From e8f3e6c41eb1af3cb73d0e483c74627a751fa562 Mon Sep 17 00:00:00 2001 From: DavidKorczynski Date: Thu, 19 Dec 2024 09:56:15 +0000 Subject: [PATCH 01/11] infra: fix ci failure (#12871) Signed-off-by: David Korczynski --- .github/workflows/project_tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/project_tests.yml b/.github/workflows/project_tests.yml index 6caf21280c48..3c6bd5653ee7 100644 --- a/.github/workflows/project_tests.yml +++ b/.github/workflows/project_tests.yml @@ -68,7 +68,7 @@ jobs: sudo swapoff -a sudo rm -f /swapfile sudo apt clean - docker rmi $(docker images -a -q) + docker rmi $(docker images -a -q) || true df -h echo "Remove large unused folders, inspired by https://github.com/apache/flink/blame/master/tools/azure-pipelines/free_disk_space.sh" sudo bash -c '(ionice -c 3 nice -n 19 rm -rf /usr/share/dotnet/ /usr/local/graalvm/ /usr/local/.ghcup/ /usr/local/share/powershell /usr/local/share/chromium /usr/local/lib/android /usr/local/lib/node_modules)&' From e17999e560033052914a77fc0a02540d66cd91e0 Mon Sep 17 00:00:00 2001 From: Charles Giessen <46324611+charles-lunarg@users.noreply.github.com> Date: Thu, 19 Dec 2024 04:01:07 -0600 Subject: [PATCH 02/11] vulkan-loader: Fix leak in settings fuzzer (#12870) The fuzzer would leak the settings layer list if it successfully found the layers. This creates memory leaks that aren't directly the fault of the Vulkan-Loader project. Co-authored-by: DavidKorczynski --- projects/vulkan-loader/fuzzers/settings_fuzzer.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/projects/vulkan-loader/fuzzers/settings_fuzzer.c b/projects/vulkan-loader/fuzzers/settings_fuzzer.c index 4a40d614475d..9d2430f81f79 100644 --- a/projects/vulkan-loader/fuzzers/settings_fuzzer.c +++ b/projects/vulkan-loader/fuzzers/settings_fuzzer.c @@ -71,6 +71,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { bool should_search_for_other_layers = true; get_settings_layers(NULL, &settings_layers, &should_search_for_other_layers); + // Free allocated memory + loader_delete_layer_list_and_properties(NULL, (struct loader_layer_list *)settings_layers.list); should_skip_logging_global_messages(0); update_global_loader_settings(); teardown_global_loader_settings(); From be6c9296814d2b4655a5f938509714b6281c661f Mon Sep 17 00:00:00 2001 From: DavidKorczynski Date: Fri, 20 Dec 2024 20:08:08 +0000 Subject: [PATCH 03/11] Revert "Save docker images for C/C++" (#12876) Reverts google/oss-fuzz#12831 --- infra/build/functions/build_lib.py | 36 +++++-------------- infra/build/functions/build_project.py | 11 +++--- .../test_data/expected_build_steps.json | 10 ++---- .../expected_centipede_build_steps.json | 7 ++-- .../expected_coverage_build_steps.json | 5 +-- .../test_data/expected_trial_build_steps.json | 5 +-- 6 files changed, 21 insertions(+), 53 deletions(-) diff --git a/infra/build/functions/build_lib.py b/infra/build/functions/build_lib.py index f244a766e97e..65f6280d762f 100644 --- a/infra/build/functions/build_lib.py +++ b/infra/build/functions/build_lib.py @@ -417,7 +417,6 @@ def get_docker_build_step(image_names, 'name': DOCKER_TOOL_IMAGE, 'args': args, 'dir': directory, - 'id': f'build-{architecture}', } # Handle buildkit args # Note that we mutate "args" after making it a value in step. @@ -463,11 +462,10 @@ def get_project_image_steps( # pylint: disable=too-many-arguments steps.extend(get_pull_test_images_steps(config.test_image_suffix)) src_root = 'oss-fuzz' if not experiment else '.' - docker_build_step = get_docker_build_step( - [image, _get_unsafe_name(name)], - os.path.join('projects', name), - src_root=src_root, - cache_image=cache_image) + docker_build_step = get_docker_build_step([image], + os.path.join('projects', name), + src_root=src_root, + cache_image=cache_image) steps.append(docker_build_step) if srcmap: srcmap_step_id = get_srcmap_step_id() @@ -479,7 +477,7 @@ def get_project_image_steps( # pylint: disable=too-many-arguments ], 'env': [ 'OSSFUZZ_REVISION=$REVISION_ID', - f'FUZZING_LANGUAGE={language}', + 'FUZZING_LANGUAGE=%s' % language, ], 'id': srcmap_step_id }]) @@ -500,31 +498,15 @@ def get_project_image_steps( # pylint: disable=too-many-arguments 'args': ['buildx', 'use', builder_name] }, ]) - docker_build_arm_step = get_docker_build_step( - [image, _get_unsafe_name(name)], - os.path.join('projects', name), - architecture=_ARM64) + docker_build_arm_step = get_docker_build_step([image], + os.path.join( + 'projects', name), + architecture=_ARM64) steps.append(docker_build_arm_step) - if (not experiment and not config.testing and - config.build_type == 'fuzzing' and language in ('c', 'c++')): - # Push so that historical bugs are reproducible. - push_step = { - 'name': 'gcr.io/cloud-builders/docker', - 'args': ['push', _get_unsafe_name(name)], - 'id': 'push-image', - 'waitFor': [docker_build_step['id']], - 'allowFailure': True - } - steps.append(push_step) - return steps -def _get_unsafe_name(name): - return f'us-central1-docker.pkg.dev/oss-fuzz/unsafe/{name}' - - def get_logs_url(build_id): """Returns url that displays the build logs.""" return ( diff --git a/infra/build/functions/build_project.py b/infra/build/functions/build_project.py index 2a6c4ad9b156..b8eca8eb0190 100755 --- a/infra/build/functions/build_project.py +++ b/infra/build/functions/build_project.py @@ -19,6 +19,8 @@ Usage: build_project.py """ +from __future__ import print_function + import argparse from dataclasses import dataclass import datetime @@ -75,7 +77,6 @@ class Config: experiment: bool = False # TODO(ochang): This should be different per engine+sanitizer combination. upload_build_logs: str = None - build_type: str = None WORKDIR_REGEX = re.compile(r'\s*WORKDIR\s*([^\s]+)') @@ -475,6 +476,7 @@ def get_build_steps_for_project(project, upload_steps = get_upload_steps(project, build, timestamp, config.testing) build_steps.extend(upload_steps) + return build_steps @@ -627,7 +629,7 @@ def get_args(description): return parser.parse_args() -def create_config(args, build_type): +def create_config_from_commandline(args): """Create a Config object from parsed command line |args|.""" upload = not args.experiment return Config(testing=args.testing, @@ -635,8 +637,7 @@ def create_config(args, build_type): branch=args.branch, parallel=args.parallel, upload=upload, - experiment=args.experiment, - build_type=build_type) + experiment=args.experiment) def build_script_main(script_description, get_build_steps_func, build_type): @@ -649,7 +650,7 @@ def build_script_main(script_description, get_build_steps_func, build_type): credentials = oauth2client.client.GoogleCredentials.get_application_default() error = False - config = create_config(args, build_type) + config = create_config_from_commandline(args) for project_name in args.projects: logging.info('Getting steps for: "%s".', project_name) try: diff --git a/infra/build/functions/test_data/expected_build_steps.json b/infra/build/functions/test_data/expected_build_steps.json index a35cb9a6ce80..065c76c7bbbf 100644 --- a/infra/build/functions/test_data/expected_build_steps.json +++ b/infra/build/functions/test_data/expected_build_steps.json @@ -14,12 +14,9 @@ "build", "--tag", "gcr.io/oss-fuzz/test-project", - "--tag", - "us-central1-docker.pkg.dev/oss-fuzz/unsafe/test-project", "." ], - "dir": "oss-fuzz/projects/test-project", - "id": "build-x86_64" + "dir": "oss-fuzz/projects/test-project" }, { "name": "gcr.io/oss-fuzz/test-project", @@ -71,12 +68,9 @@ "--load", "--tag", "gcr.io/oss-fuzz/test-project-aarch64", - "--tag", - "us-central1-docker.pkg.dev/oss-fuzz/unsafe/test-project-aarch64", "." ], - "dir": "oss-fuzz/projects/test-project", - "id": "build-aarch64" + "dir": "oss-fuzz/projects/test-project" }, { "name": "gcr.io/cloud-builders/docker", diff --git a/infra/build/functions/test_data/expected_centipede_build_steps.json b/infra/build/functions/test_data/expected_centipede_build_steps.json index 885c803d312a..db92d885ec2d 100644 --- a/infra/build/functions/test_data/expected_centipede_build_steps.json +++ b/infra/build/functions/test_data/expected_centipede_build_steps.json @@ -13,13 +13,10 @@ "args": [ "build", "--tag", - "gcr.io/oss-fuzz/test-project", - "--tag", - "us-central1-docker.pkg.dev/oss-fuzz/unsafe/test-project", + "gcr.io/oss-fuzz/test-project", "." ], - "dir": "oss-fuzz/projects/test-project", - "id": "build-x86_64" + "dir": "oss-fuzz/projects/test-project" }, { "name": "gcr.io/oss-fuzz/test-project", diff --git a/infra/build/functions/test_data/expected_coverage_build_steps.json b/infra/build/functions/test_data/expected_coverage_build_steps.json index 493c6ce25d2a..9fce94c44bf2 100644 --- a/infra/build/functions/test_data/expected_coverage_build_steps.json +++ b/infra/build/functions/test_data/expected_coverage_build_steps.json @@ -14,12 +14,9 @@ "build", "--tag", "gcr.io/oss-fuzz/test-project", - "--tag", - "us-central1-docker.pkg.dev/oss-fuzz/unsafe/test-project", "." ], - "dir": "oss-fuzz/projects/test-project", - "id": "build-x86_64" + "dir": "oss-fuzz/projects/test-project" }, { "name": "gcr.io/oss-fuzz/test-project", diff --git a/infra/build/functions/test_data/expected_trial_build_steps.json b/infra/build/functions/test_data/expected_trial_build_steps.json index a41da778516c..1497f7e05a7a 100644 --- a/infra/build/functions/test_data/expected_trial_build_steps.json +++ b/infra/build/functions/test_data/expected_trial_build_steps.json @@ -167,12 +167,9 @@ "build", "--tag", "gcr.io/oss-fuzz/skcms", - "--tag", - "us-central1-docker.pkg.dev/oss-fuzz/unsafe/skcms", "." ], - "dir": "oss-fuzz/projects/skcms", - "id": "build-x86_64" + "dir": "oss-fuzz/projects/skcms" }, { "name": "gcr.io/oss-fuzz/skcms", From dd2aeed4f2a0e29b5e803f7c0f2b3ead5d13fc1c Mon Sep 17 00:00:00 2001 From: Oliver Chang Date: Sat, 21 Dec 2024 21:57:40 +1100 Subject: [PATCH 04/11] Update Jazzer to the latest version (Apache 2.0) (#12869) Fixes #11652 Co-authored-by: DavidKorczynski --- infra/base-images/base-builder-jvm/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/base-images/base-builder-jvm/Dockerfile b/infra/base-images/base-builder-jvm/Dockerfile index 5b76964d2985..48c7d76af5c9 100644 --- a/infra/base-images/base-builder-jvm/Dockerfile +++ b/infra/base-images/base-builder-jvm/Dockerfile @@ -36,7 +36,7 @@ WORKDIR $SRC RUN git clone https://github.com/CodeIntelligenceTesting/jazzer && \ cd jazzer && \ - git checkout aa376ca3c0255b9cf04e1fc79fcf1fe5c63b2376 + git checkout 11b42852df4344737df54a380c2f522025bb4e84 WORKDIR $SRC/jazzer From b54cb11e76707094c48008240efd92889715fb04 Mon Sep 17 00:00:00 2001 From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> Date: Sat, 21 Dec 2024 10:58:19 +0000 Subject: [PATCH 05/11] kubernetes: fix broken build (#12877) Signed-off-by: Adam Korczynski --- projects/kubernetes/Dockerfile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/projects/kubernetes/Dockerfile b/projects/kubernetes/Dockerfile index 120760e181fd..3de456512b0c 100644 --- a/projects/kubernetes/Dockerfile +++ b/projects/kubernetes/Dockerfile @@ -22,6 +22,11 @@ RUN git clone --depth 1 https://github.com/dvyukov/go-fuzz-corpus RUN git clone --depth 1 https://github.com/kubernetes/kops RUN git clone --depth 1 https://github.com/cncf/cncf-fuzzing RUN git clone --depth 1 https://github.com/AdamKorcz/instrumentation +RUN git clone --depth 1 https://github.com/AdamKorcz/go-118-fuzz-build --branch=november-backup +RUN wget https://go.dev/dl/go1.23.4.linux-amd64.tar.gz \ + && mkdir temp-go \ + && rm -rf /root/.go/* \ + && tar -C temp-go/ -xzf