| Commit message (Collapse) | Author | Age |
|
|
|
| |
We aren't planning on suppoting TSAN on ClusterFuzz.
But we can support in CIFuzz since Skia wants it.
|
|
|
|
|
| |
* [teleport] Initial integration
* Minor update to run tests again
|
| |
|
|
|
| |
Signed-off-by: Asra Ali <asraa@google.com>
|
|
|
| |
i.e. bring back afl.
|
|
|
|
|
|
|
| |
* Fixes radon build
* Fixes lotus build for all fuzz targets
* Fixes lotus
|
|
|
| |
don't test unstable non-release preR13 paths.
|
| |
|
|
|
| |
Add a gmail account to get access to the detailed reports.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prior to this change, native library loading failed for
two reasons:
1. Loading from current working directory instead of the fuzzer's
directory.
2. Using ASAN_OPTIONS=handle_segv=2.
Fix these issues by doing the following.
1. Adding the fuzzer's directory to LD_LIBRARY_PATH instead of "."
2. Specifying handle_segv=1 in ASAN_OPTIONS.
Related: https://github.com/google/oss-fuzz/issues/5178
|
| |
|
|
|
|
|
|
|
|
|
| |
* initial integration.
* Updated the libyang project to reflect upstream set up.
* Remove fuzzer that has false positives.
* Updated project.yaml.
|
| |
|
|
|
|
|
|
|
| |
* Fixes teleport and syzkaller builds
By running go mod vendor after go mod tidy
* fixup syzkaller
|
| |
|
|
|
|
|
|
|
|
|
| |
* Fixes go-quic corpuses build
* fixup
* Fixes minify build
* Do not generate corpuses for quic-go coverage
|
|
|
|
|
|
|
|
|
| |
Jazzer has made fuzzerTestOneInput return void instead of boolean.
This commit adapts the existing Jazzer fuzz targets to this change.
Previously, returning true from a fuzz target would be recorded as a
crash. However, since there is no stack trace in that case, such crashes
cause issues with deduplication. Additionally, the behavior is easy to
replicate with assert or a an if with a throw statement.
|
| |
|
| |
|
|
|
|
|
| |
* initial integration of md4c project.
* update project based on upstream changes.
|
| |
|
|
|
|
|
|
|
| |
* initial integration.
* Updated the project yaml.
* Updated projet to reflect upstream changes.
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix ecc-diff-fuzzer build with right botan config
Taken from oss-fuzz botan configure line
* another try
* Fixes botan build
* compile ecc-diff-fuzzer like fixing botan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Makes vitess build local
As it uses vitess.io instead of github
* Completes minify project
* Completes quic-go
* Local build for nats project
* Completes ipfs
* run go mod tidy after adding go module
* Right bash sequence for go mod tidy
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The oss-fuzz git ASAN build fails due to a leak inside git iself:
the build script builds a copy of git, and then uses that binary to
prepare the corpus - although the git invocation itself succeeds,
ASAN causes the script to fail due to the leak:
https://oss-fuzz-build-logs.storage.googleapis.com/log-2eee2921-1b3f-4dd8-a902-50474e8fed55.txt
This was reproduced locally using:
$ python infra/helper.py build_fuzzers --sanitizer address git
Disabling leak checking for all invocations of git in the script
is enough to avoid this failure, thus fixing the build.
The leak itself is being fixed in git in the following commit (which
is now in next, hence the build should be fixed by now):
https://git.kernel.org/pub/scm/git/git.git/commit/?id=bf4bb9f9f5130a7b299f7810fb87a40cdd1bd8ee
However, I still believe we should be disabling leak checking during
the build script in this way because:
1. This issue persisted for close to one month before being fixed,
and blocking oss-fuzz runs on a leak during the build process
for that long seems counter-productive.
2. An alternative would be to use a pre-built copy of git to build
the corpus (thus sidestepping ASAN in the first place), but IMHO
installing git via the Dockerfile seems more wasteful AND it's
unclear if that would have side effects (I'm not sure if the
commit-graph format changes between versions).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* [teleport] Initial integration
* Minor update to run tests again
* Fix istio build
* Small fix
* Experimental fix
* Experimental fix
* Disable coverage build
* Enabled coverage build
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fixes cilium build
* Fixes dragonfly build
* Fixes fasthttp build
* Fixes fastjson build
* golang build: change directory only temporary
* Fixes gitea build
* Fixes grpc-gateway build
* Fixes hugo project build
* Fixes ipfs build
* Fixes jsonparser build
* Fixes kubernetes build
* Fixes loki build
* Fixes minify build
* Fixes nats build
* Removes go get from the docs
* Fixes quic-go build
* Fixes radon build
* Fixes syzkaller build
* Fixes tidb build
* Fixes vitess build
|
| |
|
| |
|
| |
|
|
|
|
|
| |
* zeek: enable afl.
