Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Port sqlite3 fuzzer #3

Merged
merged 1 commit into from
Sep 14, 2016
Merged

Port sqlite3 fuzzer #3

merged 1 commit into from
Sep 14, 2016

Conversation

tanin47
Copy link
Contributor

@tanin47 tanin47 commented Sep 13, 2016

  • It needs fossil. Therefore, the build.sh looks weird.
  • I can't make sqlite3.a. So, I use sqlite3.o. I have no idea how they are different. (Not a C++ person here.)

@googlebot
Copy link

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed, please reply here (e.g. I signed it!) and we'll verify. Thanks.


  • If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
  • If you signed the CLA as a corporation, please let us know the company's name.

@tanin47
Copy link
Contributor Author

tanin47 commented Sep 13, 2016

I signed it!

@Dor1s
Copy link
Contributor

Dor1s commented Sep 14, 2016

Verified locally, it works. Also it's worth to add a dictionary. I'll add it.

@Dor1s Dor1s merged commit 5b49cd3 into google:master Sep 14, 2016
@tanin47 tanin47 deleted the tanin-sqlite3 branch September 14, 2016 15:03
@oliverchang
Copy link
Collaborator

I was actually waiting to merge this because I knew that it wouldn't actually work on our builder, but should be fine to keep it checked in for now.

@Dor1s
Copy link
Contributor

Dor1s commented Sep 14, 2016

I didn't know that, sorry! :)
Let's post comments for other pull requests, if there are any blockers for merging.

mikea added a commit that referenced this pull request Nov 14, 2016
fuzzers fail with:

=================================================================
�[1m�[31m==18057==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000b8a144 at pc 0x0000007ae0ca bp 0x7fff2b91a4d0 sp 0x7fff2b91a4c8
�[1m�[0m�[1m�[34mWRITE of size 4 at 0x000000b8a144 thread T0�[1m�[0m
    #0 0x7ae0c9 in fuzzer::TracePC::HandleInit(unsigned int*, unsigned int*) /src/libfuzzer/FuzzerTracePC.cpp:49:8
    #1 0x7bcab9 in __sanitizer_cov_trace_pc_guard_init /src/libfuzzer/FuzzerTracePC.cpp:286:15
    #2 0x5156bf in sancov.module_ctor (/out/curl_fuzzer+0x5156bf)
    #3 0x88c1cc in __libc_csu_init (/out/curl_fuzzer+0x88c1cc)
    #4 0x7f4ab7aed7be in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x207be)
    #5 0x41fd78 in _start (/out/curl_fuzzer+0x41fd78)
This was referenced Dec 8, 2016
mikea added a commit that referenced this pull request Dec 13, 2016
There seem to be leaks in icu tools:

LD_LIBRARY_PATH=../lib:../stubdata:../tools/ctestfw:$LD_LIBRARY_PATH  ../bin/genrb --usePoolBundle -k -i ./out/build/icudt58l -s /src/icu/source/data/locales -d ./out/build/icudt58l ar.txt

=================================================================
�[1m�[31m==7719==ERROR: LeakSanitizer: detected memory leaks
�[1m�[0m
�[1m�[34mDirect leak of 64 byte(s) in 1 object(s) allocated from:
�[1m�[0m    #0 0x4d3368 in malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:64
    #1 0x5154fb in ucbuf_open /src/icu/source/tools/toolutil/ucbuf.cpp:469:36
    #2 0x50d4b3 in main /src/icu/source/tools/gendict/gendict.cpp:316:19
    #3 0x7ff77f72582f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
@michaelni michaelni mentioned this pull request Apr 25, 2017
@dgreid dgreid mentioned this pull request Oct 11, 2017
MartinPetkov pushed a commit to MartinPetkov/oss-fuzz that referenced this pull request Aug 15, 2022
to make it easier to figure out why configure fails with something like
```
Step google#3 - "compile-afl-address-x86_64": configure: error: in `/src/elfutils':
Step google#3 - "compile-afl-address-x86_64": configure: error: C compiler cannot create executables
Step google#3 - "compile-afl-address-x86_64": See `config.log' for more details
```
Navidem pushed a commit that referenced this pull request Nov 7, 2022
Following the addition of some fuzzing tests
([#1](u-root/u-root#2528),
[#2](u-root/u-root#2535),
[#3](u-root/u-root#2536)) in the u-root project
and [preparations for this
integration](u-root/u-root#2543).
You can check out its [website](https://u-root.org/) for more info on
the project.