go1.23.4.linux-amd64.tar.gz \ + && mv temp-go/go/* /root/.go/ WORKDIR $SRC/ - COPY build.sh $SRC/ From deebef76c5a17c7871930c67f1489b7d23665a1d Mon Sep 17 00:00:00 2001 From: Charles Giessen <46324611+charles-lunarg@users.noreply.github.com> Date: Thu, 26 Dec 2024 04:10:22 -0600 Subject: [PATCH 06/11] vulkan-loader: Use correct variable in destroy function (#12881) Commit e17999e "fixed" the settings_fuzzer.c test by cleaning up memory, but did not pass in the correct variable. It would reinterpret a pointer to memory as a `loader_layer_list` struct, which is all sorts of wrong. It doesn't help that I forcibly cast the memory pointer to the loader_layer_list struct type, causing any warnings to be surpressed. @DavidKorczynski 2nd tries the charm hopefully. --- projects/vulkan-loader/fuzzers/settings_fuzzer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/vulkan-loader/fuzzers/settings_fuzzer.c b/projects/vulkan-loader/fuzzers/settings_fuzzer.c index 9d2430f81f79..63b1a2115171 100644 --- a/projects/vulkan-loader/fuzzers/settings_fuzzer.c +++ b/projects/vulkan-loader/fuzzers/settings_fuzzer.c @@ -72,7 +72,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { bool should_search_for_other_layers = true; get_settings_layers(NULL, &settings_layers, &should_search_for_other_layers); // Free allocated memory - loader_delete_layer_list_and_properties(NULL, (struct loader_layer_list *)settings_layers.list); + loader_delete_layer_list_and_properties(NULL, &settings_layers); should_skip_logging_global_messages(0); update_global_loader_settings(); teardown_global_loader_settings(); From 770c19fab46738a78ab2df7636fd469faf32c259 Mon Sep 17 00:00:00 2001 From: DavidKorczynski Date: Fri, 27 Dec 2024 17:45:54 +0000 Subject: [PATCH 07/11] vscode: add fuzz introspector installation and usage (#12887) Signed-off-by: David Korczynski --- tools/vscode-extension/package.json | 10 ++++ .../vscode-extension/src/commands/cmdRunFI.ts | 58 ++++++++++++++++++ .../src/commands/cmdSetupFI.ts | 59 +++++++++++++++++++ tools/vscode-extension/src/extension.ts | 22 +++++++ 4 files changed, 149 insertions(+) create mode 100644 tools/vscode-extension/src/commands/cmdRunFI.ts create mode 100644 tools/vscode-extension/src/commands/cmdSetupFI.ts diff --git a/tools/vscode-extension/package.json b/tools/vscode-extension/package.json index 06994b4e52bb..1694084f0513 100644 --- a/tools/vscode-extension/package.json +++ b/tools/vscode-extension/package.json @@ -110,6 +110,16 @@ "command": "oss-fuzz.testFuzzerCFLite", "title": "OSS-Fuzz: [CFLite] Test running a specific fuzzer.", "description": "Builds the CFLite setup and runs a fuzzer for a short period of time." + }, + { + "command": "oss-fuzz.setupFuzzIntrospector", + "title": "OSS-Fuzz: Set up Fuzz Introspector", + "description": "Install fuzz introspector on the system" + }, + { + "command": "oss-fuzz.runFuzzIntrospector", + "title": "OSS-Fuzz: Run Full Fuzz Introspector", + "description": "Runs a full Fuzz Introspector" } ], "walkthroughs":[ diff --git a/tools/vscode-extension/src/commands/cmdRunFI.ts b/tools/vscode-extension/src/commands/cmdRunFI.ts new file mode 100644 index 000000000000..5376d9968779 --- /dev/null +++ b/tools/vscode-extension/src/commands/cmdRunFI.ts @@ -0,0 +1,58 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +import * as vscode from 'vscode'; +// import path = require('path'); +import {println} from '../logger'; +import {extensionConfig} from '../config'; +import {isPathValidOssFuzzPath} from '../ossfuzzWrappers'; +import {systemSync} from '../utils'; + +/** + * Function for setting up Fuzz Introspector by way of a Python virtual env. + */ +export async function runFuzzIntrospectorHandler() { + println('Setting up oss-fuzz in /tmp/'); + + const workspaceFolder = vscode.workspace.workspaceFolders; + if (!workspaceFolder) { + return; + } + const