Merge branch 'master' into patch-1

infra/base-images/base-builder/jcc/jcc.go

@@ -357,7 +357,7 @@ func WriteStdErrOut(outstr string, errstr string) {
  // Prints |outstr| to stdout, prints |errstr| to stderr, and saves |errstr| to err.log.
  fmt.Print(outstr)
  fmt.Fprint(os.Stderr, errstr)
- AppendStringToFile("/out/err.log", errstr)
+ AppendStringToFile("/workspace/err.log", errstr)
 }
 
 func main() {

infra/base-images/base-clang/Dockerfile

@@ -36,7 +36,7 @@ RUN apt-get update && apt-get install -y wget sudo && \
 RUN apt-get update && apt-get install -y git && \
  git clone https://github.com/ossf/fuzz-introspector.git fuzz-introspector && \
  cd fuzz-introspector && \
- git checkout bb419272223f251599a5f9c7581073e23a487369 && \
+ git checkout cfb5266a4c45cbec8663bb1b215c7fd326c60901 && \
  git submodule init && \
  git submodule update && \
  apt-get autoremove --purge -y git && \

infra/build/functions/target_experiment.py

@@ -28,7 +28,7 @@
 JCC_DIR = '/usr/local/bin'
 
 
-def run_experiment(project_name, target_name, args, output_path,
+def run_experiment(project_name, target_name, args, output_path, errlog_path,
  build_output_path, upload_corpus_path, upload_coverage_path,
  experiment_name, upload_reproducer_path):
  config = build_project.Config(testing=True,
@@ -72,6 +72,7 @@ def run_experiment(project_name, target_name, args, output_path,
 
  build = build_project.Build('libfuzzer', 'address', 'x86_64')
  local_output_path = '/workspace/output.log'
+ local_jcc_err_path = '/workspace/err.log' # From jcc.go:360.
  local_corpus_path_base = '/workspace/corpus'
  local_corpus_path = os.path.join(local_corpus_path_base, target_name)
  default_target_path = os.path.join(build.out, target_name)
@@ -81,6 +82,24 @@ def run_experiment(project_name, target_name, args, output_path,
  local_stacktrace_path = os.path.join(build.out, 'stacktrace/')
  fuzzer_args = ' '.join(args + [f'-artifact_prefix={local_artifact_path}'])
 
+ # Upload JCC's err.log.
+ if errlog_path:
+ compile_step_index = -1
+ for i, step in enumerate(steps):
+ step_args = step.get('args', [])
+ if '&& compile' in ' '.join(step_args):
+ compile_step_index = i
+ break
+ if compile_step_index == -1:
+ print('Cannot find compile step.')
+ else:
+ # Insert the upload step right after compile step.
+ upload_jcc_err_step = {
+ 'name': 'gcr.io/cloud-builders/gsutil',
+ 'args': ['cp', local_jcc_err_path, errlog_path]
+ }
+ steps.insert(compile_step_index + 1, upload_jcc_err_step)
+
  env = build_project.get_env(project_yaml['language'], build)
  env.append('RUN_FUZZER_MODE=batch')
  env.append('CORPUS_DIR=' + local_corpus_path)
@@ -268,6 +287,10 @@ def main():
  parser.add_argument('--upload_build_log',
  required=True,
  help='GCS build log location.')
+ parser.add_argument('--upload_err_log',
+ required=False,
+ default='',
+ help='GCS JCC error log location.')
  parser.add_argument('--upload_output_log',
  required=True,
  help='GCS log location.')
@@ -287,7 +310,7 @@ def main():
  args = parser.parse_args()
 
  run_experiment(args.project, args.target, args.args, args.upload_output_log,
- args.upload_build_log, args.upload_corpus,
+ args.upload_err_log, args.upload_build_log, args.upload_corpus,
  args.upload_coverage, args.experiment_name,
  args.upload_reproducer)
 

projects/apache-poi/Dockerfile

@@ -42,7 +42,10 @@ WORKDIR ${SRC}
 RUN git clone --depth 1 https://github.com/apache/poi.git
 
 # install packages required for font-handling and other code in java.awt.*
-RUN apt-get install -y libxext6 libx11-6 libxrender1 libxtst6 libxi6 libxcb1 libxau6 libxdmcp6
+RUN apt-get install -y libxext6 libx11-6 libxrender1 libxtst6 libxi6 libxcb1 libxau6 libxdmcp6 \
+&& apt-get clean autoclean \
+&& apt-get autoremove --yes \
+&& rm -rf /var/lib/{apt,dpkg,cache,log}/
 