Signed-off-by: Fabian Wienand <[email protected]>

Signed-off-by: Fabian Wienand <[email protected]>
Navidem pushed a commit that referenced this pull request Dec 1, 2022
Attempting to fix broken build:
```
Step #3 - "compile-libfuzzer-address-x86_64": �[34m 1:59.04�(B�[m /work/obj-fuzz/dist/bin/firefox -unittest --gtest_death_test_style=threadsafe�(B�[m�(B�[m
Step #3 - "compile-libfuzzer-address-x86_64": XPCOMGlueLoad error for file /work/obj-fuzz/dist/bin/libmozgtk.so:
Step #3 - "compile-libfuzzer-address-x86_64": libgtk-3.so.0: cannot open shared object file: No such file or directory
Step #3 - "compile-libfuzzer-address-x86_64": Couldn't load XPCOM.
Step #3 - "compile-libfuzzer-address-x86_64": ********************************************************************************
Step #3 - "compile-libfuzzer-address-x86_64": Failed to build.
Step #3 - "compile-libfuzzer-address-x86_64": To reproduce, run:
Step #3 - "compile-libfuzzer-address-x86_64": python infra/helper.py build_image firefox
Step #3 - "compile-libfuzzer-address-x86_64": python infra/helper.py build_fuzzers --sanitizer address --engine libfuzzer --architecture x86_64 firefox
Step #3 - "compile-libfuzzer-address-x86_64": ********************************************************************************
Finished Step #3 - "compile-libfuzzer-address-x86_64"
ERROR
ERROR: build step 3 "gcr.io/cloud-builders/docker" failed: step exited with non-zero status: 1
```
jonathanmetzman added a commit that referenced this pull request Dec 6, 2022
cc @oliverchang @alan32liu after #9100 and #8448

After compiling locally, I can see that
`./SystemSan ./target_dns -dict=vuln.dict`
crashes in a few seconds with
```
===BUG DETECTED: Arbitrary domain name resolution===
===Domain resolved: .f.z===
===DNS request type: 0, class: 256===
==315== ERROR: libFuzzer: deadly signal
    #0 0x539131 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:87:3
    #1 0x457c48 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5
    #2 0x43c923 in fuzzer::Fuzzer::CrashCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:233:3
    #3 0x7fa57940041f  (/lib/x86_64-linux-gnu/libpthread.so.0+0x1441f) (BuildId: 7b4536f41cdaa5888408e82d0836e33dcf436466)
    #4 0x7fa5793ff7db in send (/lib/x86_64-linux-gnu/libpthread.so.0+0x137db) (BuildId: 7b4536f41cdaa5888408e82d0836e33dcf436466)
    #5 0x503ba4 in __interceptor_send /src/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6802:17
    #6 0x7fa578abf462  (/lib/x86_64-linux-gnu/libresolv.so.2+0xb462) (BuildId: 4519041bde5b859c55798ac0745b0b6199cb7d94)
    #7 0x7fa578abbc43 in __res_context_query (/lib/x86_64-linux-gnu/libresolv.so.2+0x7c43) (BuildId: 4519041bde5b859c55798ac0745b0b6199cb7d94)
    #8 0x7fa578abc8ed in __res_context_search (/lib/x86_64-linux-gnu/libresolv.so.2+0x88ed) (BuildId: 4519041bde5b859c55798ac0745b0b6199cb7d94)
    #9 0x7fa578ad2cc1  (/lib/x86_64-linux-gnu/libnss_dns.so.2+0x2cc1) (BuildId: 3fac4ec397ba8e8938fe298f103113f315465130)
    #10 0x7fa578ad2e8b in _nss_dns_gethostbyname3_r (/lib/x86_64-linux-gnu/libnss_dns.so.2+0x2e8b) (BuildId: 3fac4ec397ba8e8938fe298f103113f315465130)
    #11 0x7fa578ad2f41 in _nss_dns_gethostbyname2_r (/lib/x86_64-linux-gnu/libnss_dns.so.2+0x2f41) (BuildId: 3fac4ec397ba8e8938fe298f103113f315465130)
    #12 0x7fa5792fdc9d in gethostbyname2_r (/lib/x86_64-linux-gnu/libc.so.6+0x130c9d) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    #13 0x7fa5792d179e  (/lib/x86_64-linux-gnu/libc.so.6+0x10479e) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    #14 0x7fa5792d2f58 in getaddrinfo (/lib/x86_64-linux-gnu/libc.so.6+0x105f58) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    #15 0x4d93ac in getaddrinfo /src/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:2667:13
    #16 0x56c8d9 in LLVMFuzzerTestOneInput /out/SystemSan/target_dns.cpp:35:11
    #17 0x43dec3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #18 0x43d6aa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
    #19 0x43ed79 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
    #20 0x43fa45 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
    #21 0x42edaf in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
    #22 0x458402 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #23 0x7fa5791f1082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    #24 0x41f7ed in _start (/out/SystemSan/target_dns+0x41f7ed)

NOTE: libFuzzer has rudimentary signal handlers.
      Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
MS: 2 CrossOver-ManualDict- DE: "f.z"-; base unit: ac3478d69a3c81fa62e60f5c3696165a4e5e6ac4
0x66,0x2e,0x7a,
f.z
artifact_prefix='./'; Test unit written to ./crash-926813b2d6adde373f96a10594a5314951588384
Base64: Zi56
```