* Added whitespace to gtrigger ci.
|
|
|
|
|
| |
* dropbear: enable afl and simplify project yaml.
* dropbear: fixup project yaml and copyrights.
|
|
|
|
|
|
|
| |
* postgresql: fix fuzzers and build, and enable AFL.
* postgresql: fix up main repo.
* postgresql: fix up the patch for postgresql.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* go: right bash condition for changing directory
* go-json-iterator: uses git clone
So as to copy fuzz target in right directory
* go: uses tags when running go list
* go-redis: uses git clone and builds local fuzz target
* cascadia: uses git clone instead of go get
|
|
|
|
|
| |
This also builds and installs the seed corpus zip files.
The --disable-leaks option is implied by --enable-sanitizer and
--enable-fuzzer so it is no longer needed either.
|
| |
|
|
|
|
|
|
| |
The same speculative fix as in #5217.
The current working directory "." should have no reason to be in the
classpath if it is not equal to "$this_dir", hence it is removed.
|
|
|
|
|
|
|
|
|
|
|
| |
The java-example project does not pull in any external dependencies, but
rather consists of three basic Java fuzzers that hit a synthetic bug
after a few seconds. The project can be used to verify that ClusterFuzz
correctly handles JVM fuzz targets.
* ExampleFuzzer fails with an assertion.
* ExampleValueProfileFuzzer fails with an exception after a few seconds,
but only if running in value profile mode.
* ExampleFuzzerNative fails with an ASan report.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* final afl++ integration
* remove afl++ cmplog tests
* update afl++ commit id
* support rebuild
* llvm 13 workaround
* apply fix for llvm 13
* fix nits
* Fix nits.
* Fix name nit.
* update commit id
* update commit id
* update commit id to stable
Co-authored-by: Abhishek Arya <inferno@chromium.org>
|
|
|
|
|
|
|
| |
Seems that some bugs in openjpeg can be triggered only in release mode.
More specifically, I was trying to reproduce https://github.com/uclouvain/openjpeg/issues/1228 using the OSS-Fuzz harness and I failed.
I figured out that the bug is indeed reachable by the harness, but can be uncovered only in Release mode, otherwise, an assertion error blocks it.
I guess that they use assertions only in Debug mode (WTF) and remove them in Release.
So, IMO openjpeg should be fuzzed in Release mode as the configuration used in production is the one relevant for security.
|
|
|
| |
Co-authored-by: David Cook <divergentdave@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
(#5217)
This is a speculative fix for an issue we've seen where the class
fails to load.
A simpler approach I did not use is cd-ing into $this_dir. I didn't
use this approach because it will break things if relative paths
are passed to the fuzzer by ClusterFuzz.
The other reason that I think could be responsible for the missing
class issues is not unpacking the zipfile fully.
|
| |
|
|
|
| |
As requested privately by Leonard
|
|
|
|
|
|
|
|
|
|
|
| |
* Remove manual denylisting in tensorflow
Remove manual denylisting of fuzzing targets using bazel query via tags.
* Add a space in the bazel query.
* Update the tag we should denylist.
* Update the comment.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
json-sanitizer uses Maven and has no native dependencies.
The build file is loosely divided into two parts. The first part is
project-specific, the second one can serve as a template for JVM fuzz
targets without native dependencies.
The following three fuzz targets are added to OSS-Fuzz and can later be
moved into the json-sanitizer tree:
* DenylistFuzzer verifies that the output of json-sanitizer never
contains certain substrings that can lead to HTML or XML injections.
* IdempotenceFuzzer verifies that json-sanitizer is idempotent.
* ValidJsonFuzzer verifies that the output of json-sanitizer is valid
JSON by passing it into gson.
|
|
|
|
|
| |
* use configure options to set the compiler/linker flags
* use make to build the actual fuzz targets
|
| |
|