 ADD pom.xml build.sh ${SRC}/
 ADD src/ ${SRC}/src/

projects/apache-poi/src/main/java/org/apache/poi/POIFuzzer.java

@@ -124,8 +124,16 @@ public static void checkExtractor(byte[] input) {
  public static void checkExtractor(POITextExtractor extractor) throws IOException {
  extractor.getDocument();
  extractor.getFilesystem();
- extractor.getMetadataTextExtractor();
- extractor.getText();
+ try {
+ extractor.getMetadataTextExtractor();
+ } catch (IllegalStateException e) {
+ // can happen here
+ }
+ try {
+ extractor.getText();
+ } catch (OpenXML4JRuntimeException e) {
+ // can happen here
+ }
 
  if (extractor instanceof POIOLE2TextExtractor) {
  POIOLE2TextExtractor ole2Extractor = (POIOLE2TextExtractor) extractor;

projects/apache-poi/src/main/java/org/apache/poi/POIVisioFuzzer.java

@@ -38,7 +38,7 @@ public static void fuzzerTestOneInput(byte[] input) {
  visio.write(NullOutputStream.INSTANCE);
  } catch (IOException | POIXMLException |
  BufferUnderflowException | RecordFormatException | OpenXML4JRuntimeException |
- IllegalArgumentException | IndexOutOfBoundsException e) {
+ IllegalArgumentException | IndexOutOfBoundsException | IllegalStateException e) {
  // expected here
  }
 

projects/binutils/fuzz_windres.c

@@ -51,7 +51,6 @@ fuzz_check_coff_rsrc (const char *filename, const char *target)
  bfd *abfd;
  windres_bfd wrbfd;
  asection *sec;
- bfd_size_type size;
 
  abfd = bfd_openr (filename, target);
  if (abfd == NULL) {
@@ -64,14 +63,16 @@ fuzz_check_coff_rsrc (const char *filename, const char *target)
  }
 
  sec = bfd_get_section_by_name (abfd, ".rsrc");
- if (sec == NULL) {
+ if (sec == NULL || sec->size == 0) {
  retval = 0;
  goto cleanup;
  }
 
  set_windres_bfd (&wrbfd, abfd, sec, WR_KIND_BFD);
- size = bfd_section_size (sec);
- if (size > (bfd_size_type) get_file_size (filename)) {
+
+ bfd_size_type filesize = get_file_size (filename);
+ if ((ufile_ptr) sec->filepos > filesize
+ || sec->size > filesize - sec->filepos) {
  retval = 0;
  goto cleanup;
  }

projects/bitcoin-core/build.sh

@@ -54,7 +54,9 @@ sed -i "s|PROVIDE_FUZZ_MAIN_FUNCTION|NEVER_PROVIDE_MAIN_FOR_OSS_FUZZ|g" "./confi
 # * --enable-fuzz, see https://github.com/bitcoin/bitcoin/blob/master/doc/fuzzing.md
 # * CONFIG_SITE, see https://github.com/bitcoin/bitcoin/blob/master/depends/README.md
 if [ "$SANITIZER" = "memory" ]; then
- CONFIG_SITE="$PWD/depends/$BUILD_TRIPLET/share/config.site" ./configure --enable-fuzz SANITIZER_LDFLAGS="$LIB_FUZZING_ENGINE" --disable-hardening
+ # _FORTIFY_SOURCE is not compatible with MSAN.
+ export CPPFLAGS="${CPPFLAGS} -U_FORTIFY_SOURCE"
+ CONFIG_SITE="$PWD/depends/$BUILD_TRIPLET/share/config.site" ./configure --enable-fuzz SANITIZER_LDFLAGS="$LIB_FUZZING_ENGINE"
 else
  CONFIG_SITE="$PWD/depends/$BUILD_TRIPLET/share/config.site" ./configure --enable-fuzz SANITIZER_LDFLAGS="$LIB_FUZZING_ENGINE"
 fi

projects/cloud-hypervisor/project.yaml

@@ -1,12 +1,11 @@
 homepage: "https://github.com/cloud-hypervisor/cloud-hypervisor"
 language: rust
-primary_contact: "sebastien.boeuf@intel.com"
+primary_contact: "chen.bo@intel.com"
 auto_ccs:
  - "[email protected]"
  - "[email protected]"
  - "[email protected]"
  - "[email protected]"
- - "[email protected]"
  - "[email protected]"
  - "[email protected]"
  - "[email protected]"

projects/freerdp/Dockerfile

@@ -17,19 +17,15 @@
 FROM gcr.io/oss-fuzz-base/base-builder
 
 # See https://github.com/FreeRDP/FreeRDP/wiki/Compilation
-RUN apt-get update && apt-get install -y \
- build-essential git-core cmake ninja-build pkg-config zlib1g-dev ccache \
- libx11-dev libxext-dev libxinerama-dev libxcursor-dev libxkbfile-dev \
- libxv-dev libxi-dev libxdamage-dev libxrender-dev libxrandr-dev \
- libssl-dev libasound2-dev libcups2-dev libpulse-dev libcairo2-dev \
- libavutil-dev libavcodec-dev libusb-1.0-0-dev libicu-dev \
- libpkcs11-helper1-dev libpkcs11-helper1 libsdl2-ttf-dev \
- libwayland-dev libpam0g-dev libxcb-damage0-dev ccache libxtst-dev \
- libfuse-dev libsystemd-dev libsoxr-dev libsdl2-dev docbook-xsl \
- libkrb5-dev krb5-multidev libcjson-dev libswscale-dev libswresample-dev \
- libpcsclite-dev xsltproc libsdl2-dev
+# Install Git and base dependences.
+RUN apt-get update && apt-get install -y devscripts equivs \
+ build-essential git-core cmake ninja-build pkg-config ccache
 