You can also try
```
echo -n f.z > toto
./SystemSan ./target_dns toto  
```

Co-authored-by: Oliver Chang <[email protected]>
Co-authored-by: jonathanmetzman <[email protected]>
DavidKorczynski added a commit that referenced this pull request Dec 23, 2022
Fixes the current error:
```
Step #3 - "compile-afl-address-x86_64": checking for the correct version of gmp.h... no
Step #3 - "compile-afl-address-x86_64": configure: error: Building GDB requires GMP 4.2+, and MPFR 3.1.0+.
Step #3 - "compile-afl-address-x86_64": Try the --with-gmp and/or --with-mpfr options to specify
Step #3 - "compile-afl-address-x86_64": their locations.  If you obtained GMP and/or MPFR from a vendor
```
Navidem pushed a commit that referenced this pull request Dec 23, 2022
Fixes the current error:
```
Step #3 - "compile-afl-address-x86_64": checking for the correct version of gmp.h... no
Step #3 - "compile-afl-address-x86_64": configure: error: Building GDB requires GMP 4.2+, and MPFR 3.1.0+.
Step #3 - "compile-afl-address-x86_64": Try the --with-gmp and/or --with-mpfr options to specify
Step #3 - "compile-afl-address-x86_64": their locations.  If you obtained GMP and/or MPFR from a vendor
```
eamonnmcmanus pushed a commit to eamonnmcmanus/oss-fuzz that referenced this pull request Mar 15, 2023
Attempting to fix broken build:
```
Step google#3 - "compile-libfuzzer-address-x86_64": �[34m 1:59.04�(B�[m /work/obj-fuzz/dist/bin/firefox -unittest --gtest_death_test_style=threadsafe�(B�[m�(B�[m
Step google#3 - "compile-libfuzzer-address-x86_64": XPCOMGlueLoad error for file /work/obj-fuzz/dist/bin/libmozgtk.so:
Step google#3 - "compile-libfuzzer-address-x86_64": libgtk-3.so.0: cannot open shared object file: No such file or directory
Step google#3 - "compile-libfuzzer-address-x86_64": Couldn't load XPCOM.
Step google#3 - "compile-libfuzzer-address-x86_64": ********************************************************************************
Step google#3 - "compile-libfuzzer-address-x86_64": Failed to build.
Step google#3 - "compile-libfuzzer-address-x86_64": To reproduce, run:
Step google#3 - "compile-libfuzzer-address-x86_64": python infra/helper.py build_image firefox
Step google#3 - "compile-libfuzzer-address-x86_64": python infra/helper.py build_fuzzers --sanitizer address --engine libfuzzer --architecture x86_64 firefox
Step google#3 - "compile-libfuzzer-address-x86_64": ********************************************************************************
Finished Step google#3 - "compile-libfuzzer-address-x86_64"
ERROR
ERROR: build step 3 "gcr.io/cloud-builders/docker" failed: step exited with non-zero status: 1
```
eamonnmcmanus pushed a commit to eamonnmcmanus/oss-fuzz that referenced this pull request Mar 15, 2023
cc @oliverchang @alan32liu after google#9100 and google#8448