pathOfLocal = workspaceFolder[0].uri.fsPath; + println('path of local: ' + pathOfLocal); + + // First check if we already have Fuzz Introspector installed. + const tmpOssFuzzRepositoryPath = '/tmp/fi-tmp-env'; + + if ((await isPathValidOssFuzzPath(tmpOssFuzzRepositoryPath)) === true) { + println('Fuzz Introspector virtual env already exists in /tmp/fi-tmp-env'); + extensionConfig.ossFuzzPepositoryWorkPath = tmpOssFuzzRepositoryPath; + return; + } + + const cmdToExec = '/tmp/fi-tmp-env/bin/fuzz-introspector'; + const args: Array = [ + 'full', + '--target_dir=${pathOfLocal}', + '--language=c', + ]; + const [res, output] = await systemSync(cmdToExec, args); + if (res === false) { + println('Failed run FI'); + println(output); + return; + } +} diff --git a/tools/vscode-extension/src/commands/cmdSetupFI.ts b/tools/vscode-extension/src/commands/cmdSetupFI.ts new file mode 100644 index 000000000000..b1dd7394e401 --- /dev/null +++ b/tools/vscode-extension/src/commands/cmdSetupFI.ts @@ -0,0 +1,59 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +import {println} from '../logger'; +import {extensionConfig} from '../config'; +import {isPathValidOssFuzzPath} from '../ossfuzzWrappers'; +import {systemSync} from '../utils'; + +/** + * Function for setting up Fuzz Introspector by way of a Python virtual env. + */ +export async function setUpFuzzIntrospectorHandler() { + println('Setting up oss-fuzz in /tmp/'); + + // First check if we already have Fuzz Introspector installed. + const tmpOssFuzzRepositoryPath = '/tmp/fi-tmp-env'; + + if ((await isPathValidOssFuzzPath(tmpOssFuzzRepositoryPath)) === true) { + println('Fuzz Introspector virtual env already exists in /tmp/fi-tmp-env'); + extensionConfig.ossFuzzPepositoryWorkPath = tmpOssFuzzRepositoryPath; + return; + } + + const cmdToExec = 'python3.11'; + const args: Array = ['-m', 'virtualenv', tmpOssFuzzRepositoryPath]; + const [res, output] = await systemSync(cmdToExec, args); + if (res === false) { + println('Failed to create virtual environment'); + println(output); + return; + } + + const cmdToExec2 = '/tmp/fi-tmp-env/bin/python3.11'; + const args2: Array = [ + '-m', + 'pip', + 'install', + 'fuzz-introspector==0.1.4', + ]; + const [res2, output2] = await systemSync(cmdToExec2, args2); + if (res2 === false) { + println('Failed to create virtual environment'); + println(output2); + return; + } +} diff --git a/tools/vscode-extension/src/extension.ts b/tools/vscode-extension/src/extension.ts index 9d110be97af9..1392d4da9a16 100644 --- a/tools/vscode-extension/src/extension.ts +++ b/tools/vscode-extension/src/extension.ts @@ -33,6 +33,8 @@ import {runEndToEndAndGetCoverage} from './commands/cmdEndToEndCoverage'; import {listFuzzersHandler} from './commands/cmdListFuzzers'; import {cmdInputCollectorReproduceTestcase} from './commands/cmdReproduceTestcase'; import {cmdDispatcherTemplate} from './commands/cmdTemplate'; +import {setUpFuzzIntrospectorHandler} from './commands/cmdSetupFI'; +import {runFuzzIntrospectorHandler} from './commands/cmdRunFI'; import {cmdDispatcherGenerateClusterfuzzLite} from './commands/cmdDispatcherGenerateClusterfuzzLite'; import {setUpOssFuzzHandler} from './commands/cmdSetupOSSFuzz'; import {setOssFuzzPath} from './commands/cmdSetOSSFuzzPath'; @@ -189,6 +191,26 @@ export function activate(context: vscode.ExtensionContext) { println('CMD end: testFuzzerCFLite'); }) ); + + context.subscriptions.push( + vscode.commands.registerCommand( + 'oss-fuzz.setupFuzzIntrospector', + async () => { + println('CMD start: setup FI'); + await setUpFuzzIntrospectorHandler(); + } + ) + ); + + context.subscriptions.push( + vscode.commands.registerCommand( + 'oss-fuzz.runFuzzIntrospector', + async () => { + println('CMD start: run Fuzz Introspector'); + await runFuzzIntrospectorHandler(); + } + ) + ); } // This method is called when your extension is deactivated From 9254384ec2d2b15a66ee412eeaad90aa7f421aaf Mon Sep 17 00:00:00 2001 From: "Tristan F.