 00:00:00 2001 From: maflcko <6399679+maflcko@users.noreply.github.com> Date: Thu, 2 May 2024 11:57:51 +0200 Subject: [PATCH 3/6] bitcoin-core: Re-try centipede, skip build_cryptofuzz.sh in introspector build (#11878) Maybe it works now? --------- Co-authored-by: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> --- projects/bitcoin-core/build.sh | 5 ++++- projects/bitcoin-core/project.yaml | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/projects/bitcoin-core/build.sh b/projects/bitcoin-core/build.sh index f95a7997faef..809a1f2920b7 100755 --- a/projects/bitcoin-core/build.sh +++ b/projects/bitcoin-core/build.sh @@ -15,7 +15,10 @@ # ################################################################################ -$SRC/build_cryptofuzz.sh +if [ "$SANITIZER" != "introspector" ]; then + # Temporarily skip this under introspector + $SRC/build_cryptofuzz.sh +fi cd $SRC/bitcoin-core/ diff --git a/projects/bitcoin-core/project.yaml b/projects/bitcoin-core/project.yaml index 71588b5e9124..eba0fecef958 100644 --- a/projects/bitcoin-core/project.yaml +++ b/projects/bitcoin-core/project.yaml @@ -16,7 +16,7 @@ architectures: - x86_64 - i386 fuzzing_engines: + - centipede - libfuzzer - honggfuzz - afl -# - centipede # temporarily disabled due to spurious "Step #22 - "build-check-centipede-none-x86_64": OSError: [Errno 28] No space left on device" From 1c1a6a7509565ceb6ce90f84a3e0258d1698db68 Mon Sep 17 00:00:00 2001 From: maflcko <6399679+maflcko@users.noreply.github.com> Date: Thu, 2 May 2024 11:58:45 +0200 Subject: [PATCH 4/6] serenity: Use latest builder (#11874) Co-authored-by: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> --- projects/serenity/Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/projects/serenity/Dockerfile b/projects/serenity/Dockerfile index 1d5a63c4cab2..0a52571e0764 100644 --- a/projects/serenity/Dockerfile +++ b/projects/serenity/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e -# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y build-essential cmake curl ninja-build RUN git clone https://github.com/SerenityOS/serenity COPY build.sh $SRC/ From e562670075c859c7181d89a21ab2590cd837c1ef Mon Sep 17 00:00:00 2001 From: maflcko <6399679+maflcko@users.noreply.github.com> Date: Thu, 2 May 2024 11:59:16 +0200 Subject: [PATCH 5/6] leveldb: Use latest builder (#11866) Use `-fno-sanitize=vptr`. Co-authored-by: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> --- projects/leveldb/Dockerfile | 3 +-- projects/leveldb/build.sh | 4 ++++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/projects/leveldb/Dockerfile b/projects/leveldb/Dockerfile index be8ce897d8cd..9526e19b3e1a 100644 --- a/projects/leveldb/Dockerfile +++ b/projects/leveldb/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e -# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y build-essential cmake gettext make RUN git clone --recurse-submodules https://github.com/google/leveldb.git diff --git a/projects/leveldb/build.sh b/projects/leveldb/build.sh index 7668c045a4d5..6821d687c3a9 100755 --- a/projects/leveldb/build.sh +++ b/projects/leveldb/build.sh @@ -16,6 +16,10 @@ # ################################################################################ +# Avoid: clang++: error: invalid argument '-fsanitize=vptr' not allowed with '-fno-rtti' +CFLAGS="$CFLAGS -fno-sanitize=vptr" +CXXFLAGS="$CXXFLAGS -fno-sanitize=vptr" + cd $SRC/leveldb mkdir -p build && cd build cmake -DCMAKE_BUILD_TYPE=Release -DLEVELDB_BUILD_TESTS=0 \ From 38cc0c4383e0acd0bdbe3981c311db49a10886b3 Mon Sep 17 00:00:00 2001 From: maflcko <6399679+maflcko@users.noreply.github.com> Date: Thu, 2 May 2024 17:00:28 +0200 Subject: [PATCH 6/6] msquic: Use latest builder (#11865) Use `-Wno-error=invalid-unevaluated-string` Co-authored-by: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> --- projects/msquic/Dockerfile | 3 +-- projects/msquic/build.sh | 4 ++++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/projects/msquic/Dockerfile b/projects/msquic/Dockerfile index ae3c92fb726a..ccfe429447c2 100644 --- a/projects/msquic/Dockerfile +++ b/projects/msquic/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e -# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors +FROM gcr.io/oss-fuzz-base/base-builder ADD https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb packages-microsoft-prod.deb RUN apt-get update && \ diff --git a/projects/msquic/build.sh b/projects/msquic/build.sh index 1326426967c2..10dc7517cd94 100644 --- a/projects/msquic/build.sh +++ b/projects/msquic/build.sh @@ -15,6 +15,10 @@ # ################################################################################ +# Temporary workaround for clang-18 +export CFLAGS="$CFLAGS -Wno-error=invalid-unevaluated-string" +export CXXFLAGS="$CXXFLAGS -Wno-error=invalid-unevaluated-string" + pwsh ./scripts/build.ps1 -Static -DisableTest -DisablePerf -DisableLogs -Parallel 1 cd $SRC/msquic/src/fuzzing