After compiling locally, I can see that
`./SystemSan ./target_dns -dict=vuln.dict`
crashes in a few seconds with
```
===BUG DETECTED: Arbitrary domain name resolution===
===Domain resolved: .f.z===
===DNS request type: 0, class: 256===
==315== ERROR: libFuzzer: deadly signal
    #0 0x539131 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:87:3
    google#1 0x457c48 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5
    google#2 0x43c923 in fuzzer::Fuzzer::CrashCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:233:3
    google#3 0x7fa57940041f  (/lib/x86_64-linux-gnu/libpthread.so.0+0x1441f) (BuildId: 7b4536f41cdaa5888408e82d0836e33dcf436466)
    google#4 0x7fa5793ff7db in send (/lib/x86_64-linux-gnu/libpthread.so.0+0x137db) (BuildId: 7b4536f41cdaa5888408e82d0836e33dcf436466)
    google#5 0x503ba4 in __interceptor_send /src/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6802:17
    google#6 0x7fa578abf462  (/lib/x86_64-linux-gnu/libresolv.so.2+0xb462) (BuildId: 4519041bde5b859c55798ac0745b0b6199cb7d94)
    google#7 0x7fa578abbc43 in __res_context_query (/lib/x86_64-linux-gnu/libresolv.so.2+0x7c43) (BuildId: 4519041bde5b859c55798ac0745b0b6199cb7d94)
    google#8 0x7fa578abc8ed in __res_context_search (/lib/x86_64-linux-gnu/libresolv.so.2+0x88ed) (BuildId: 4519041bde5b859c55798ac0745b0b6199cb7d94)
    google#9 0x7fa578ad2cc1  (/lib/x86_64-linux-gnu/libnss_dns.so.2+0x2cc1) (BuildId: 3fac4ec397ba8e8938fe298f103113f315465130)
    google#10 0x7fa578ad2e8b in _nss_dns_gethostbyname3_r (/lib/x86_64-linux-gnu/libnss_dns.so.2+0x2e8b) (BuildId: 3fac4ec397ba8e8938fe298f103113f315465130)
    google#11 0x7fa578ad2f41 in _nss_dns_gethostbyname2_r (/lib/x86_64-linux-gnu/libnss_dns.so.2+0x2f41) (BuildId: 3fac4ec397ba8e8938fe298f103113f315465130)
    google#12 0x7fa5792fdc9d in gethostbyname2_r (/lib/x86_64-linux-gnu/libc.so.6+0x130c9d) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    google#13 0x7fa5792d179e  (/lib/x86_64-linux-gnu/libc.so.6+0x10479e) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    google#14 0x7fa5792d2f58 in getaddrinfo (/lib/x86_64-linux-gnu/libc.so.6+0x105f58) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    google#15 0x4d93ac in getaddrinfo /src/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:2667:13
    google#16 0x56c8d9 in LLVMFuzzerTestOneInput /out/SystemSan/target_dns.cpp:35:11
    google#17 0x43dec3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    google#18 0x43d6aa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
    google#19 0x43ed79 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
    google#20 0x43fa45 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
    google#21 0x42edaf in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
    google#22 0x458402 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    google#23 0x7fa5791f1082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    google#24 0x41f7ed in _start (/out/SystemSan/target_dns+0x41f7ed)

NOTE: libFuzzer has rudimentary signal handlers.
      Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
MS: 2 CrossOver-ManualDict- DE: "f.z"-; base unit: ac3478d69a3c81fa62e60f5c3696165a4e5e6ac4
0x66,0x2e,0x7a,
f.z
artifact_prefix='./'; Test unit written to ./crash-926813b2d6adde373f96a10594a5314951588384
Base64: Zi56
```