-R." Date: Fri, 27 Dec 2024 10:27:50 -0800 Subject: [PATCH 08/11] [pulldown-cmark] finalize (#12885) continues https://github.com/google/oss-fuzz/pull/12594. thin is used to counter [build errors](https://github.com/pulldown-cmark/pulldown-cmark/blob/db58c3153dff847e74c3ffd403bcf9b1a2e04839/fuzz/README.md#L17). --- projects/pulldown-cmark/Dockerfile | 22 ++++++++++++++++++++++ projects/pulldown-cmark/build.sh | 21 +++++++++++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 projects/pulldown-cmark/Dockerfile create mode 100644 projects/pulldown-cmark/build.sh diff --git a/projects/pulldown-cmark/Dockerfile b/projects/pulldown-cmark/Dockerfile new file mode 100644 index 000000000000..d8f3caeb8183 --- /dev/null +++ b/projects/pulldown-cmark/Dockerfile @@ -0,0 +1,22 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder-rust + +RUN git clone --depth 1 https://github.com/pulldown-cmark/pulldown-cmark pulldown-cmark +WORKDIR $SRC + +COPY build.sh $SRC/ diff --git a/projects/pulldown-cmark/build.sh b/projects/pulldown-cmark/build.sh new file mode 100644 index 000000000000..5d9618cf3ed8 --- /dev/null +++ b/projects/pulldown-cmark/build.sh @@ -0,0 +1,21 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Note: This project creates Rust fuzz targets exclusively +cd $SRC/pulldown-cmark +CARGO_PROFILE_RELEASE_LTO=thin cargo fuzz build -O +cp target/x86_64-unknown-linux-gnu/release/commonmark_js $OUT/ +cp target/x86_64-unknown-linux-gnu/release/parse $OUT/ From 400401daa132545fdb7e7a4acf15f0d2602a5555 Mon Sep 17 00:00:00 2001 From: Bailey Capuano <32396237+capuanob@users.noreply.github.com> Date: Fri, 27 Dec 2024 11:30:34 -0700 Subject: [PATCH 09/11] zip: Updated Dockerfile for initial integration (#12880) This pull requests integrates the Dockerfile needed to build the fuzzers for zip, as merged into upstream [here](https://github.com/kuba--/zip/pull/365). --- projects/zip/Dockerfile | 22 ++++++++++++++++++++++ projects/zip/project.yaml | 4 ++++ 2 files changed, 26 insertions(+) create mode 100644 projects/zip/Dockerfile diff --git a/projects/zip/Dockerfile b/projects/zip/Dockerfile new file mode 100644 index 000000000000..6cb8bbc3a0ed --- /dev/null +++ b/projects/zip/Dockerfile @@ -0,0 +1,22 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +RUN apt-get update && apt-get install -y cmake make + +RUN git clone --depth 1 https://github.com/kuba--/zip.git zip \ + && cp zip/fuzz/build.sh $SRC/ +WORKDIR zip diff --git a/projects/zip/project.yaml b/projects/zip/project.yaml index c24f55c9c78c..d3b3618174f2 100644 --- a/projects/zip/project.yaml +++ b/projects/zip/project.yaml @@ -2,3 +2,7 @@ homepage: "https://github.com/kuba--/zip" language: c primary_contact: "capuanobailey@gmail.com" main_repo: "https://github.com/kuba--/zip.git" +fuzzing_engines: + - libfuzzer + - afl + - honggfuzz From e35ff32a8cb9b1c7a649e9b25610c60813376556 Mon Sep 17 00:00:00 2001 From: Dominik Stadler Date: Mon, 30 Dec 2024 07:47:43 +0100 Subject: [PATCH 10/11] Apache poi various smaller changes (#12725) * Update JDK 8 and 11 to latest patch-levels * Add temporary work around for invalid dependency on log4j-bom introduced via recent XmlBeans * Fix presubmit-checks for Apache POI * Print out which file fails checks in presubmit.py to aid in finding the culprit --- infra/presubmit.py | 2 +- projects/apache-poi/Dockerfile | 20 ++++++++------- projects/apache-poi/pom.xml | 47 +++++++++++++++++++++++++++++++++- 3 files changed, 58 insertions(+), 11 deletions(-) diff --git a/infra/presubmit.py b/infra/presubmit.py index 86f5cd927fba..41633fa256a7 100755 --- a/infra/presubmit.py +++ b/infra/presubmit.py @@ -262,7 +262,7 @@ def _check_one_apt_update(path): if 'RUN apt install' in