 RUN git clone --depth 1 https://github.com/FreeRDP/FreeRDP.git
 
 WORKDIR FreeRDP
+
+# Install all dependencies required by the nightly package.
+RUN mk-build-deps --install --tool 'apt-get --yes --no-remove --no-install-recommends' packaging/deb/freerdp-nightly/control
+
 COPY build.sh $SRC/

projects/freerdp/build.sh

@@ -34,20 +34,6 @@ esac
 : ${LDFLAGS:="${CXXFLAGS}"} # to make sure we link with sanitizer runtime
 
 cmake_args=(
- # Specific to FreeRDP.
- -DWITH_SAMPLE=OFF
- -DWITH_SERVER=ON
- -DWITH_PROXY=OFF
- -DWITH_SHADOW=OFF
- -DWITH_CLIENT=OFF
- -DWITH_ALSA=OFF
- -DWITH_X11=OFF
- -DWITH_LIBSYSTEMD=OFF
- -DWITH_FUSE=OFF
- -DWITH_AAD=OFF
- -DWITH_FFMPEG=OFF
- -DWITH_SWSCALE=OFF
-
  # clang-15 segfaults on linking binaries when LTO is enabled,
  # see https://github.com/google/oss-fuzz/pull/10448#issuecomment-1578160436
  -DCMAKE_INTERPROCEDURAL_OPTIMIZATION=OFF
@@ -56,9 +42,6 @@ cmake_args=(
 
  -DCMAKE_BUILD_TYPE=Debug
  -DBUILD_SHARED_LIBS=OFF
- -DOSS_FUZZ=ON
- -DBUILD_FUZZERS=ON
- -DBUILD_TESTING=ON
 
  # C compiler
  -DCMAKE_C_COMPILER="${CC}"
@@ -77,7 +60,7 @@ cmake_args=(
 
 # Build the project and fuzzers.
 rm -rf build
-cmake "${cmake_args[@]}" -S . -B build -G Ninja
+cmake "${cmake_args[@]}" -S . -B build -G Ninja -C ci/cmake-preloads/config-oss-fuzz.cmake
 cmake --build build --parallel --target fuzzers
 
 for f in $(find build/Testing/ -name 'TestFuzz*' -type f);

projects/freerdp/project.yaml

@@ -13,5 +13,6 @@ fuzzing_engines:
  - libfuzzer
 sanitizers:
  - address
+ - undefined
 architectures:
  - x86_64

projects/gitpython/Dockerfile

@@ -1,4 +1,3 @@
-#!/usr/bin/python3
 # Copyright 2023 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -14,5 +13,7 @@
 # limitations under the License.
 FROM gcr.io/oss-fuzz-base/base-builder-python
 RUN git clone https://github.com/gitpython-developers/gitpython gitpython
-COPY *.sh *py $SRC/
+RUN $SRC/gitpython/fuzzing/oss-fuzz-scripts/container-environment-bootstrap.sh
+
+COPY *.sh $SRC/
 WORKDIR $SRC/gitpython

projects/gitpython/build.sh

@@ -14,9 +14,5 @@
 # limitations under the License.
 #
 ################################################################################
-pip3 install .
 
-# Build fuzzers in $OUT.
-for fuzzer in $(find $SRC -name 'fuzz_*.py'); do
- compile_python_fuzzer $fuzzer
-done
+. "$SRC/gitpython/fuzzing/oss-fuzz-scripts/build.sh"

projects/gitpython/project.yaml

@@ -1,10 +1,11 @@
-fuzzing_engines:
-- libfuzzer
-homepage: https://github.com/gitpython-developers/gitpython
+homepage: "https://github.com/gitpython-developers/gitpython"
 language: python
-main_repo: https://github.com/gitpython-developers/gitpython
+primary_contact: "[email protected]"
+auto_ccs:
+ - "[email protected]"
+ - "[email protected]"
+main_repo: "https://github.com/gitpython-developers/gitpython"
+fuzzing_engines:
+ - libfuzzer
 sanitizers:
-- address
-- undefined
-vendor_ccs:
-- [email protected]
+ - address

projects/hpn-ssh/Dockerfile

@@ -0,0 +1,23 @@
+# Copyright 2017 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y make autoconf automake libtool
+RUN apt-get install -y libz-dev libssl1.1 libssl-dev libedit-dev zip libpkcs11
+RUN git clone https://github.com/rapier1/hpn-ssh
+RUN git clone --depth 1 https://github.com/djmdjm/openssh-fuzz-cases
+WORKDIR hpn-ssh
+COPY build.sh $SRC/