You can also try
```
echo -n f.z > toto
./SystemSan ./target_dns toto  
```

Co-authored-by: Oliver Chang <[email protected]>
Co-authored-by: jonathanmetzman <[email protected]>
eamonnmcmanus pushed a commit to eamonnmcmanus/oss-fuzz that referenced this pull request Mar 15, 2023
Fixes the current error:
```
Step google#3 - "compile-afl-address-x86_64": checking for the correct version of gmp.h... no
Step google#3 - "compile-afl-address-x86_64": configure: error: Building GDB requires GMP 4.2+, and MPFR 3.1.0+.
Step google#3 - "compile-afl-address-x86_64": Try the --with-gmp and/or --with-mpfr options to specify
Step google#3 - "compile-afl-address-x86_64": their locations.  If you obtained GMP and/or MPFR from a vendor
```
Mno-hime added a commit to Mno-hime/oss-fuzz that referenced this pull request Apr 3, 2023
Fixes
https://oss-fuzz-build-logs.storage.googleapis.com/log-da48c252-bfe3-4131-8fe7-2f5859c114ff.txt:

    Step google#3 - "compile-afl-address-x86_64": checking for LIBURCU... no
    Step google#3 - "compile-afl-address-x86_64": configure: error: Package requirements (liburcu-qsbr liburcu-cds) were not met:
DavidKorczynski pushed a commit that referenced this pull request Apr 5, 2023
We've still got an issue with crashes on the urllib3 requests test that
uses the mock HTTP server.

Fix #9958 to handle port mapping errors didn't resolve it.

I got a feeling there's an ordering issue. Looking at the error logs
[https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56500#c2](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56500#c2)
there appears to be an issue where we're throwing exceptions before the
coverage completes.

```
=== Uncaught Python exception: ===
--
  | MaxRetryError: HTTPConnectionPool(host='localhost', port=8011): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f4cdf33d1f0>: Failed to establish a new connection: [Errno 101] Network is unreachable'))
  | Traceback (most recent call last):
  | File "fuzz_requests.py", line 109, in TestOneInput
  | File "urllib3/_request_methods.py", line 118, in request
  | File "urllib3/_request_methods.py", line 217, in request_encode_body
  | File "urllib3/poolmanager.py", line 433, in urlopen
  | File "urllib3/connectionpool.py", line 874, in urlopen
  | File "urllib3/connectionpool.py", line 874, in urlopen
  | File "urllib3/connectionpool.py", line 874, in urlopen
  | File "urllib3/connectionpool.py", line 844, in urlopen
  | File "urllib3/util/retry.py", line 505, in increment
  | MaxRetryError: HTTPConnectionPool(host='localhost', port=8011): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f4cdf33d1f0>: Failed to establish a new connection: [Errno 101] Network is unreachable'))
  |  
  | INFO: Instrumenting 3854 functions...
  | INFO: Instrumentation complete.
  | ==10674== ERROR: libFuzzer: fuzz target exited
  | #0 0x7f4ce0bac694 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3
  | #1 0x7f4ce0b2df48 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5
  | #2 0x7f4ce0b12cdc in fuzzer::Fuzzer::ExitCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:250:3
  | #3 0x7f4ce09068a6 in __run_exit_handlers /build/glibc-SzIz7B/glibc-2.31/stdlib/exit.c:108:8
  | #4 0x7f4ce0906a5f in exit /build/glibc-SzIz7B/glibc-2.31/stdlib/exit.c:139:3
  | #5 0x7f4ce03b2c78 in libpython3.8.so.1.0
  | #6 0x7f4ce03b76cf in libpython3.8.so.1.0
  | #7 0x403ad2 in fuzz_requests.pkg
  | #8 0x403e67 in fuzz_requests.pkg
  | #9 0x7f4ce08e4082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/libc-start.c:308:16
  | #10 0x40249d in fuzz_requests.pkg
  |  
  | SUMMARY: libFuzzer: fuzz target exited
```