dockerfile or 'RUN apt-get install' in dockerfile: print('Please add an "apt-get update" before "apt-get install". ' 'Otherwise, a cached and outdated RUN layer may lead to install ' - 'failures.') + 'failures in file %s.' % str(path)) return False return True diff --git a/projects/apache-poi/Dockerfile b/projects/apache-poi/Dockerfile index ba2c834cb8df..daec69262fba 100644 --- a/projects/apache-poi/Dockerfile +++ b/projects/apache-poi/Dockerfile @@ -23,17 +23,19 @@ rm -rf maven.zip ENV MVN $SRC/maven-3.6.3/apache-maven-3.6.3/bin/mvn ENV TARGET_PACKAGE_PREFIX org.apache.poi.*:org.apache.xmlbeans.* -RUN curl -L https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u382-b05/OpenJDK8U-jdk_x64_linux_hotspot_8u382b05.tar.gz -o OpenJDK8U-jdk_x64_linux_hotspot_8u382b05.tar.gz && \ - tar xvf OpenJDK8U-jdk_x64_linux_hotspot_8u382b05.tar.gz && \ - rm -rf OpenJDK8U-jdk_x64_linux_hotspot_8u382b05.tar.gz +# Newer JDK releases are listed at https://github.com/adoptium/temurin8-binaries/releases/ +RUN curl -L https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u432-b06/OpenJDK8U-jdk_x64_linux_hotspot_8u432b06.tar.gz -o OpenJDK8U-jdk_x64_linux_hotspot_8u432b06.tar.gz && \ + tar xvf OpenJDK8U-jdk_x64_linux_hotspot_8u432b06.tar.gz && \ + rm -rf OpenJDK8U-jdk_x64_linux_hotspot_8u432b06.tar.gz -ENV JAVA_HOME_8 $SRC/jdk8u382-b05 +ENV JAVA_HOME_8 $SRC/jdk8u432-b06 -RUN curl -L https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.20%2B8/OpenJDK11U-jdk_x64_linux_hotspot_11.0.20_8.tar.gz -o OpenJDK11U-jdk_x64_linux_hotspot_11.0.20_8.tar.gz && \ - tar xvf OpenJDK11U-jdk_x64_linux_hotspot_11.0.20_8.tar.gz && \ - rm -rf OpenJDK11U-jdk_x64_linux_hotspot_11.0.20_8.tar.gz +# Newer JDK releases are listed at https://github.com/adoptium/temurin11-binaries/releases/ +RUN curl -L https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jdk_x64_linux_hotspot_11.0.25_9.tar.gz -o OpenJDK11U-jdk_x64_linux_hotspot_11.0.25_9.tar.gz && \ + tar xvf OpenJDK11U-jdk_x64_linux_hotspot_11.0.25_9.tar.gz && \ + rm -rf OpenJDK11U-jdk_x64_linux_hotspot_11.0.25_9.tar.gz -ENV JAVA_HOME_11 $SRC/jdk-11.0.20+8 +ENV JAVA_HOME_11 $SRC/jdk-11.0.25+9 WORKDIR ${SRC} # @@ -42,7 +44,7 @@ WORKDIR ${SRC} RUN git clone --depth 1 https://github.com/apache/poi.git # install packages required for font-handling and other code in java.awt.* -RUN apt-get install -y libxext6 libx11-6 libxrender1 libxtst6 libxi6 libxcb1 libxau6 libxdmcp6 \ +RUN apt-get update && apt-get install -y libxext6 libx11-6 libxrender1 libxtst6 libxi6 libxcb1 libxau6 libxdmcp6 \ && apt-get clean autoclean \ && apt-get autoremove --yes \ && rm -rf /var/lib/{apt,dpkg,cache,log}/ diff --git a/projects/apache-poi/pom.xml b/projects/apache-poi/pom.xml index 989f007446b1..d3fb8b9abf41 100644 --- a/projects/apache-poi/pom.xml +++ b/projects/apache-poi/pom.xml @@ -16,6 +16,18 @@ + + + central + Maven Central + https://repo.maven.apache.org/maven2/ + + + apache-staging + Apache Staging + https://repository.apache.org/content/repositories/staging + + + + + org.apache.logging.log4j + log4j-bom + + org.apache.poi poi-ooxml ${fuzzedLibaryVersion} + + + org.apache.logging.log4j + log4j-bom + + org.apache.poi poi-scratchpad ${fuzzedLibaryVersion} + + + org.apache.logging.log4j + log4j-bom + + org.apache.poi poi-examples ${fuzzedLibaryVersion} + + + org.apache.logging.log4j + log4j-bom + + org.apache.logging.log4j log4j-core - 2.24.1 + 2.24.2 + + + org.apache.logging.log4j + log4j-bom + 2.24.2 + pom + import From 2e0e91795751e950059c1b53b930097c2e574eee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Dec 2024 18:42:40 +1100 Subject: [PATCH 11/11] build(deps-dev): bump rexml from 3.3.6 to 3.3.9 in /docs in the bundler group (#12770) Bumps the bundler group in /docs with 1 update: [rexml](https://github.com/ruby/rexml). Updates `rexml` from 3.3.6 to 3.3.9
Release notes

Sourced from rexml's releases.

REXML 3.3.9 - 2024-10-24

Improvements

  • Improved performance.

Fixes

  • Fixed a parse bug for text only invalid XML.

  • Fixed a parse bug that &#0x...; is accepted as a character reference.

Thanks

  • NAITOH Jun

REXML 3.3.8 - 2024-09-29

Improvements

  • SAX2: Improve parse performance.

Fixes

  • Fixed a bug that unexpected attribute namespace conflict error for the predefined "xml" namespace is reported.
    • GH-208
    • Patch by KITAITI Makoto

Thanks

  • NAITOH Jun

  • KITAITI Makoto

REXML 3.3.7 - 2024-09-04

Improvements

  • Added local entity expansion limit methods

... (truncated)

Changelog

Sourced from rexml's changelog.

3.3.9 - 2024-10-24 {#version-3-3-9}

Improvements

  • Improved performance.

Fixes

  • Fixed a parse bug for text only invalid XML.

  • Fixed a parse bug that &#0x...; is accepted as a character reference.

Thanks

  • NAITOH Jun

3.3.8 - 2024-09-29 {#version-3-3-8}

Improvements

  • SAX2: Improve parse performance.

Fixes

  • Fixed a bug that unexpected attribute namespace conflict error for the predefined "xml" namespace is reported.
    • GH-208
    • Patch by KITAITI Makoto

Thanks

  • NAITOH Jun

  • KITAITI Makoto

3.3.7 - 2024-09-04 {#version-3-3-7}

Improvements

  • Added local entity expansion limit methods

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rexml&package-manager=bundler&previous-version=3.3.6&new-version=3.3.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/oss-fuzz/network/alerts).
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- docs/Gemfile.lock | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docs/Gemfile.lock b/docs/Gemfile.lock index b5024c1877a1..ce9979bf324e 100644 --- a/docs/Gemfile.lock +++ b/docs/Gemfile.lock @@ -222,8 +222,7 @@ GEM rb-fsevent (0.11.1) rb-inotify (0.10.1) ffi (~> 1.0) - rexml (3.3.6) - strscan + rexml (3.3.9) rouge (3.26.0) ruby2_keywords (0.0.5) rubyzip (2.3.2) @@ -238,7 +237,6 @@ GEM faraday (>= 0.17.3, < 3) simpleidn (0.2.1) unf (~> 0.1.4) - strscan (3.1.0) terminal-table (1.8.0) unicode-display_width (~> 1.1, >= 1.1.1) typhoeus (1.4.0)