| Commit message (Collapse) | Author | Age |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Install gdb12 from source
* nit: remove tar file
* nit
* Separate GDB installation and purge libs
* Pass -y to purge
* use remove --purge
|
| |
|
|
|
|
|
| |
Initial integration
Fix missing dependency, fix wrong folder paths
|
|
|
|
|
| |
* Initial integration
* Improve fuzz target, fix build error
|
| |
|
|
|
| |
Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
|
|
|
|
|
| |
Revert "infra: let honggfuzz verify crashes (#7850)"
This reverts commit d0d88aad6d8fff5e0819a638d7b48453ba2916b3.
|
|
|
|
|
|
|
|
|
|
|
|
| |
to make it easier to catch issues like
https://github.com/google/honggfuzz/issues/465.
With -V when unreproducible crashes are triggered honggfuzz shows something like
```
[2022-06-10T15:21:12+0000][W][2373157] subproc_checkTimeLimit():532 pid=2374490 took too much time (limit 30 s). Killing it with SIGKILL
Sz:280 Tm:30,021,052us (i/b/h/e/p/c) New:0/0/0/0/0/3, Cur:0/0/0/0/0/591
Launching verifier for HASH: 1b859677dd (iteration: 1 out of 5)
[2022-06-10T15:21:13+0000][E][2373157] fuzz_runVerifier():280 Verifier stack mismatch: (original) 1b859677dd != (new) 0
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* croniter: instrument fuzzing function
The Croniter build is having some troubles with coverage and I'm not
entirely sure why. It seems like the corpus is not there and I'm not
entirely sure if this has to do with some instrumentation underlyings.
Locally the end-to-end process of running, collecting seeds and
generating coverage works for me. The effort in this PR is to make the
setup similar to pyyalm where the coverage visualisation works -- the
only difference I could spot between fuzzers from the two projects is
that croniter does not have its fuzzer entry function instrumented.
* Instrument all. This is similar to protobuf-python
|
|
|
|
| |
Ref:
https://github.com/google/oss-fuzz/commit/3d1858edb22ae1a7e51c81d867553439d607b891#commitcomment-76137646
|
| |
|
|
|
| |
Prompted by https://github.com/bus1/dbus-broker/issues/291
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* infra: add proj name to env for fuzz introspector
Depends on https://github.com/ossf/fuzz-introspector/pull/327
Ref: https://github.com/ossf/fuzz-introspector/issues/317
* lint fix
* update introspector commit
Co-authored-by: Navidem <navid.emamdoost@gmail.com>
|
|
|
| |
Initial integration
|
|
|
|
|
| |
* Adds new CC to the project.yaml file.
* lpak is in the primary contact. Removes from CC.
|
| |
|
|
|
|
|
|
|
| |
* A PoC with `node-shell-quote` v1.7.3.
* A description of the shell injection bug in the prev version of shell-quote and how to reproduce it with `execSan`.
* Amend the instructions to run `execSan` on `node-shell-quote` and `pytorch-lightning`.
|
| |
|
|
|
|
|
|
|
|
| |
* java-projects: update maven 3.8.5 to 3.8.6
The 3.8.5 is no longer available so project builds are failing for those
in this commit. This fixes it.
* nit: remove jul-to-slf4j
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.4 to 1.13.6.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.13.4...v1.13.6)
---
updated-dependencies:
- dependency-name: nokogiri
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
|
| |
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47849
|
| |
|
|
|
| |
Fixes #7695
|
|
|
|
|
|
|
|
| |
By analogy with 8d762775ac3c04f1 it should make it easier
to change the build script when new build dependencies like
meson are introduced.
lxc is switching to meson in https://github.com/lxc/lxc/pull/4142
so it's expected that it should fail to build on OSS-Fuzz.
|
|
|
|
|
|
|
|
|
|
|
| |
* Hyperledger Fabric: Initial integration
* Update project.yaml
* Update build.sh
* Update Dockerfile
Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
|
|
|
| |
This follows https://github.com/python-jsonschema/jsonschema/pull/965
|
|
|
| |
Ref: https://github.com/google/oss-fuzz/pull/7828#discussion_r893332700
|
|
|
|
|
|
|
|
|
|
|
| |
* Set flags to use old pass manger
* nit
* Add comment to Dockerfile
* More informative comment
* nit
|
|
|
| |
Allow searching for the binary to execute in $PATH
|
|
|
| |
* A PoC of `execSan` with `pytorch-lightning-1.5.10`
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix bugs
1. Don't try to build the script name as a project.
2. Add a flag to force builds of projects that previously failed.
3. Make sure we build projects from our PR branch.
4. Wait on all builds not just builds of the last type.
5. Don't use test bucket for corpus or coverage (will corpus work or fail because of creds?)
Add tests for these features.
|
| |
|
|
|
| |
initial commit
|
|
|
|
|
| |
for instance for image/jpeg which needs DecodeConfig
before Decode is called, otherwise arbitrary allocation is
possible
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to mostly make sure that fuzz targets are buildable with
architecture=i386. Ideally CIFuzz should also download the
latest corpora using the "clusterfuzz-builds-i386" links but
it kind of works even without that.
It was tested in https://github.com/evverx/oss-fuzz/pull/13
by pointing https://github.com/evverx/systemd/pull/110 to
that fork of the oss-fuzz repository. To judge from
https://github.com/evverx/systemd/actions/runs/2406321298 it
seems to be working more or less. The "i386" job failed there
because https://github.com/systemd/systemd/commit/89b6a3f13e5f3b8a375dc82cb2a1c2c204a5067e
to test "i386" as much as possible.
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Update TensorFlow OSSFuzz people.
Amit leaves Google. Keep the two repositories in sync.
* Update TensorFlow emails (2 projects)
Since I left TF, moving to primary another person in TF Security team.
Also adding another TF Security team member to CC, as well as myself.
Will probably send new updates as new members join :)
|
|
|
|
| |
These binaries are necessary and are only run during testing.
Fixes https://github.com/google/oss-fuzz/issues/7802
|
| |
|
|
|
| |
croniter: initialer integration
|
| |
|
|
|
| |
remove Googlers from usrsctp auto_ccs
|
| |
|
|
|
| |
Signed-off-by: Adi Suissa-Peleg <adip@google.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* envoy: Limiting number of targets in CI
Signed-off-by: Adi Suissa-Peleg <adip@google.com>
* Removing another target
Signed-off-by: Adi Suissa-Peleg <adip@google.com>
|
|
|
|
| |
The cosmos-sdk fuzz tests have been merged to the main branch in
https://github.com/cosmos/cosmos-sdk/pull/12152 .
|
|
|
| |
Fix missing folder for jdk17
|
|
|
|
|
| |
* ansible: rename fuzzers
* ansible: add encryption fuzzer
|
|
|
|
| |
Following
https://github.com/janet-lang/janet/commit/c9f33bbde03b804e8a62d0d90e4f56307347124f
|