This is an attempted fix inspired by the requests
[fuzz_server.py](https://github.com/google/oss-fuzz/blob/master/projects/requests/fuzz_server.py)
where the lifecycle of the test thread is managed within the server.
Since the web server is created at the start of `TestOneInput` I don't
expect there to be any timing issues or thread initialisation issues.
DavidKorczynski pushed a commit that referenced this pull request Apr 24, 2023
As the test suite currently fails building for coverage due to this
error:
```
Step #3 - "compile-libfuzzer-coverage-x86_64":   CXXLD    plist_test++
Step #3 - "compile-libfuzzer-coverage-x86_64": /usr/bin/ld: .libs/plist_test++: hidden symbol `atexit' in /usr/lib/x86_64-linux-gnu/libc_nonshared.a(atexit.oS) is referenced by DSO
Step #3 - "compile-libfuzzer-coverage-x86_64": /usr/bin/ld: final link failed: bad value
```
I thought I'd add an option to allow disabling building those - and use
this option here - since the test case binaries are not really required
for fuzzing.
jonathanmetzman pushed a commit that referenced this pull request May 9, 2023
This fixes compilation errors of the form:

```
...
Step #3 - "compile-centipede-address-x86_64": �[1m../../src/platform/Linux/ConnectivityManagerImpl.h:211:46: �[0m�[0;1;31merror: �[0m�[1m'guarded_by' attribute requires arguments whose type is annotated with 'capability' attribute; type here is 'std::mutex' [-Werror,-Wthread-safety-attributes]�[0m
Step #3 - "compile-centipede-address-x86_64":     static GDBusWpaSupplicant mWpaSupplicant CHIP_GUARDED_BY(mWpaSupplicantMutex);
Step #3 - "compile-centipede-address-x86_64": �[0;1;32m                                             ^
Step #3 - "compile-centipede-address-x86_64": �[0m�[1m../../src/system/SystemMutex.h:75:49: �[0m�[0;1;30mnote: �[0mexpanded from macro 'CHIP_GUARDED_BY'�[0m
Step #3 - "compile-centipede-address-x86_64": #define CHIP_GUARDED_BY(x) CHIP_TSA_ATTRIBUTE__(guarded_by(x))
Step #3 - "compile-centipede-address-x86_64": �[0;1;32m                                                ^
Step #3 - "compile-centipede-address-x86_64": �[0m1 error generated.
```

as reported in
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58531

Also updated the dockerfile to checkout less things from CHIP so that
the checkout step is faster.

---------

Co-authored-by: Andrei Litvin <[email protected]>
DavidKorczynski added a commit that referenced this pull request May 12, 2023
The fix in #10308 was not right -- the issue is missing use of $OUT

The broken log
```
Step #3 - "compile-afl-address-x86_64": + /src/aflplusplus/afl-clang-fast++ /usr/lib/libFuzzingEngine.a -O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-address-use-after-scope -stdlib=libc++ /src/fuzz_xml.cpp -o /workspace/out/afl-address-x86_64/fuzz_xml -I./src/graph/ -I./src/include -I./build/include/ -I/usr/local/cuda-11.0/targets/x86_64-linux/include/ ./build/lib/libnccl_static.a /usr/local/cuda-11.0/targets/x86_64-linux/lib/libcudart.so
Step #3 - "compile-afl-address-x86_64": + cp /usr/local/cuda-11.0/targets/x86_64-linux/lib/libcudart.so.11.0 /out/
Step #3 - "compile-afl-address-x86_64": cp: cannot create regular file '/out/': Not a directory
```
AdamKorcz pushed a commit that referenced this pull request May 12, 2023
The fix in #10308 was not right
-- the issue is missing use of $OUT

The broken log
```
Step #3 - "compile-afl-address-x86_64": + /src/aflplusplus/afl-clang-fast++ /usr/lib/libFuzzingEngine.a -O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-address-use-after-scope -stdlib=libc++ /src/fuzz_xml.cpp -o /workspace/out/afl-address-x86_64/fuzz_xml -I./src/graph/ -I./src/include -I./build/include/ -I/usr/local/cuda-11.0/targets/x86_64-linux/include/ ./build/lib/libnccl_static.a /usr/local/cuda-11.0/targets/x86_64-linux/lib/libcudart.so
Step #3 - "compile-afl-address-x86_64": + cp /usr/local/cuda-11.0/targets/x86_64-linux/lib/libcudart.so.11.0 /out/
Step #3 - "compile-afl-address-x86_64": cp: cannot create regular file '/out/': Not a directory
```
Mno-hime added a commit to Mno-hime/oss-fuzz that referenced this pull request May 15, 2023
Fixes a linking issue:

    Step google#3 - "compile-afl-address-x86_64": /usr/bin/ld: /usr/bin/ld: DWARF error: invalid or unhandled FORM value: 0x25
    Step google#3 - "compile-afl-address-x86_64": lib/dns/.libs/libdns.a(libdns_la-rbtdb.o): in function `free_rbtdb':
    Step google#3 - "compile-afl-address-x86_64": rbtdb.c:(.text+0x2bca): undefined reference to `cds_wfs_destroy'
    ...
jonathanmetzman pushed a commit that referenced this pull request May 15, 2023
Fixes a linking issue:

Step #3 - "compile-afl-address-x86_64": /usr/bin/ld: /usr/bin/ld: DWARF
error: invalid or unhandled FORM value: 0x25
Step #3 - "compile-afl-address-x86_64":
lib/dns/.libs/libdns.a(libdns_la-rbtdb.o): in function `free_rbtdb':
Step #3 - "compile-afl-address-x86_64": rbtdb.c:(.text+0x2bca):
undefined reference to `cds_wfs_destroy'
    ...
jonathanmetzman pushed a commit that referenced this pull request May 16, 2023
Fix Error:
```
Step #3 - "compile-afl-address-x86_64": + cp builddir/tests/fuzzing/nas_message_fuzz /workspace/out/afl-address-x86_64/nas_message_fuzz
Step #3 - "compile-afl-address-x86_64": + mkdir /out/lib/
Step #3 - "compile-afl-address-x86_64": mkdir: cannot create directory '/out/lib/': No such file or directory
Step #3 - "compile-afl-address-x86_64": ********************************************************************************
Step #3 - "compile-afl-address-x86_64": Failed to build.
Step #3 - "compile-afl-address-x86_64": To reproduce, run:
```
DavidKorczynski pushed a commit that referenced this pull request Dec 4, 2023
OpenCV library now doesn't build QUIRC by default - it uses own QR
decoder.

Build error:
```
Step #3 - "compile-afl-address-x86_64": + for fuzzer in core_fuzzer filestorage_read_file_fuzzer filestorage_read_filename_fuzzer filestorage_read_string_fuzzer generateusergallerycollage_fuzzer imdecode_fuzzer imencode_fuzzer imread_fuzzer readnetfromtensorflow_fuzzer
Step #3 - "compile-afl-address-x86_64": + /src/aflplusplus/afl-clang-fast++ -O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-address-use-after-scope -stdlib=libc++ /usr/lib/libFuzzingEngine.a core_fuzzer.cc -std=c++11 -I/work/install-address/include/opencv4 -L/work/install-address/lib -L/work/install-address/lib/opencv4/3rdparty -lopencv_dnn -lopencv_objdetect -lopencv_photo -lopencv_ml -lopencv_gapi -lopencv_stitching -lopencv_video -lopencv_calib3d -lopencv_features2d -lopencv_highgui -lopencv_videoio -lopencv_imgcodecs -lopencv_imgproc -lopencv_flann -lopencv_core -llibjpeg-turbo -llibwebp -llibpng -llibtiff -llibopenjp2 -lIlmImf -llibprotobuf -lquirc -lzlib -littnotify -lippiw -lippicv -lade -ldl -lm -lpthread -lrt -o /workspace/out/afl-address-x86_64/core_fuzzer
Step #3 - "compile-afl-address-x86_64": /usr/bin/ld: cannot find -lquirc
Step #3 - "compile-afl-address-x86_64": clang-15: �[0;1;31merror: �[0m�[1mlinker command failed with exit code 1 (use -v to see invocation)�[0m
```

**cc** @vrabaud , @opencv-alalek
DavidKorczynski pushed a commit that referenced this pull request Jan 8, 2024
Hi! This pull request makes some changes to the previous pull request
#11377. In detail, all **printf**
statements were replaced with assertions.
@DavidKorczynski please check when you have a time.

Fyi @azat.
DavidKorczynski pushed a commit that referenced this pull request Jan 24, 2024
Base PR apache/brpc#2420 ;

NOTE:
I can't enable memory sanitizer due to

```log
BAD BUILD: /tmp/not-out/tmpmptlk01q/fuzz_esp seems to have either startup crash or exit:
/tmp/not-out/tmpmptlk01q/fuzz_esp -rss_limit_mb=2560 -timeout=25 -seed=1337 -runs=4 < /dev/null
Uninitialized bytes in MemcmpInterceptorCommon at offset 15 inside [0x7030000000f0, 19)
==428==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x682b90 in __interceptor_memcmp /src/llvm-project/compiler-rt/lib/msan/../sanitizer_common/sanitizer_common_interceptors.inc:892:10
    #1 0x7fa8ef4cf62a in google::protobuf::SimpleDescriptorDatabase::DescriptorIndex<std::pair<void const*, int> >::FindLastLessOrEqual(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (/tmp/not-out/tmpmptlk01q/lib/libprotobuf.so.17+0x15062a) (BuildId: 64affeb0f489ae4bcea211ed99e1eca15ff97d68)
    #2 0x7fa8ef4d259f in google::protobuf::SimpleDescriptorDatabase::DescriptorIndex<std::pair<void const*, int> >::AddSymbol(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::pair<void const*, int>) (/tmp/not-out/tmpmptlk01q/lib/libprotobuf.so.17+0x15359f) (BuildId: 64affeb0f489ae4bcea211ed99e1eca15ff97d68)
    #3 0x7fa8ef4d2a15 in google::protobuf::SimpleDescriptorDatabase::DescriptorIndex<std::pair<void const*, int> >::AddFile(google::protobuf::FileDescriptorProto const&, std::pair<void const*, int>) (/tmp/not-out/tmpmptlk01q/lib/libprotobuf.so.17+0x153a15) (BuildId: 64affeb0f489ae4bcea211ed99e1eca15ff97d68)
    #4 0x7fa8ef4cebef in google::protobuf::EncodedDescriptorDatabase::Add(void const*, int) (/tmp/not-out/tmpmptlk01q/lib/libprotobuf.so.17+0x14fbef) (BuildId: 64affeb0f489ae4bcea211ed99e1eca15ff97d68)
    #5 0x7fa8ef499f43 in google::protobuf::DescriptorPool::InternalAddGeneratedFile(void const*, int) (/tmp/not-out/tmpmptlk01q/lib/libprotobuf.so.17+0x11af43) (BuildId: 64affeb0f489ae4bcea211ed99e1eca15ff97d68)
    #6 0x7fa8ef49281d in protobuf_google_2fprotobuf_2fapi_2eproto::AddDescriptorsImpl() (/tmp/not-out/tmpmptlk01q/lib/libprotobuf.so.17+0x11381d) (BuildId: 64affeb0f489ae4bcea211ed99e1eca15ff97d68)
```

Signed-off-by: Arjun Singh <[email protected]>
jonathanmetzman pushed a commit that referenced this pull request Nov 18, 2024
A recent upgrade of Envoy' abseil library
(envoyproxy/envoy#36317) enabled
`layering_check` ([imported
commit](abseil/abseil-cpp@143e983#diff-8498e61ae6ae818e1ee9bcefffd37b44a3a596e63d1de03c58087299ccbe7a22))
when building abseil (as part of Envoy).

Here's an example of the failure during the build:
```
�[1A�[K�[31m�[1mERROR: �[0m/root/.cache/bazel/_bazel_root/4e9824db8e7d11820cfa25090ed4ed10/external/com_google_absl/absl/types/BUILD.bazel:178:11: Compiling absl/types/bad_variant_access.cc failed: undeclared inclusion(s) in rule '@com_google_absl//absl/types:bad_variant_access':
Step #3 - "compile-honggfuzz-address-x86_64": this rule is missing dependency declarations for the following files included by 'absl/types/bad_variant_access.cc':
Step #3 - "compile-honggfuzz-address-x86_64":   'bazel-out/k8-fastbuild-ST-74a21d80f561/bin/external/com_google_absl/absl/base/core_headers.cppmap'
Step #3 - "compile-honggfuzz-address-x86_64":   'bazel-out/k8-fastbuild-ST-74a21d80f561/bin/external/com_google_absl/absl/base/atomic_hook.cppmap'
Step #3 - "compile-honggfuzz-address-x86_64":   'bazel-out/k8-fastbuild-ST-74a21d80f561/bin/external/com_google_absl/absl/base/errno_saver.cppmap'
Step #3 - "compile-honggfuzz-address-x86_64":   'bazel-out/k8-fastbuild-ST-74a21d80f561/bin/external/com_google_absl/absl/base/log_severity.cppmap'
```

Seems that this was encountered in the OSS-Fuzz abseil build and it was
patched to disable layering check #11325:

https://github.com/google/oss-fuzz/blob/f0fa8b5cd3f99b5905e91b336d07a870ca1bc2e3/projects/abseil-cpp/build.sh#L17-L21

This PR introduces the same change in Envoy's abseil build.

Signed-off-by: Adi Suissa-Peleg <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants