From d7624afaf746e4265678cf20e13ac339e32c5c0f Mon Sep 17 00:00:00 2001 From: Jonathan Metzman Date: Mon, 1 Aug 2022 13:41:14 -0400 Subject: [PATCH 01/66] Update clang to clang-15 --- .../base-clang/checkout_build_install_llvm.sh | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/infra/base-images/base-clang/checkout_build_install_llvm.sh b/infra/base-images/base-clang/checkout_build_install_llvm.sh index 65f0ea554e3e..7e7fe36168f0 100755 --- a/infra/base-images/base-clang/checkout_build_install_llvm.sh +++ b/infra/base-images/base-clang/checkout_build_install_llvm.sh @@ -106,6 +106,28 @@ function cmake_llvm { $LLVM_SRC/llvm } +# Use chromium's clang revision +mkdir $SRC/chromium_tools +cd $SRC/chromium_tools +git clone https://chromium.googlesource.com/chromium/src/tools/clang +cd clang +# Pin clang due to https://github.com/google/oss-fuzz/issues/7617 +git checkout 946a41a51f44207941b3729a0733dfc1e236644e + +LLVM_SRC=$SRC/llvm-project + +# For manual bumping. +OUR_LLVM_REVISION=llvmorg-15-init-1464-gbf7f8d6f + +# To allow for manual downgrades. Set to 0 to use Chrome's clang version (i.e. +# *not* force a manual downgrade). Set to 1 to force a manual downgrade. +# DO NOT CHANGE THIS UNTIL https://github.com/google/oss-fuzz/issues/7273 is +# RESOLVED. +FORCE_OUR_REVISION=1 +LLVM_REVISION=$(grep -Po "CLANG_REVISION = '\K([^']+)" scripts/update.py) + +clone_with_retries https://github.com/llvm/llvm-project.git $LLVM_SRC + set +e git -C $LLVM_SRC merge-base --is-ancestor $OUR_LLVM_REVISION $LLVM_REVISION IS_OUR_REVISION_ANCESTOR_RETCODE=$? From e040cda98e6412b18dbe98a04b40873902519866 Mon Sep 17 00:00:00 2001 From: Jonathan Metzman Date: Mon, 1 Aug 2022 15:31:00 -0400 Subject: [PATCH 02/66] Fix atheris install --- infra/base-images/base-builder/install_python.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/base-images/base-builder/install_python.sh b/infra/base-images/base-builder/install_python.sh index 17995e3086db..baad349a2cd4 100755 --- a/infra/base-images/base-builder/install_python.sh +++ b/infra/base-images/base-builder/install_python.sh @@ -19,5 +19,5 @@ echo "ATHERIS INSTALL" unset CFLAGS CXXFLAGS # PYI_STATIC_ZLIB=1 is needed for installing pyinstaller 5.0 export PYI_STATIC_ZLIB=1 -pip3 install -v --no-cache-dir "atheris>=2.1.1" "pyinstaller==5.0.1" "coverage==6.3.2" +LIBFUZZER_LIB=/usr/local/lib/clang/15.0.0/lib/x86_64-unknown-linux-gnu/libclang_rt.fuzzer.a pip3 install -v --no-cache-dir "atheris>=2.1.1" "pyinstaller==5.0.1" "coverage==6.3.2" rm -rf /tmp/* From 445af02779df78d8110bfc77346f9823138336c6 Mon Sep 17 00:00:00 2001 From: Jonathan Metzman Date: Mon, 1 Aug 2022 20:34:18 -0400 Subject: [PATCH 03/66] try again --- infra/base-images/base-builder/compile_libfuzzer | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/infra/base-images/base-builder/compile_libfuzzer b/infra/base-images/base-builder/compile_libfuzzer index 7962bd366af7..9b8b75a6b2af 100755 --- a/infra/base-images/base-builder/compile_libfuzzer +++ b/infra/base-images/base-builder/compile_libfuzzer @@ -21,6 +21,5 @@ if [ "$FUZZING_LANGUAGE" = "go" ]; then export LIB_FUZZING_ENGINE="$LIB_FUZZING_ENGINE $GOPATH/gosigfuzz/gosigfuzz.o" fi -cp /usr/local/lib/clang/*/lib/linux/libclang_rt.fuzzer-$ARCHITECTURE.a \ - $LIB_FUZZING_ENGINE_DEPRECATED +cp /usr/local/lib/clang/17.0.0/lib/$ARCHITECTURE-unknown-linux-gnu/libclang_rt.fuzzer.a $LIB_FUZZING_ENGINE_DEPRECATED echo " done." From 32cc42f3a41d9c23c5c61b6e328c806faea2cd72 Mon Sep 17 00:00:00 2001 From: Jonathan Metzman Date: Wed, 3 Aug 2022 17:24:30 -0400 Subject: [PATCH 04/66] Fix i386 compilation --- infra/base-images/base-builder/compile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/infra/base-images/base-builder/compile b/infra/base-images/base-builder/compile index b916733c462b..76cc7872b8c4 100755 --- a/infra/base-images/base-builder/compile +++ b/infra/base-images/base-builder/compile @@ -76,7 +76,8 @@ fi if [[ $ARCHITECTURE == "i386" ]]; then export CFLAGS="-m32 $CFLAGS" - cp -R /usr/i386/lib/* /usr/local/lib + cp -R /usr/i386/lib/x86_64-unknown-linux-gnu/* /usr/local/lib + cp -R /usr/i386/include/x86_64-unknown-linux-gnu/* /usr/local/include fi # Don't use a fuzzing engine with Jazzer which has libFuzzer built-in or with From f5c348ab6a105bc9a87510fd221f8db56042a9a4 Mon Sep 17 00:00:00 2001 From: Jonathan Metzman Date: Fri, 5 Aug 2022 13:30:57 -0400 Subject: [PATCH 05/66] Fix rust and python --- infra/base-images/base-builder-python/Dockerfile | 4 +++- infra/base-images/base-builder/install_rust.sh | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/infra/base-images/base-builder-python/Dockerfile b/infra/base-images/base-builder-python/Dockerfile index 749b4d59e909..0ddc4b67e4c4 100644 --- a/infra/base-images/base-builder-python/Dockerfile +++ b/infra/base-images/base-builder-python/Dockerfile @@ -14,6 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +# TODO(https://github.com/google/oss-fuzz/issues/8059): Stop pinning after +# https://github.com/google/atheris/pull/37 lands. +FROM gcr.io/oss-fuzz-base/base-builder@sha256:e6f6348068b09ca658bb6cf157fc0bfc67c77604b73d4a3fa05c4f4fe3d13be9 RUN install_python.sh diff --git a/infra/base-images/base-builder/install_rust.sh b/infra/base-images/base-builder/install_rust.sh index cbb461fd6ac2..4966740109d0 100755 --- a/infra/base-images/base-builder/install_rust.sh +++ b/infra/base-images/base-builder/install_rust.sh @@ -19,3 +19,4 @@ curl https://sh.rustup.rs | sh -s -- -y --default-toolchain=nightly --profile=mi cargo install cargo-fuzz && rm -rf /rust/registry # Needed to recompile rust std library for MSAN rustup component add rust-src --toolchain nightly +cp -r /usr/local/lib/x86_64-unknown-linux-gnu/* /usr/local/lib/ From 7c7b5fe3e3b36b97b86b4db3f7124630651f23f2 Mon Sep 17 00:00:00 2001 From: Jonathan Metzman Date: Wed, 10 Aug 2022 16:23:41 -0400 Subject: [PATCH 06/66] Fix atheris: --- infra/base-images/base-builder-python/Dockerfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/infra/base-images/base-builder-python/Dockerfile b/infra/base-images/base-builder-python/Dockerfile index 0ddc4b67e4c4..749b4d59e909 100644 --- a/infra/base-images/base-builder-python/Dockerfile +++ b/infra/base-images/base-builder-python/Dockerfile @@ -14,8 +14,6 @@ # ################################################################################ -# TODO(https://github.com/google/oss-fuzz/issues/8059): Stop pinning after -# https://github.com/google/atheris/pull/37 lands. -FROM gcr.io/oss-fuzz-base/base-builder@sha256:e6f6348068b09ca658bb6cf157fc0bfc67c77604b73d4a3fa05c4f4fe3d13be9 +FROM gcr.io/oss-fuzz-base/base-builder RUN install_python.sh From 7426bbecb7df8a245c67ee0c2ff2b087c0ff4c3e Mon Sep 17 00:00:00 2001 From: Jonathan Metzman Date: Wed, 28 Sep 2022 20:17:25 -0400 Subject: [PATCH 07/66] fix --- .../base-clang/checkout_build_install_llvm.sh | 24 +------------------ 1 file changed, 1 insertion(+), 23 deletions(-) diff --git a/infra/base-images/base-clang/checkout_build_install_llvm.sh b/infra/base-images/base-clang/checkout_build_install_llvm.sh index 7e7fe36168f0..531591253d8f 100755 --- a/infra/base-images/base-clang/checkout_build_install_llvm.sh +++ b/infra/base-images/base-clang/checkout_build_install_llvm.sh @@ -50,7 +50,7 @@ LLVM_DEP_PACKAGES="build-essential make ninja-build git python3 python3-distutil apt-get update && apt-get install -y $LLVM_DEP_PACKAGES --no-install-recommends # For manual bumping. -OUR_LLVM_REVISION=llvmorg-15-init-1464-gbf7f8d6f +OUR_LLVM_REVISION=llvmorg-15-init-17529-ga210f404 mkdir $SRC/chromium_tools cd $SRC/chromium_tools @@ -106,28 +106,6 @@ function cmake_llvm { $LLVM_SRC/llvm } -# Use chromium's clang revision -mkdir $SRC/chromium_tools -cd $SRC/chromium_tools -git clone https://chromium.googlesource.com/chromium/src/tools/clang -cd clang -# Pin clang due to https://github.com/google/oss-fuzz/issues/7617 -git checkout 946a41a51f44207941b3729a0733dfc1e236644e - -LLVM_SRC=$SRC/llvm-project - -# For manual bumping. -OUR_LLVM_REVISION=llvmorg-15-init-1464-gbf7f8d6f - -# To allow for manual downgrades. Set to 0 to use Chrome's clang version (i.e. -# *not* force a manual downgrade). Set to 1 to force a manual downgrade. -# DO NOT CHANGE THIS UNTIL https://github.com/google/oss-fuzz/issues/7273 is -# RESOLVED. -FORCE_OUR_REVISION=1 -LLVM_REVISION=$(grep -Po "CLANG_REVISION = '\K([^']+)" scripts/update.py) - -clone_with_retries https://github.com/llvm/llvm-project.git $LLVM_SRC - set +e git -C $LLVM_SRC merge-base --is-ancestor $OUR_LLVM_REVISION $LLVM_REVISION IS_OUR_REVISION_ANCESTOR_RETCODE=$? From 9734c6deabed9e6083c94d2f091efbd54a0f096f Mon Sep 17 00:00:00 2001 From: Jonathan Metzman Date: Tue, 13 Jun 2023 10:40:11 -0400 Subject: [PATCH 08/66] Roll to clang 17 --- infra/base-images/base-clang/Dockerfile | 1 - infra/base-images/base-clang/checkout_build_install_llvm.sh | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/infra/base-images/base-clang/Dockerfile b/infra/base-images/base-clang/Dockerfile index 5c92ee6c05d3..cfa506f947bd 100644 --- a/infra/base-images/base-clang/Dockerfile +++ b/infra/base-images/base-clang/Dockerfile @@ -22,7 +22,6 @@ ARG arch=x86_64 ENV FUZZINTRO_OUTDIR=$SRC - # Install newer cmake. ENV CMAKE_VERSION 3.24.2 RUN apt-get update && apt-get install -y wget sudo && \ diff --git a/infra/base-images/base-clang/checkout_build_install_llvm.sh b/infra/base-images/base-clang/checkout_build_install_llvm.sh index 531591253d8f..fab4abc33029 100755 --- a/infra/base-images/base-clang/checkout_build_install_llvm.sh +++ b/infra/base-images/base-clang/checkout_build_install_llvm.sh @@ -57,7 +57,7 @@ cd $SRC/chromium_tools git clone https://chromium.googlesource.com/chromium/src/tools/clang cd clang # Pin clang due to https://github.com/google/oss-fuzz/issues/7617 -git checkout 946a41a51f44207941b3729a0733dfc1e236644e +git checkout llvmorg-17-init-12166-g7586aeab # To allow for manual downgrades. Set to 0 to use Chrome's clang version (i.e. # *not* force a manual downgrade). Set to 1 to force a manual downgrade. From 831a115b69f672942b929f030a7823c2692c2509 Mon Sep 17 00:00:00 2001 From: Jonathan Metzman Date: Tue, 13 Jun 2023 11:15:08 -0400 Subject: [PATCH 09/66] fix --- infra/base-images/base-builder/compile_libfuzzer | 2 +- infra/base-images/base-builder/install_python.sh | 2 +- infra/base-images/base-clang/checkout_build_install_llvm.sh | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/infra/base-images/base-builder/compile_libfuzzer b/infra/base-images/base-builder/compile_libfuzzer index 9b8b75a6b2af..9acd0ccb6425 100755 --- a/infra/base-images/base-builder/compile_libfuzzer +++ b/infra/base-images/base-builder/compile_libfuzzer @@ -21,5 +21,5 @@ if [ "$FUZZING_LANGUAGE" = "go" ]; then export LIB_FUZZING_ENGINE="$LIB_FUZZING_ENGINE $GOPATH/gosigfuzz/gosigfuzz.o" fi -cp /usr/local/lib/clang/17.0.0/lib/$ARCHITECTURE-unknown-linux-gnu/libclang_rt.fuzzer.a $LIB_FUZZING_ENGINE_DEPRECATED +cp /usr/local/lib/clang/*/lib/$ARCHITECTURE-unknown-linux-gnu/libclang_rt.fuzzer.a $LIB_FUZZING_ENGINE_DEPRECATED echo " done." diff --git a/infra/base-images/base-builder/install_python.sh b/infra/base-images/base-builder/install_python.sh index baad349a2cd4..1246c46c6211 100755 --- a/infra/base-images/base-builder/install_python.sh +++ b/infra/base-images/base-builder/install_python.sh @@ -19,5 +19,5 @@ echo "ATHERIS INSTALL" unset CFLAGS CXXFLAGS # PYI_STATIC_ZLIB=1 is needed for installing pyinstaller 5.0 export PYI_STATIC_ZLIB=1 -LIBFUZZER_LIB=/usr/local/lib/clang/15.0.0/lib/x86_64-unknown-linux-gnu/libclang_rt.fuzzer.a pip3 install -v --no-cache-dir "atheris>=2.1.1" "pyinstaller==5.0.1" "coverage==6.3.2" +LIBFUZZER_LIB=/usr/local/lib/clang/17.0.0/lib/x86_64-unknown-linux-gnu/libclang_rt.fuzzer.a pip3 install -v --no-cache-dir "atheris>=2.1.1" "pyinstaller==5.0.1" "coverage==6.3.2" rm -rf /tmp/* diff --git a/infra/base-images/base-clang/checkout_build_install_llvm.sh b/infra/base-images/base-clang/checkout_build_install_llvm.sh index fab4abc33029..64289cdbb4f4 100755 --- a/infra/base-images/base-clang/checkout_build_install_llvm.sh +++ b/infra/base-images/base-clang/checkout_build_install_llvm.sh @@ -50,14 +50,14 @@ LLVM_DEP_PACKAGES="build-essential make ninja-build git python3 python3-distutil apt-get update && apt-get install -y $LLVM_DEP_PACKAGES --no-install-recommends # For manual bumping. -OUR_LLVM_REVISION=llvmorg-15-init-17529-ga210f404 +OUR_LLVM_REVISION=llvmorg-17-init-12166-g7586aeab mkdir $SRC/chromium_tools cd $SRC/chromium_tools git clone https://chromium.googlesource.com/chromium/src/tools/clang cd clang # Pin clang due to https://github.com/google/oss-fuzz/issues/7617 -git checkout llvmorg-17-init-12166-g7586aeab +git checkout 946a41a51f44207941b3729a0733dfc1e236644e # To allow for manual downgrades. Set to 0 to use Chrome's clang version (i.e. # *not* force a manual downgrade). Set to 1 to force a manual downgrade. From 59acb96bf18e1b6428476cadd9b4c922c14c626c Mon Sep 17 00:00:00 2001 From: Jonathan Metzman Date: Tue, 13 Jun 2023 11:19:19 -0400 Subject: [PATCH 10/66] tmp --- infra/base-images/base-clang/checkout_build_install_llvm.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/base-images/base-clang/checkout_build_install_llvm.sh b/infra/base-images/base-clang/checkout_build_install_llvm.sh index 64289cdbb4f4..db0ec136d726 100755 --- a/infra/base-images/base-clang/checkout_build_install_llvm.sh +++ b/infra/base-images/base-clang/checkout_build_install_llvm.sh @@ -56,7 +56,7 @@ mkdir $SRC/chromium_tools cd $SRC/chromium_tools git clone https://chromium.googlesource.com/chromium/src/tools/clang cd clang -# Pin clang due to https://github.com/google/oss-fuzz/issues/7617 +# Pin clang script due to https://github.com/google/oss-fuzz/issues/7617 git checkout 946a41a51f44207941b3729a0733dfc1e236644e # To allow for manual downgrades. Set to 0 to use Chrome's clang version (i.e. From 7cecde11edd069875554c4ae5643f924e3fd4e36 Mon Sep 17 00:00:00 2001 From: Jonathan Metzman Date: Wed, 21 Feb 2024 17:49:36 -0500 Subject: [PATCH 11/66] 18 --- infra/base-images/base-clang/checkout_build_install_llvm.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/base-images/base-clang/checkout_build_install_llvm.sh b/infra/base-images/base-clang/checkout_build_install_llvm.sh index db0ec136d726..cd1152395664 100755 --- a/infra/base-images/base-clang/checkout_build_install_llvm.sh +++ b/infra/base-images/base-clang/checkout_build_install_llvm.sh @@ -50,7 +50,7 @@ LLVM_DEP_PACKAGES="build-essential make ninja-build git python3 python3-distutil apt-get update && apt-get install -y $LLVM_DEP_PACKAGES --no-install-recommends # For manual bumping. -OUR_LLVM_REVISION=llvmorg-17-init-12166-g7586aeab +OUR_LLVM_REVISION=llvmorg-18-init-14420-gea3a3b25 mkdir $SRC/chromium_tools cd $SRC/chromium_tools From b572e751c5c70ae16c61e1e9de206053b2273e18 Mon Sep 17 00:00:00 2001 From: Jonathan Metzman Date: Tue, 5 Mar 2024 13:05:01 -0500 Subject: [PATCH 12/66] Fix --- infra/base-images/base-builder/compile | 5 ----- .../base-clang/checkout_build_install_llvm.sh | 9 +++++---- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/infra/base-images/base-builder/compile b/infra/base-images/base-builder/compile index d76b373dbfc6..f0c7708ea15f 100755 --- a/infra/base-images/base-builder/compile +++ b/infra/base-images/base-builder/compile @@ -19,11 +19,6 @@ echo "---------------------------------------------------------------" OSS_FUZZ_ON_DEMAND="${OSS_FUZZ_ON_DEMAND:-0}" -# This is a temporary fix: fall back to LLVM14's old pass manager -if [ -n "${OLD_LLVMPASS-}" ]; then - export SANITIZER_FLAGS_introspector=$(echo $SANITIZER_FLAGS_introspector | sed -r 's/-O0/-flegacy-pass-manager/') -fi - if [ "$FUZZING_LANGUAGE" = "jvm" ]; then if [ "$FUZZING_ENGINE" != "libfuzzer" ] && [ "$FUZZING_ENGINE" != "wycheproof" ]; then echo "ERROR: JVM projects can be fuzzed with libFuzzer or tested with wycheproof engines only." diff --git a/infra/base-images/base-clang/checkout_build_install_llvm.sh b/infra/base-images/base-clang/checkout_build_install_llvm.sh index cd1152395664..75da3a29664c 100755 --- a/infra/base-images/base-clang/checkout_build_install_llvm.sh +++ b/infra/base-images/base-clang/checkout_build_install_llvm.sh @@ -57,7 +57,7 @@ cd $SRC/chromium_tools git clone https://chromium.googlesource.com/chromium/src/tools/clang cd clang # Pin clang script due to https://github.com/google/oss-fuzz/issues/7617 -git checkout 946a41a51f44207941b3729a0733dfc1e236644e +git checkout 9eb79319239629c1b23cf7a59e5ebb2bab319a34 # To allow for manual downgrades. Set to 0 to use Chrome's clang version (i.e. # *not* force a manual downgrade). Set to 1 to force a manual downgrade. @@ -91,7 +91,7 @@ function clone_with_retries { } clone_with_retries https://github.com/llvm/llvm-project.git $LLVM_SRC -PROJECTS_TO_BUILD="libcxx;libcxxabi;compiler-rt;clang;lld" +PROJECTS_TO_BUILD="compiler-rt;clang;lld" function cmake_llvm { extra_args="$@" cmake -G "Ninja" \ @@ -99,6 +99,7 @@ function cmake_llvm { -DLIBCXX_ENABLE_STATIC_ABI_LIBRARY=ON \ -DLIBCXXABI_ENABLE_SHARED=OFF \ -DCMAKE_BUILD_TYPE=Release \ + -DLLVM_ENABLE_RUNTIMES="libcxx;libcxxabi" \ -DLLVM_TARGETS_TO_BUILD="$TARGET_TO_BUILD" \ -DLLVM_ENABLE_PROJECTS="$PROJECTS_TO_BUILD" \ -DLLVM_BINUTILS_INCDIR="/usr/include/" \ @@ -120,7 +121,7 @@ fi git -C $LLVM_SRC checkout $LLVM_REVISION echo "Using LLVM revision: $LLVM_REVISION" -# For fuzz introspector. +For fuzz introspector. echo "Applying introspector changes" OLD_WORKING_DIR=$PWD cd $LLVM_SRC @@ -222,7 +223,7 @@ function cmake_libcxx { -DLIBCXXABI_ENABLE_SHARED=OFF \ -DCMAKE_BUILD_TYPE=Release \ -DLLVM_TARGETS_TO_BUILD="$TARGET_TO_BUILD" \ - -DLLVM_ENABLE_PROJECTS="libcxx;libcxxabi" \ + -DLLVM_ENABLE_RUNTIMES="libcxx;libcxxabi" \ -DLLVM_BINUTILS_INCDIR="/usr/include/" \ $extra_args \ $LLVM_SRC/llvm From facb3da861521eb3fec9673ddf3131e0bb58b14b Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Mon, 18 Mar 2024 08:45:08 +0100 Subject: [PATCH 13/66] fixup --- infra/base-images/base-clang/checkout_build_install_llvm.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/base-images/base-clang/checkout_build_install_llvm.sh b/infra/base-images/base-clang/checkout_build_install_llvm.sh index 75da3a29664c..57f164381e2f 100755 --- a/infra/base-images/base-clang/checkout_build_install_llvm.sh +++ b/infra/base-images/base-clang/checkout_build_install_llvm.sh @@ -121,7 +121,7 @@ fi git -C $LLVM_SRC checkout $LLVM_REVISION echo "Using LLVM revision: $LLVM_REVISION" -For fuzz introspector. +# For fuzz introspector. echo "Applying introspector changes" OLD_WORKING_DIR=$PWD cd $LLVM_SRC From 99eb541de48fc0cd5db8c5694799b55ab8256aab Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Mon, 18 Mar 2024 13:26:46 +0100 Subject: [PATCH 14/66] Properly set stage2 compiler, and source dir --- .../base-clang/checkout_build_install_llvm.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/infra/base-images/base-clang/checkout_build_install_llvm.sh b/infra/base-images/base-clang/checkout_build_install_llvm.sh index 57f164381e2f..cdde6f23f95d 100755 --- a/infra/base-images/base-clang/checkout_build_install_llvm.sh +++ b/infra/base-images/base-clang/checkout_build_install_llvm.sh @@ -146,7 +146,8 @@ rm -rf $WORK/llvm-stage1 $WORK/llvm-stage2 cp -r $LLVM_SRC/compiler-rt/lib/fuzzer $SRC/libfuzzer # Use the clang we just built from now on. -CMAKE_EXTRA_ARGS="-DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++" +export CC=clang +export CXX=clang++ function free_disk_space { rm -rf $LLVM_SRC $SRC/chromium_tools @@ -226,13 +227,13 @@ function cmake_libcxx { -DLLVM_ENABLE_RUNTIMES="libcxx;libcxxabi" \ -DLLVM_BINUTILS_INCDIR="/usr/include/" \ $extra_args \ - $LLVM_SRC/llvm + -S $LLVM_SRC/runtimes } # 32-bit libraries. mkdir -p $WORK/i386 cd $WORK/i386 -cmake_libcxx $CMAKE_EXTRA_ARGS \ +cmake_libcxx \ -DCMAKE_INSTALL_PREFIX=/usr/i386/ \ -DCMAKE_C_FLAGS="-m32" \ -DCMAKE_CXX_FLAGS="-m32" @@ -250,7 +251,7 @@ cat < $WORK/msan/blocklist.txt fun:__gxx_personality_* EOF -cmake_libcxx $CMAKE_EXTRA_ARGS \ +cmake_libcxx \ -DLLVM_USE_SANITIZER=Memory \ -DCMAKE_INSTALL_PREFIX=/usr/msan/ \ -DCMAKE_CXX_FLAGS="-fsanitize-blacklist=$WORK/msan/blocklist.txt" From 73f101e4770931c045d6eb9b799e20615d61a42a Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Mon, 18 Mar 2024 13:36:48 +0100 Subject: [PATCH 15/66] infra: bump rust This reverts commit 54cf7a92d169c0f1653f66dc2e5cf07bc87c19ac. --- infra/base-images/base-builder/install_rust.sh | 4 ++-- projects/askama/build.sh | 2 +- projects/crosvm/build.sh | 2 +- projects/gitoxide/build.sh | 2 +- projects/linkerd2-proxy/build.sh | 2 +- projects/naga/build.sh | 2 +- projects/opendal/build.sh | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/infra/base-images/base-builder/install_rust.sh b/infra/base-images/base-builder/install_rust.sh index fd733cca3860..4966740109d0 100755 --- a/infra/base-images/base-builder/install_rust.sh +++ b/infra/base-images/base-builder/install_rust.sh @@ -15,8 +15,8 @@ # ################################################################################ -curl https://sh.rustup.rs | sh -s -- -y --default-toolchain=nightly-2023-12-28 --profile=minimal +curl https://sh.rustup.rs | sh -s -- -y --default-toolchain=nightly --profile=minimal cargo install cargo-fuzz && rm -rf /rust/registry # Needed to recompile rust std library for MSAN -rustup component add rust-src --toolchain nightly-2023-12-28 +rustup component add rust-src --toolchain nightly cp -r /usr/local/lib/x86_64-unknown-linux-gnu/* /usr/local/lib/ diff --git a/projects/askama/build.sh b/projects/askama/build.sh index dc9b7030ff28..18303473261e 100755 --- a/projects/askama/build.sh +++ b/projects/askama/build.sh @@ -23,7 +23,7 @@ for CRATE_DIR in ${FUZZ_CRATE_DIRS[@]}; do echo "Building crate: $CRATE_DIR" cd $CRATE_DIR - cargo +nightly-2023-12-28 fuzz build -O + cargo +nightly fuzz build -O FUZZ_TARGET_OUTPUT_DIR=fuzz/target/x86_64-unknown-linux-gnu/release for f in fuzz/fuzz_targets/*.rs do diff --git a/projects/crosvm/build.sh b/projects/crosvm/build.sh index cdda20e505c8..322501449312 100755 --- a/projects/crosvm/build.sh +++ b/projects/crosvm/build.sh @@ -19,7 +19,7 @@ cd crosvm # Build crosvm fuzzers # Unset the SRC variable as it will interfere with minijail's common.mk framework. -env -u SRC cargo +nightly-2023-12-28 fuzz build -O +env -u SRC cargo +nightly fuzz build -O # Copy fuzzer binaries to $OUT FUZZ_TARGET_OUTPUT_DIR="target/x86_64-unknown-linux-gnu/release" diff --git a/projects/gitoxide/build.sh b/projects/gitoxide/build.sh index 8bd52d90230b..3d7329762b12 100755 --- a/projects/gitoxide/build.sh +++ b/projects/gitoxide/build.sh @@ -25,7 +25,7 @@ for CRATE_DIR in ${FUZZ_CRATE_DIRS[@]}; do echo "Building crate: $CRATE_DIR" cd $CRATE_DIR - cargo +nightly-2023-12-28 fuzz build -O --debug-assertions + cargo +nightly fuzz build -O --debug-assertions FUZZ_TARGET_OUTPUT_DIR=$CARGO_BUILD_TARGET_DIR/x86_64-unknown-linux-gnu/release for f in fuzz/fuzz_targets/*.rs do diff --git a/projects/linkerd2-proxy/build.sh b/projects/linkerd2-proxy/build.sh index 3a1a4cc457f2..838d51c2fc64 100755 --- a/projects/linkerd2-proxy/build.sh +++ b/projects/linkerd2-proxy/build.sh @@ -23,7 +23,7 @@ then export CFLAGS="" fi -BUILD_FUZZER="cargo +nightly-2023-12-28 fuzz build " +BUILD_FUZZER="cargo +nightly fuzz build " TARGET_PATH="./fuzz/target/x86_64-unknown-linux-gnu/release" BASE="$SRC/linkerd2-proxy/linkerd" diff --git a/projects/naga/build.sh b/projects/naga/build.sh index b7d68cacf9e2..aa3d7f7b4321 100755 --- a/projects/naga/build.sh +++ b/projects/naga/build.sh @@ -15,7 +15,7 @@ # ################################################################################ -cargo +nightly-2023-12-28 fuzz build -O +cargo +nightly fuzz build -O fuzz_release=$SRC/wgpu/target/x86_64-unknown-linux-gnu/release cp $fuzz_release/spv_parser $OUT/ cp $fuzz_release/wgsl_parser $OUT/ diff --git a/projects/opendal/build.sh b/projects/opendal/build.sh index b915530efd1e..365fcdae9b09 100644 --- a/projects/opendal/build.sh +++ b/projects/opendal/build.sh @@ -15,7 +15,7 @@ # build fuzz targets cd $SRC/opendal/core -cargo +nightly-2023-12-28 fuzz build -O --debug-assertions +cargo +nightly fuzz build -O --debug-assertions # copy fuzz targets to $OUT targets=( From 497dbc712c53791186db8d3894b6c4ba7568cc0e Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Mon, 18 Mar 2024 13:57:53 +0100 Subject: [PATCH 16/66] infra: Fix python for libfuzzer-18 --- infra/base-images/base-builder/install_python.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/base-images/base-builder/install_python.sh b/infra/base-images/base-builder/install_python.sh index 1246c46c6211..d67097bb562f 100755 --- a/infra/base-images/base-builder/install_python.sh +++ b/infra/base-images/base-builder/install_python.sh @@ -19,5 +19,5 @@ echo "ATHERIS INSTALL" unset CFLAGS CXXFLAGS # PYI_STATIC_ZLIB=1 is needed for installing pyinstaller 5.0 export PYI_STATIC_ZLIB=1 -LIBFUZZER_LIB=/usr/local/lib/clang/17.0.0/lib/x86_64-unknown-linux-gnu/libclang_rt.fuzzer.a pip3 install -v --no-cache-dir "atheris>=2.1.1" "pyinstaller==5.0.1" "coverage==6.3.2" +LIBFUZZER_LIB=/usr/local/lib/clang/*/lib/x86_64-unknown-linux-gnu/libclang_rt.fuzzer.a pip3 install -v --no-cache-dir "atheris>=2.1.1" "pyinstaller==5.0.1" "coverage==6.3.2" rm -rf /tmp/* From 1a37f773e3a393df0dc2200f73a5085fdd99b253 Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Mon, 18 Mar 2024 14:42:12 +0100 Subject: [PATCH 17/66] infra: echo --- infra/base-images/base-builder/install_python.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/base-images/base-builder/install_python.sh b/infra/base-images/base-builder/install_python.sh index d67097bb562f..520f85be78ab 100755 --- a/infra/base-images/base-builder/install_python.sh +++ b/infra/base-images/base-builder/install_python.sh @@ -19,5 +19,5 @@ echo "ATHERIS INSTALL" unset CFLAGS CXXFLAGS # PYI_STATIC_ZLIB=1 is needed for installing pyinstaller 5.0 export PYI_STATIC_ZLIB=1 -LIBFUZZER_LIB=/usr/local/lib/clang/*/lib/x86_64-unknown-linux-gnu/libclang_rt.fuzzer.a pip3 install -v --no-cache-dir "atheris>=2.1.1" "pyinstaller==5.0.1" "coverage==6.3.2" +LIBFUZZER_LIB=$( echo /usr/local/lib/clang/*/lib/x86_64-unknown-linux-gnu/libclang_rt.fuzzer.a ) pip3 install -v --no-cache-dir "atheris>=2.1.1" "pyinstaller==5.0.1" "coverage==6.3.2" rm -rf /tmp/* From 6560eff6be67289338bac010c49a54c3632c088b Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Mon, 18 Mar 2024 15:15:09 +0100 Subject: [PATCH 18/66] infra: * works locally, no idea why it does not on GHA --- infra/base-images/base-builder/install_python.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/base-images/base-builder/install_python.sh b/infra/base-images/base-builder/install_python.sh index 520f85be78ab..6c15a3d01c97 100755 --- a/infra/base-images/base-builder/install_python.sh +++ b/infra/base-images/base-builder/install_python.sh @@ -19,5 +19,5 @@ echo "ATHERIS INSTALL" unset CFLAGS CXXFLAGS # PYI_STATIC_ZLIB=1 is needed for installing pyinstaller 5.0 export PYI_STATIC_ZLIB=1 -LIBFUZZER_LIB=$( echo /usr/local/lib/clang/*/lib/x86_64-unknown-linux-gnu/libclang_rt.fuzzer.a ) pip3 install -v --no-cache-dir "atheris>=2.1.1" "pyinstaller==5.0.1" "coverage==6.3.2" +LIBFUZZER_LIB=/usr/local/lib/clang/18/lib/x86_64-unknown-linux-gnu/libclang_rt.fuzzer.a pip3 install -v --no-cache-dir "atheris>=2.1.1" "pyinstaller==5.0.1" "coverage==6.3.2" rm -rf /tmp/* From 0371eb1354857621db9409d6c1a7cd3e67d637c1 Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Mon, 18 Mar 2024 15:37:41 +0100 Subject: [PATCH 19/66] Revert to 497dbc712c53791186db8d3894b6c4ba7568cc0e --- infra/base-images/base-builder/install_python.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/base-images/base-builder/install_python.sh b/infra/base-images/base-builder/install_python.sh index 6c15a3d01c97..d67097bb562f 100755 --- a/infra/base-images/base-builder/install_python.sh +++ b/infra/base-images/base-builder/install_python.sh @@ -19,5 +19,5 @@ echo "ATHERIS INSTALL" unset CFLAGS CXXFLAGS # PYI_STATIC_ZLIB=1 is needed for installing pyinstaller 5.0 export PYI_STATIC_ZLIB=1 -LIBFUZZER_LIB=/usr/local/lib/clang/18/lib/x86_64-unknown-linux-gnu/libclang_rt.fuzzer.a pip3 install -v --no-cache-dir "atheris>=2.1.1" "pyinstaller==5.0.1" "coverage==6.3.2" +LIBFUZZER_LIB=/usr/local/lib/clang/*/lib/x86_64-unknown-linux-gnu/libclang_rt.fuzzer.a pip3 install -v --no-cache-dir "atheris>=2.1.1" "pyinstaller==5.0.1" "coverage==6.3.2" rm -rf /tmp/* From e8dece575ad6e61cf14552efe80783f1bb55eb18 Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Mon, 18 Mar 2024 14:42:12 +0100 Subject: [PATCH 20/66] infra: echo --- infra/base-images/base-builder/install_python.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/base-images/base-builder/install_python.sh b/infra/base-images/base-builder/install_python.sh index d67097bb562f..520f85be78ab 100755 --- a/infra/base-images/base-builder/install_python.sh +++ b/infra/base-images/base-builder/install_python.sh @@ -19,5 +19,5 @@ echo "ATHERIS INSTALL" unset CFLAGS CXXFLAGS # PYI_STATIC_ZLIB=1 is needed for installing pyinstaller 5.0 export PYI_STATIC_ZLIB=1 -LIBFUZZER_LIB=/usr/local/lib/clang/*/lib/x86_64-unknown-linux-gnu/libclang_rt.fuzzer.a pip3 install -v --no-cache-dir "atheris>=2.1.1" "pyinstaller==5.0.1" "coverage==6.3.2" +LIBFUZZER_LIB=$( echo /usr/local/lib/clang/*/lib/x86_64-unknown-linux-gnu/libclang_rt.fuzzer.a ) pip3 install -v --no-cache-dir "atheris>=2.1.1" "pyinstaller==5.0.1" "coverage==6.3.2" rm -rf /tmp/* From 1b5c0a992db1e2c0d5877d8ce3bf8e7a8a856be4 Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Tue, 19 Mar 2024 10:49:05 +0100 Subject: [PATCH 21/66] compiler-rt --- infra/base-images/base-clang/checkout_build_install_llvm.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/infra/base-images/base-clang/checkout_build_install_llvm.sh b/infra/base-images/base-clang/checkout_build_install_llvm.sh index cdde6f23f95d..34067a132f56 100755 --- a/infra/base-images/base-clang/checkout_build_install_llvm.sh +++ b/infra/base-images/base-clang/checkout_build_install_llvm.sh @@ -91,7 +91,7 @@ function clone_with_retries { } clone_with_retries https://github.com/llvm/llvm-project.git $LLVM_SRC -PROJECTS_TO_BUILD="compiler-rt;clang;lld" +PROJECTS_TO_BUILD="clang;lld" function cmake_llvm { extra_args="$@" cmake -G "Ninja" \ @@ -99,7 +99,7 @@ function cmake_llvm { -DLIBCXX_ENABLE_STATIC_ABI_LIBRARY=ON \ -DLIBCXXABI_ENABLE_SHARED=OFF \ -DCMAKE_BUILD_TYPE=Release \ - -DLLVM_ENABLE_RUNTIMES="libcxx;libcxxabi" \ + -DLLVM_ENABLE_RUNTIMES="compiler-rt;libcxx;libcxxabi" \ -DLLVM_TARGETS_TO_BUILD="$TARGET_TO_BUILD" \ -DLLVM_ENABLE_PROJECTS="$PROJECTS_TO_BUILD" \ -DLLVM_BINUTILS_INCDIR="/usr/include/" \ From 67511e40950670bfca5cad16911dc0c7d510611c Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Tue, 19 Mar 2024 12:01:48 +0100 Subject: [PATCH 22/66] i386 --- infra/base-images/base-builder/compile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/infra/base-images/base-builder/compile b/infra/base-images/base-builder/compile index 0028d6c47949..80d161f4e7dd 100755 --- a/infra/base-images/base-builder/compile +++ b/infra/base-images/base-builder/compile @@ -71,8 +71,8 @@ fi if [[ $ARCHITECTURE == "i386" ]]; then export CFLAGS="-m32 $CFLAGS" - cp -R /usr/i386/lib/x86_64-unknown-linux-gnu/* /usr/local/lib - cp -R /usr/i386/include/x86_64-unknown-linux-gnu/* /usr/local/include + cp -R /usr/i386/lib/* /usr/local/lib + cp -R /usr/i386/include/* /usr/local/include fi # Don't use a fuzzing engine with Jazzer which has libFuzzer built-in or with From 5f4bc6d37f57a4747f8d2002ad1bb88fae254c6a Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Wed, 27 Mar 2024 11:10:09 +0100 Subject: [PATCH 23/66] fix python fuzzing (take 2) --- infra/base-images/base-builder/install_python.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/base-images/base-builder/install_python.sh b/infra/base-images/base-builder/install_python.sh index 520f85be78ab..ea50e7c44b92 100755 --- a/infra/base-images/base-builder/install_python.sh +++ b/infra/base-images/base-builder/install_python.sh @@ -19,5 +19,5 @@ echo "ATHERIS INSTALL" unset CFLAGS CXXFLAGS # PYI_STATIC_ZLIB=1 is needed for installing pyinstaller 5.0 export PYI_STATIC_ZLIB=1 -LIBFUZZER_LIB=$( echo /usr/local/lib/clang/*/lib/x86_64-unknown-linux-gnu/libclang_rt.fuzzer.a ) pip3 install -v --no-cache-dir "atheris>=2.1.1" "pyinstaller==5.0.1" "coverage==6.3.2" +LIBFUZZER_LIB=$( echo /usr/local/lib/clang/*/lib/x86_64-unknown-linux-gnu/libclang_rt.fuzzer_no_main.a ) pip3 install -v --no-cache-dir "atheris>=2.1.1" "pyinstaller==5.0.1" "coverage==6.3.2" rm -rf /tmp/* From a01baa690bbb3e8b5018d328d1f1561030527d76 Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Wed, 27 Mar 2024 22:33:12 +0100 Subject: [PATCH 24/66] Pin some failing projects to the current base image --- projects/arrow/Dockerfile | 2 +- projects/boost/Dockerfile | 2 +- projects/envoy/Dockerfile | 2 +- projects/leveldb/Dockerfile | 2 +- projects/qt/Dockerfile | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/projects/arrow/Dockerfile b/projects/arrow/Dockerfile index 5161c2849178..c0be4d2a7413 100644 --- a/projects/arrow/Dockerfile +++ b/projects/arrow/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e ENV DEBIAN_FRONTEND noninteractive RUN apt-get update -y -q && \ diff --git a/projects/boost/Dockerfile b/projects/boost/Dockerfile index aaad485ebe67..ef53b19cf05a 100644 --- a/projects/boost/Dockerfile +++ b/projects/boost/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y g++ python RUN git clone --recursive https://github.com/boostorg/boost.git diff --git a/projects/envoy/Dockerfile b/projects/envoy/Dockerfile index 2b0ec708aa7a..97aa6d5022ab 100644 --- a/projects/envoy/Dockerfile +++ b/projects/envoy/Dockerfile @@ -15,7 +15,7 @@ ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get -y install \ build-essential \ diff --git a/projects/leveldb/Dockerfile b/projects/leveldb/Dockerfile index 9526e19b3e1a..9d825fa40016 100644 --- a/projects/leveldb/Dockerfile +++ b/projects/leveldb/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y build-essential cmake gettext make RUN git clone --recurse-submodules https://github.com/google/leveldb.git diff --git a/projects/qt/Dockerfile b/projects/qt/Dockerfile index 70be968949b1..3d66fb89fcac 100644 --- a/projects/qt/Dockerfile +++ b/projects/qt/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y libssl-dev ninja-build libc6-dev:i386 From f136d02b6b188ed9925b82918b5e98cd233b811b Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Thu, 28 Mar 2024 14:27:34 +0100 Subject: [PATCH 25/66] pin more --- projects/tinyusb/Dockerfile | 2 +- projects/vulkan-loader/Dockerfile | 2 +- projects/wasmedge/Dockerfile | 2 +- projects/wpantund/Dockerfile | 2 +- projects/xnu/Dockerfile | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/projects/tinyusb/Dockerfile b/projects/tinyusb/Dockerfile index 1f2e7c00647f..ea89c10de043 100644 --- a/projects/tinyusb/Dockerfile +++ b/projects/tinyusb/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake libtool # TODO: Update this to use hathath instead of this fork. diff --git a/projects/vulkan-loader/Dockerfile b/projects/vulkan-loader/Dockerfile index 07ab8641a80d..9665e4510129 100644 --- a/projects/vulkan-loader/Dockerfile +++ b/projects/vulkan-loader/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && \ apt-get install -y \ build-essential \ diff --git a/projects/wasmedge/Dockerfile b/projects/wasmedge/Dockerfile index 7eb97b3a9040..e7273b30fb9f 100644 --- a/projects/wasmedge/Dockerfile +++ b/projects/wasmedge/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y \ software-properties-common \ diff --git a/projects/wpantund/Dockerfile b/projects/wpantund/Dockerfile index c4cbe7c686d7..7aa3e6244df7 100644 --- a/projects/wpantund/Dockerfile +++ b/projects/wpantund/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get -y update \ && DEBIAN_FRONTEND=noninteractive \ diff --git a/projects/xnu/Dockerfile b/projects/xnu/Dockerfile index ab69648a64fc..a6300920745a 100644 --- a/projects/xnu/Dockerfile +++ b/projects/xnu/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y \ autoconf \ From 9ac77b2a3ff59ed13ac7f230bd97396579e04762 Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Thu, 28 Mar 2024 15:43:04 +0100 Subject: [PATCH 26/66] Pin more --- projects/ampproject/Dockerfile | 2 +- projects/bitcoin-core/Dockerfile | 2 +- projects/boost-json/Dockerfile | 2 +- projects/flex/Dockerfile | 2 +- projects/freeimage/Dockerfile | 2 +- projects/gdk-pixbuf/Dockerfile | 2 +- projects/gnutls/Dockerfile | 2 +- projects/kimageformats/Dockerfile | 2 +- projects/knot-dns/Dockerfile | 2 +- projects/lame/Dockerfile | 2 +- projects/lldpd/Dockerfile | 2 +- projects/lwan/Dockerfile | 2 +- projects/monero/Dockerfile | 2 +- projects/msquic/Dockerfile | 2 +- projects/muduo/Dockerfile | 2 +- projects/nss/Dockerfile | 2 +- projects/ntopng/Dockerfile | 2 +- projects/numactl/Dockerfile | 2 +- projects/openssh/Dockerfile | 2 +- projects/osquery/Dockerfile | 2 +- projects/pcl/Dockerfile | 2 +- projects/plan9port/Dockerfile | 2 +- projects/poppler/Dockerfile | 2 +- projects/powerdns/Dockerfile | 2 +- projects/quantlib/Dockerfile | 2 +- projects/quiche/Dockerfile | 2 +- projects/readstat/Dockerfile | 2 +- projects/s2geometry/Dockerfile | 2 +- projects/samba/Dockerfile | 2 +- projects/solidity/Dockerfile | 2 +- projects/spicy/Dockerfile | 2 +- projects/tarantool/Dockerfile | 2 +- projects/tensorflow-serving/Dockerfile | 2 +- projects/thrift/Dockerfile | 2 +- 34 files changed, 34 insertions(+), 34 deletions(-) diff --git a/projects/ampproject/Dockerfile b/projects/ampproject/Dockerfile index 73fe7fd51527..6b48a9ba183b 100644 --- a/projects/ampproject/Dockerfile +++ b/projects/ampproject/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake libtool libomp-dev libgomp1 nodejs COPY build.sh *.diff $SRC/ diff --git a/projects/bitcoin-core/Dockerfile b/projects/bitcoin-core/Dockerfile index 334085a4b452..831256884417 100644 --- a/projects/bitcoin-core/Dockerfile +++ b/projects/bitcoin-core/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Packages taken from: # * https://github.com/bitcoin/bitcoin/blob/master/doc/build-unix.md#dependency-build-instructions diff --git a/projects/boost-json/Dockerfile b/projects/boost-json/Dockerfile index 27c48a8df1bb..33856a179e3a 100644 --- a/projects/boost-json/Dockerfile +++ b/projects/boost-json/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e #RUN apt-get update && apt-get install -y g++ RUN git clone --depth 1 --single-branch --branch master https://github.com/boostorg/boost.git diff --git a/projects/flex/Dockerfile b/projects/flex/Dockerfile index 5a3ca155330f..4fe5c47e09a4 100644 --- a/projects/flex/Dockerfile +++ b/projects/flex/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake libtool m4 \ gettext help2man bison autopoint \ lzip texinfo texlive flex diff --git a/projects/freeimage/Dockerfile b/projects/freeimage/Dockerfile index 3133e71a36a4..a55afb7f30a1 100644 --- a/projects/freeimage/Dockerfile +++ b/projects/freeimage/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake libtool wget RUN svn checkout https://svn.code.sf.net/p/freeimage/svn/ freeimage-svn WORKDIR $SRC/freeimage-svn/FreeImage/trunk/ diff --git a/projects/gdk-pixbuf/Dockerfile b/projects/gdk-pixbuf/Dockerfile index 27129ef486b6..e93ae2f20417 100644 --- a/projects/gdk-pixbuf/Dockerfile +++ b/projects/gdk-pixbuf/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y ffmpeg python3-pip gtk-doc-tools libffi-dev RUN pip3 install meson==0.55.3 ninja diff --git a/projects/gnutls/Dockerfile b/projects/gnutls/Dockerfile index 5721a9ad5cc5..faa7ac8bd973 100644 --- a/projects/gnutls/Dockerfile +++ b/projects/gnutls/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y \ make \ pkg-config \ diff --git a/projects/kimageformats/Dockerfile b/projects/kimageformats/Dockerfile index bcddf159b1b9..1e36c8982055 100644 --- a/projects/kimageformats/Dockerfile +++ b/projects/kimageformats/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install --yes cmake autoconf libtool pkg-config RUN git clone --depth 1 https://github.com/madler/zlib.git RUN git clone --depth 1 https://github.com/nih-at/libzip.git diff --git a/projects/knot-dns/Dockerfile b/projects/knot-dns/Dockerfile index c8fa8b8c1a1b..b00ec89d3fc4 100644 --- a/projects/knot-dns/Dockerfile +++ b/projects/knot-dns/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y \ autoconf \ autogen \ diff --git a/projects/lame/Dockerfile b/projects/lame/Dockerfile index 4e8cb4dad157..d8027fbfd006 100644 --- a/projects/lame/Dockerfile +++ b/projects/lame/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake libtool subversion pkg-config wget # ubuntu apt has not recent enough mpg123 diff --git a/projects/lldpd/Dockerfile b/projects/lldpd/Dockerfile index 088192562c3e..208c38b6e160 100644 --- a/projects/lldpd/Dockerfile +++ b/projects/lldpd/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y autoconf libtool-bin pkg-config RUN git clone --recursive https://github.com/lldpd/lldpd.git COPY build.sh $SRC/ diff --git a/projects/lwan/Dockerfile b/projects/lwan/Dockerfile index 2edaacd78812..045cc50ef92e 100644 --- a/projects/lwan/Dockerfile +++ b/projects/lwan/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update RUN apt-get install -y build-essential cmake git ninja-build zlib1g-dev diff --git a/projects/monero/Dockerfile b/projects/monero/Dockerfile index c4acb664a4b9..88ecd41fc7fe 100644 --- a/projects/monero/Dockerfile +++ b/projects/monero/Dockerfile @@ -17,7 +17,7 @@ # Multistage docker build, requires docker 17.05 # builder stage -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN set -ex && \ apt-get update && \ diff --git a/projects/msquic/Dockerfile b/projects/msquic/Dockerfile index ccfe429447c2..ed5255a90999 100644 --- a/projects/msquic/Dockerfile +++ b/projects/msquic/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e ADD https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb packages-microsoft-prod.deb RUN apt-get update && \ diff --git a/projects/muduo/Dockerfile b/projects/muduo/Dockerfile index dca00b590916..e9ca93ef8f7f 100644 --- a/projects/muduo/Dockerfile +++ b/projects/muduo/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make libboost-dev RUN git clone --depth 1 https://github.com/chenshuo/muduo WORKDIR muduo diff --git a/projects/nss/Dockerfile b/projects/nss/Dockerfile index 4b657e5ae2c1..6297a8a15c05 100644 --- a/projects/nss/Dockerfile +++ b/projects/nss/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make mercurial zlib1g-dev gyp ninja-build libssl-dev python RUN hg clone https://hg.mozilla.org/projects/nspr nspr diff --git a/projects/ntopng/Dockerfile b/projects/ntopng/Dockerfile index fe6eb10a914f..eba8aadbbbf3 100644 --- a/projects/ntopng/Dockerfile +++ b/projects/ntopng/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake libtool ninja-build \ liblzma-dev libzstd-dev pkg-config libglib2.0-dev groff libxml2-dev \ libcurl4-openssl-dev libsqlite3-dev flex bison diff --git a/projects/numactl/Dockerfile b/projects/numactl/Dockerfile index 69e32f3f2851..5fbc44ca67ac 100644 --- a/projects/numactl/Dockerfile +++ b/projects/numactl/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake libtool RUN git clone --depth 1 https://github.com/numactl/numactl numactl WORKDIR numactl diff --git a/projects/openssh/Dockerfile b/projects/openssh/Dockerfile index e2cf2577441b..ff3baf84bb16 100644 --- a/projects/openssh/Dockerfile +++ b/projects/openssh/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake libtool RUN apt-get install -y libz-dev libssl1.1 libssl-dev libedit-dev zip RUN git clone --depth 1 https://github.com/openssh/openssh-portable openssh diff --git a/projects/osquery/Dockerfile b/projects/osquery/Dockerfile index f01fa08c8a77..b086e0c3cdd5 100755 --- a/projects/osquery/Dockerfile +++ b/projects/osquery/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update RUN apt-get install -y --no-install-recommends python python3 bison flex make wget xz-utils libunwind-dev lsb-release build-essential libssl-dev diff --git a/projects/pcl/Dockerfile b/projects/pcl/Dockerfile index 740a3b350643..5c0af93cbf34 100644 --- a/projects/pcl/Dockerfile +++ b/projects/pcl/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make cmake autoconf \ automake libtool gettext pkg-config build-essential \ mercurial wget libeigen3-dev libflann-dev python python-dev diff --git a/projects/plan9port/Dockerfile b/projects/plan9port/Dockerfile index 1ea57a262fc9..c5658736aa59 100644 --- a/projects/plan9port/Dockerfile +++ b/projects/plan9port/Dockerfile @@ -15,7 +15,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake RUN git clone --depth 1 https://github.com/9fans/plan9port plan9port WORKDIR plan9port diff --git a/projects/poppler/Dockerfile b/projects/poppler/Dockerfile index 37140eeffe4e..2afa41c16a7a 100644 --- a/projects/poppler/Dockerfile +++ b/projects/poppler/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y wget autoconf automake libtool pkg-config gperf python RUN pip3 install meson ninja gyp-next diff --git a/projects/powerdns/Dockerfile b/projects/powerdns/Dockerfile index 236294c05dd1..e879b31e780d 100644 --- a/projects/powerdns/Dockerfile +++ b/projects/powerdns/Dockerfile @@ -15,7 +15,7 @@ ################################################################################ # base image with clang toolchain -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # maintainer for this file diff --git a/projects/quantlib/Dockerfile b/projects/quantlib/Dockerfile index 6f99760edb12..7f29efce7315 100644 --- a/projects/quantlib/Dockerfile +++ b/projects/quantlib/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y cmake ninja-build libboost-dev RUN git clone --depth 1 https://github.com/lballabio/QuantLib.git quantlib WORKDIR quantlib diff --git a/projects/quiche/Dockerfile b/projects/quiche/Dockerfile index a4e2f474b719..e50521cf82d8 100644 --- a/projects/quiche/Dockerfile +++ b/projects/quiche/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y zlib1g-dev libicu-dev RUN git clone --depth 1 https://github.com/google/quiche diff --git a/projects/readstat/Dockerfile b/projects/readstat/Dockerfile index d68a1aebe6a2..07847fb8d4be 100644 --- a/projects/readstat/Dockerfile +++ b/projects/readstat/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake gettext libtool zip zlib1g-dev RUN git clone --depth 1 https://github.com/WizardMac/ReadStat readstat diff --git a/projects/s2geometry/Dockerfile b/projects/s2geometry/Dockerfile index f8a58d2dee46..25dd0848c4e6 100644 --- a/projects/s2geometry/Dockerfile +++ b/projects/s2geometry/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && \ apt-get -y install \ libgflags-dev \ diff --git a/projects/samba/Dockerfile b/projects/samba/Dockerfile index 3d3ee35adaf3..ed3bb5567330 100644 --- a/projects/samba/Dockerfile +++ b/projects/samba/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN git clone https://gitlab.com/samba-team/samba samba RUN samba/lib/fuzzing/oss-fuzz/build_image.sh diff --git a/projects/solidity/Dockerfile b/projects/solidity/Dockerfile index 2932992d9325..da0427309d40 100644 --- a/projects/solidity/Dockerfile +++ b/projects/solidity/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake libtool \ build-essential libbz2-dev ninja-build zlib1g-dev wget python python-dev \ liblzma-dev uuid-dev pkg-config openjdk-8-jdk unzip mlton bison texinfo diff --git a/projects/spicy/Dockerfile b/projects/spicy/Dockerfile index f3208a95cb82..ed3a4215a068 100644 --- a/projects/spicy/Dockerfile +++ b/projects/spicy/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e SHELL ["/bin/bash", "-o", "pipefail", "-c"] ENV DEBIAN_FRONTEND=noninteractive diff --git a/projects/tarantool/Dockerfile b/projects/tarantool/Dockerfile index 63fead4d32b3..baabf73c48c2 100644 --- a/projects/tarantool/Dockerfile +++ b/projects/tarantool/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y \ build-essential cmake make coreutils sed lld \ autoconf automake libtool zlib1g-dev \ diff --git a/projects/tensorflow-serving/Dockerfile b/projects/tensorflow-serving/Dockerfile index cb64f4698e44..eb7ef6e8d681 100644 --- a/projects/tensorflow-serving/Dockerfile +++ b/projects/tensorflow-serving/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake libtool default-jdk bison m4 \ build-essential\ curl \ diff --git a/projects/thrift/Dockerfile b/projects/thrift/Dockerfile index f6694170045a..f0ee82fe4a55 100644 --- a/projects/thrift/Dockerfile +++ b/projects/thrift/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # We use compile_go_fuzzer in this set up and also go itself FROM gcr.io/oss-fuzz-base/base-builder-go From a51f59bb1f586b886ab10aa1c6b6c0c98ef707b0 Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Fri, 29 Mar 2024 15:39:56 +0100 Subject: [PATCH 27/66] Pin projects with pending upstream fixes --- projects/clib/Dockerfile | 2 +- projects/fluent-bit/Dockerfile | 2 +- projects/irssi/Dockerfile | 2 +- projects/liblouis/Dockerfile | 2 +- projects/open62541/Dockerfile | 2 +- projects/tensorflow/Dockerfile | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/projects/clib/Dockerfile b/projects/clib/Dockerfile index 275657a8134b..3a6ed243caf1 100644 --- a/projects/clib/Dockerfile +++ b/projects/clib/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make cmake libcurl4-gnutls-dev -qq RUN git clone --depth 1 https://github.com/clibs/clib WORKDIR $SRC/ diff --git a/projects/fluent-bit/Dockerfile b/projects/fluent-bit/Dockerfile index 9c9d0e637355..e2e39aaf57b7 100755 --- a/projects/fluent-bit/Dockerfile +++ b/projects/fluent-bit/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make cmake flex bison libssl-dev libyaml-dev RUN git clone --depth 1 https://github.com/fluent/fluent-bit/ fluent-bit diff --git a/projects/irssi/Dockerfile b/projects/irssi/Dockerfile index 5ec650f626e2..64b1bfd9766d 100644 --- a/projects/irssi/Dockerfile +++ b/projects/irssi/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y pkg-config libncurses5-dev libssl-dev python3-pip RUN pip3 install -U meson ninja RUN git clone https://github.com/irssi/irssi diff --git a/projects/liblouis/Dockerfile b/projects/liblouis/Dockerfile index 2d6649e44378..3df88280d311 100644 --- a/projects/liblouis/Dockerfile +++ b/projects/liblouis/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake libtool \ pkg-config zlib1g-dev libpci-dev RUN git clone --depth 1 https://github.com/liblouis/liblouis diff --git a/projects/open62541/Dockerfile b/projects/open62541/Dockerfile index 12c1e1f86d7d..5bd8ac8529d7 100644 --- a/projects/open62541/Dockerfile +++ b/projects/open62541/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make cmake python-six wget # We need libmbedtls > 2.5.1 otherwise it does not include the lib for static linking RUN wget https://open62541.org/libmbedtls/libmbedtls-dev_2.6.0-1_amd64.deb && \ diff --git a/projects/tensorflow/Dockerfile b/projects/tensorflow/Dockerfile index 648496dcc8d2..42bc08d1e724 100644 --- a/projects/tensorflow/Dockerfile +++ b/projects/tensorflow/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y --no-install-recommends \ curl \ From cb50b3ac458cd2be9859f428cc4e5b48e097c3df Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Fri, 29 Mar 2024 15:51:35 +0100 Subject: [PATCH 28/66] Pin rust projects --- projects/rust-lexical/Dockerfile | 4 ++-- projects/tungstenite-rs/Dockerfile | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/projects/rust-lexical/Dockerfile b/projects/rust-lexical/Dockerfile index 696f6f5d7c02..24e452af17fb 100644 --- a/projects/rust-lexical/Dockerfile +++ b/projects/rust-lexical/Dockerfile @@ -13,9 +13,9 @@ # limitations under the License. # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust as builder +FROM gcr.io/oss-fuzz-base/base-builder-rust@sha256:c5216a9896a598dced7ce6708bb3226e443473f567045b4f282595776cc641f1 as builder ## Install build dependencies. RUN apt-get update RUN git clone --depth 1 https://github.com/Alexhuszagh/rust-lexical -COPY build.sh $SRC/ \ No newline at end of file +COPY build.sh $SRC/ diff --git a/projects/tungstenite-rs/Dockerfile b/projects/tungstenite-rs/Dockerfile index a05938675502..92384cc1b956 100644 --- a/projects/tungstenite-rs/Dockerfile +++ b/projects/tungstenite-rs/Dockerfile @@ -13,8 +13,8 @@ # limitations under the License. # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust +FROM gcr.io/oss-fuzz-base/base-builder-rust@sha256:c5216a9896a598dced7ce6708bb3226e443473f567045b4f282595776cc641f1 ## Install build dependencies. RUN git clone --depth 1 https://github.com/snapview/tungstenite-rs.git -COPY build.sh $SRC/ \ No newline at end of file +COPY build.sh $SRC/ From 1431b4283d9487e0157148eed9ad69e2b221cb3f Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Fri, 29 Mar 2024 15:57:22 +0100 Subject: [PATCH 29/66] Pin python projects --- projects/pygments/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/pygments/Dockerfile b/projects/pygments/Dockerfile index 9b544249dfed..4ef357f6d7e6 100644 --- a/projects/pygments/Dockerfile +++ b/projects/pygments/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-python +FROM gcr.io/oss-fuzz-base/base-builder-python@sha256:0a1e30a23f64bd6ef855089bf5091343af81f6f17f1954e00c5cab4264c80d01 RUN git clone \ --depth 1 \ From 68ac6c713f21f471ce4bca050182b1a1c25561ae Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Fri, 29 Mar 2024 16:00:38 +0100 Subject: [PATCH 30/66] Revert "Pin python projects" This reverts commit 1431b4283d9487e0157148eed9ad69e2b221cb3f. --- projects/pygments/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/pygments/Dockerfile b/projects/pygments/Dockerfile index 4ef357f6d7e6..9b544249dfed 100644 --- a/projects/pygments/Dockerfile +++ b/projects/pygments/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-python@sha256:0a1e30a23f64bd6ef855089bf5091343af81f6f17f1954e00c5cab4264c80d01 +FROM gcr.io/oss-fuzz-base/base-builder-python RUN git clone \ --depth 1 \ From 31053b80a1c763a14c2bc6ac53a429c46704b5b0 Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Fri, 29 Mar 2024 16:02:55 +0100 Subject: [PATCH 31/66] Pin ffmpeg --- projects/ffmpeg/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/ffmpeg/Dockerfile b/projects/ffmpeg/Dockerfile index f5fcfe2df3a4..f81f0f4d0a7d 100644 --- a/projects/ffmpeg/Dockerfile +++ b/projects/ffmpeg/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf libtool build-essential \ libass-dev:i386 libfreetype6-dev:i386 \ libvdpau-dev:i386 libxcb1-dev:i386 libxcb-shm0-dev:i386 libdrm-dev:i386 \ From 7add7042a90bcb2d2ab807053abdcbf962f63c99 Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Fri, 29 Mar 2024 16:50:20 +0100 Subject: [PATCH 32/66] infra: Set -Wno-error=implicit-function-declaration -Wno-error=implicit-int --- infra/base-images/base-clang/Dockerfile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/infra/base-images/base-clang/Dockerfile b/infra/base-images/base-clang/Dockerfile index 4b86c5ed2eab..291d085c4559 100644 --- a/infra/base-images/base-clang/Dockerfile +++ b/infra/base-images/base-clang/Dockerfile @@ -55,6 +55,10 @@ ENV CCC "clang++" # FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is described at # https://llvm.org/docs/LibFuzzer.html#fuzzer-friendly-build-mode -ENV CFLAGS "-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" +# The implicit-function-declaration and implicit-int errors are downgraded to a +# warning, to allow compiling legacy code. +# See https://releases.llvm.org/16.0.0/tools/clang/docs/ReleaseNotes.html#potentially-breaking-changes + +ENV CFLAGS "-O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=implicit-function-declaration -Wno-error=implicit-int -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" ENV CXXFLAGS_EXTRA "-stdlib=libc++" ENV CXXFLAGS "$CFLAGS $CXXFLAGS_EXTRA" From a8f0448acbc3667638ed79fa126813272b692f63 Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Fri, 29 Mar 2024 17:15:44 +0100 Subject: [PATCH 33/66] unlock projects again --- projects/clib/Dockerfile | 2 +- projects/flex/Dockerfile | 2 +- projects/fluent-bit/Dockerfile | 2 +- projects/irssi/Dockerfile | 2 +- projects/lame/Dockerfile | 2 +- projects/liblouis/Dockerfile | 2 +- projects/open62541/Dockerfile | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/projects/clib/Dockerfile b/projects/clib/Dockerfile index 3a6ed243caf1..275657a8134b 100644 --- a/projects/clib/Dockerfile +++ b/projects/clib/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make cmake libcurl4-gnutls-dev -qq RUN git clone --depth 1 https://github.com/clibs/clib WORKDIR $SRC/ diff --git a/projects/flex/Dockerfile b/projects/flex/Dockerfile index 4fe5c47e09a4..5a3ca155330f 100644 --- a/projects/flex/Dockerfile +++ b/projects/flex/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool m4 \ gettext help2man bison autopoint \ lzip texinfo texlive flex diff --git a/projects/fluent-bit/Dockerfile b/projects/fluent-bit/Dockerfile index e2e39aaf57b7..9c9d0e637355 100755 --- a/projects/fluent-bit/Dockerfile +++ b/projects/fluent-bit/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make cmake flex bison libssl-dev libyaml-dev RUN git clone --depth 1 https://github.com/fluent/fluent-bit/ fluent-bit diff --git a/projects/irssi/Dockerfile b/projects/irssi/Dockerfile index 64b1bfd9766d..5ec650f626e2 100644 --- a/projects/irssi/Dockerfile +++ b/projects/irssi/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y pkg-config libncurses5-dev libssl-dev python3-pip RUN pip3 install -U meson ninja RUN git clone https://github.com/irssi/irssi diff --git a/projects/lame/Dockerfile b/projects/lame/Dockerfile index d8027fbfd006..4e8cb4dad157 100644 --- a/projects/lame/Dockerfile +++ b/projects/lame/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool subversion pkg-config wget # ubuntu apt has not recent enough mpg123 diff --git a/projects/liblouis/Dockerfile b/projects/liblouis/Dockerfile index 3df88280d311..2d6649e44378 100644 --- a/projects/liblouis/Dockerfile +++ b/projects/liblouis/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool \ pkg-config zlib1g-dev libpci-dev RUN git clone --depth 1 https://github.com/liblouis/liblouis diff --git a/projects/open62541/Dockerfile b/projects/open62541/Dockerfile index 5bd8ac8529d7..12c1e1f86d7d 100644 --- a/projects/open62541/Dockerfile +++ b/projects/open62541/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make cmake python-six wget # We need libmbedtls > 2.5.1 otherwise it does not include the lib for static linking RUN wget https://open62541.org/libmbedtls/libmbedtls-dev_2.6.0-1_amd64.deb && \ From b0b3c5cc4daf8272eecfc2df869c3a1118a70d43 Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Fri, 29 Mar 2024 18:40:03 +0100 Subject: [PATCH 34/66] unlock more projects --- projects/envoy/Dockerfile | 2 +- projects/lldpd/Dockerfile | 2 +- projects/lwan/Dockerfile | 2 +- projects/ntopng/Dockerfile | 2 +- projects/numactl/Dockerfile | 2 +- projects/openssh/Dockerfile | 2 +- projects/plan9port/Dockerfile | 2 +- projects/qt/Dockerfile | 2 +- projects/vulkan-loader/Dockerfile | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/projects/envoy/Dockerfile b/projects/envoy/Dockerfile index 97aa6d5022ab..2b0ec708aa7a 100644 --- a/projects/envoy/Dockerfile +++ b/projects/envoy/Dockerfile @@ -15,7 +15,7 @@ ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get -y install \ build-essential \ diff --git a/projects/lldpd/Dockerfile b/projects/lldpd/Dockerfile index 208c38b6e160..088192562c3e 100644 --- a/projects/lldpd/Dockerfile +++ b/projects/lldpd/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y autoconf libtool-bin pkg-config RUN git clone --recursive https://github.com/lldpd/lldpd.git COPY build.sh $SRC/ diff --git a/projects/lwan/Dockerfile b/projects/lwan/Dockerfile index 045cc50ef92e..2edaacd78812 100644 --- a/projects/lwan/Dockerfile +++ b/projects/lwan/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update RUN apt-get install -y build-essential cmake git ninja-build zlib1g-dev diff --git a/projects/ntopng/Dockerfile b/projects/ntopng/Dockerfile index 42758801511c..f53d54fd1729 100644 --- a/projects/ntopng/Dockerfile +++ b/projects/ntopng/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool ninja-build \ liblzma-dev libzstd-dev pkg-config libglib2.0-dev groff libxml2-dev \ libcurl4-openssl-dev libsqlite3-dev flex bison diff --git a/projects/numactl/Dockerfile b/projects/numactl/Dockerfile index 5fbc44ca67ac..69e32f3f2851 100644 --- a/projects/numactl/Dockerfile +++ b/projects/numactl/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool RUN git clone --depth 1 https://github.com/numactl/numactl numactl WORKDIR numactl diff --git a/projects/openssh/Dockerfile b/projects/openssh/Dockerfile index ff3baf84bb16..e2cf2577441b 100644 --- a/projects/openssh/Dockerfile +++ b/projects/openssh/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool RUN apt-get install -y libz-dev libssl1.1 libssl-dev libedit-dev zip RUN git clone --depth 1 https://github.com/openssh/openssh-portable openssh diff --git a/projects/plan9port/Dockerfile b/projects/plan9port/Dockerfile index c5658736aa59..1ea57a262fc9 100644 --- a/projects/plan9port/Dockerfile +++ b/projects/plan9port/Dockerfile @@ -15,7 +15,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake RUN git clone --depth 1 https://github.com/9fans/plan9port plan9port WORKDIR plan9port diff --git a/projects/qt/Dockerfile b/projects/qt/Dockerfile index 3d66fb89fcac..70be968949b1 100644 --- a/projects/qt/Dockerfile +++ b/projects/qt/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y libssl-dev ninja-build libc6-dev:i386 diff --git a/projects/vulkan-loader/Dockerfile b/projects/vulkan-loader/Dockerfile index 9665e4510129..07ab8641a80d 100644 --- a/projects/vulkan-loader/Dockerfile +++ b/projects/vulkan-loader/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && \ apt-get install -y \ build-essential \ From 4b102bb7b2b1999424f4234c4818710e4abd966e Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Fri, 29 Mar 2024 19:49:14 +0100 Subject: [PATCH 35/66] infra: vla-cxx-extension --- infra/base-images/base-clang/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/infra/base-images/base-clang/Dockerfile b/infra/base-images/base-clang/Dockerfile index 291d085c4559..dd3089df9654 100644 --- a/infra/base-images/base-clang/Dockerfile +++ b/infra/base-images/base-clang/Dockerfile @@ -58,7 +58,8 @@ ENV CCC "clang++" # The implicit-function-declaration and implicit-int errors are downgraded to a # warning, to allow compiling legacy code. # See https://releases.llvm.org/16.0.0/tools/clang/docs/ReleaseNotes.html#potentially-breaking-changes +# Same for vla-cxx-extension -ENV CFLAGS "-O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=implicit-function-declaration -Wno-error=implicit-int -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" +ENV CFLAGS "-O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=vla-cxx-extension -Wno-error=implicit-function-declaration -Wno-error=implicit-int -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" ENV CXXFLAGS_EXTRA "-stdlib=libc++" ENV CXXFLAGS "$CFLAGS $CXXFLAGS_EXTRA" From e80d234450af7609f6539ecf288e459a702ff35a Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Fri, 29 Mar 2024 20:11:51 +0100 Subject: [PATCH 36/66] unlock vla projects --- projects/muduo/Dockerfile | 2 +- projects/nss/Dockerfile | 2 +- projects/tarantool/Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/projects/muduo/Dockerfile b/projects/muduo/Dockerfile index e9ca93ef8f7f..dca00b590916 100644 --- a/projects/muduo/Dockerfile +++ b/projects/muduo/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make libboost-dev RUN git clone --depth 1 https://github.com/chenshuo/muduo WORKDIR muduo diff --git a/projects/nss/Dockerfile b/projects/nss/Dockerfile index 6297a8a15c05..4b657e5ae2c1 100644 --- a/projects/nss/Dockerfile +++ b/projects/nss/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make mercurial zlib1g-dev gyp ninja-build libssl-dev python RUN hg clone https://hg.mozilla.org/projects/nspr nspr diff --git a/projects/tarantool/Dockerfile b/projects/tarantool/Dockerfile index baabf73c48c2..63fead4d32b3 100644 --- a/projects/tarantool/Dockerfile +++ b/projects/tarantool/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y \ build-essential cmake make coreutils sed lld \ autoconf automake libtool zlib1g-dev \ From 77418cd102c1cfc295d76b3a7f5166619328c2d2 Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Sat, 30 Mar 2024 09:31:08 +0100 Subject: [PATCH 37/66] deprecated-declarations --- infra/base-images/base-clang/Dockerfile | 4 ++-- projects/quantlib/Dockerfile | 2 +- projects/solidity/Dockerfile | 2 +- projects/wasmedge/Dockerfile | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/infra/base-images/base-clang/Dockerfile b/infra/base-images/base-clang/Dockerfile index dd3089df9654..42a376193f5f 100644 --- a/infra/base-images/base-clang/Dockerfile +++ b/infra/base-images/base-clang/Dockerfile @@ -58,8 +58,8 @@ ENV CCC "clang++" # The implicit-function-declaration and implicit-int errors are downgraded to a # warning, to allow compiling legacy code. # See https://releases.llvm.org/16.0.0/tools/clang/docs/ReleaseNotes.html#potentially-breaking-changes -# Same for vla-cxx-extension +# Same for vla-cxx-extension, deprecated-declarations -ENV CFLAGS "-O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=vla-cxx-extension -Wno-error=implicit-function-declaration -Wno-error=implicit-int -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" +ENV CFLAGS "-O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=deprecated-declarations -Wno-error=vla-cxx-extension -Wno-error=implicit-function-declaration -Wno-error=implicit-int -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" ENV CXXFLAGS_EXTRA "-stdlib=libc++" ENV CXXFLAGS "$CFLAGS $CXXFLAGS_EXTRA" diff --git a/projects/quantlib/Dockerfile b/projects/quantlib/Dockerfile index 7f29efce7315..6f99760edb12 100644 --- a/projects/quantlib/Dockerfile +++ b/projects/quantlib/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y cmake ninja-build libboost-dev RUN git clone --depth 1 https://github.com/lballabio/QuantLib.git quantlib WORKDIR quantlib diff --git a/projects/solidity/Dockerfile b/projects/solidity/Dockerfile index da0427309d40..2932992d9325 100644 --- a/projects/solidity/Dockerfile +++ b/projects/solidity/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool \ build-essential libbz2-dev ninja-build zlib1g-dev wget python python-dev \ liblzma-dev uuid-dev pkg-config openjdk-8-jdk unzip mlton bison texinfo diff --git a/projects/wasmedge/Dockerfile b/projects/wasmedge/Dockerfile index e7273b30fb9f..7eb97b3a9040 100644 --- a/projects/wasmedge/Dockerfile +++ b/projects/wasmedge/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y \ software-properties-common \ From c243fda8d20ecde1c71a8afc232480bc12d48e4f Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Sat, 30 Mar 2024 10:29:15 +0100 Subject: [PATCH 38/66] re-pin still failing projects --- projects/quantlib/Dockerfile | 2 +- projects/solidity/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/projects/quantlib/Dockerfile b/projects/quantlib/Dockerfile index 6f99760edb12..7f29efce7315 100644 --- a/projects/quantlib/Dockerfile +++ b/projects/quantlib/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y cmake ninja-build libboost-dev RUN git clone --depth 1 https://github.com/lballabio/QuantLib.git quantlib WORKDIR quantlib diff --git a/projects/solidity/Dockerfile b/projects/solidity/Dockerfile index 2932992d9325..da0427309d40 100644 --- a/projects/solidity/Dockerfile +++ b/projects/solidity/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake libtool \ build-essential libbz2-dev ninja-build zlib1g-dev wget python python-dev \ liblzma-dev uuid-dev pkg-config openjdk-8-jdk unzip mlton bison texinfo From 83510f63f0a50331c6c5fb741765d0c624f5c57c Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Tue, 2 Apr 2024 12:22:41 +0200 Subject: [PATCH 39/66] pin libavif --- projects/libavif/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/libavif/Dockerfile b/projects/libavif/Dockerfile index c1d918b70e5a..adf458009575 100644 --- a/projects/libavif/Dockerfile +++ b/projects/libavif/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && \ apt-get install --no-install-recommends -y curl python3-pip python3-setuptools python3-wheel cmake git nasm && \ pip3 install meson ninja From 3900a293b71473fbc6c46b20e63ba8080abcc872 Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Tue, 2 Apr 2024 13:15:53 +0200 Subject: [PATCH 40/66] Pin projects due to ubsan function sanitizer Script used: echo "{'bearssl': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-3815c669-5a8c-449d-a92e-144e7e8e883a.txt', 'cairo': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-1b394519-7a63-47f0-b8be-ac045e46b363.txt', 'cpuinfo': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-ccdf9b99-2b48-494d-b716-ec54777698be.txt', 'cpython3': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-e2753a9c-b63d-49f9-9dfd-316c3646efcc.txt', 'cryptsetup': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-e182ae09-9833-4c60-b035-19c22c202e27.txt', 'curl': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-a392ed1b-34a1-42d2-8aae-ab5b959cb5c3.txt', 'dropbear': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-0402c0e3-ed52-40c1-b3e0-d72e7cd2278a.txt', 'fluent-bit': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-cba2f4cb-9717-41cd-af8b-470e404e56a6.txt', 'frr': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-b40f9ec0-020e-4b72-a3c2-84be311aeb89.txt', 'glib': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-a76134d4-8155-4568-aee6-2bec4d4f1466.txt', 'gpac': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-569f761e-7969-4bdf-8dea-c1ec6a0146b1.txt', 'gstreamer': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-e872285e-7724-4c1e-a40b-977d31cb7737.txt', 'hdf5': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-265560b7-a6ad-49d8-bda2-2a254d3636a1.txt', 'igraph': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-44a5e01a-247d-4e0f-afe6-612ae0ebee6e.txt', 'immer': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-198f6b6a-fe05-4b6c-ba4b-46315bb2bbcd.txt', 'irssi': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-e2d2480c-4e1b-4f25-bcc8-8a749de55171.txt', 'libavif': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-e51e10cb-03ab-4672-b33b-d8e224d951ee.txt', 'libfido2': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-1fd0add0-32d1-415f-b02f-ff17876f31bc.txt', 'libidn': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-e7691127-1369-4f71-8790-d9009197dc2d.txt', 'libidn2': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-05d96571-d1a1-420d-9b9c-6445233079a3.txt', 'libspectre': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-a1bca425-733b-423a-be6e-8ae2824b6d43.txt', 'libtpms': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-8983ae1a-700e-4a16-9d99-b30c1243f47a.txt', 'mercurial': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-345f774f-c80d-4132-a499-6f92552676f0.txt', 'nss': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-5929fa86-73cb-4d76-968e-bebc7ccbe4c6.txt', 'open62541': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-1953d5b3-3f7e-49e4-86b7-59322535d980.txt', 'ostree': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-5ef98ae2-6b5a-4f44-87fd-98fda2d3d109.txt', 'python3-libraries': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-9ced5789-ac45-4825-aa47-396bbaf99bdb.txt', 'rauc': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-f59923ed-6c8f-4c0a-93b2-9f52a1bd0016.txt', 'relic': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-96004083-bded-4bd0-91b8-dd99f4da4a55.txt', 'rtpproxy': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-c7132f6b-202a-459b-8bb1-a9709a06eea4.txt', 'sqlite3': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-aa5235c5-1eb6-4470-a1b4-2df7574848dd.txt', 'strongswan': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-ba3e20ad-756a-4d48-b62a-c28fcad25c02.txt', 'tarantool': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-31be12ac-64ce-4e21-9a15-f55b9cf5484a.txt', 'vulnerable-project': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-5ed7ebe3-994c-462d-90ac-0c2454d2777a.txt', 'wireshark': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-1827fa8b-10a4-458c-b72f-4b795c6de077.txt', 'wuffs': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-5aed25c4-0eb5-484d-93fb-7c7a75a18e34.txt', 'xnnpack': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-5e8e3d06-1982-409e-8f3c-7d3ec27babf6.txt', 'xs': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-4e311ea4-e54e-407d-aa22-e8f4c6b37785.txt', 'yara': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-74a4892e-f801-404a-9199-7416d047d2af.txt', 'cmake': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-0bebc9b6-6be4-40e0-b679-a7ba57c7a4e5.txt', 'dovecot': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-22314291-95a3-48bd-a929-8c46bbecd4dc.txt', 'libpsl': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-51ee4fc9-b7ef-48ef-9c66-1611f5ac22ee.txt', 'libvips': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-086fa696-8a2f-43a1-9ca1-ace22fe44e89.txt', 'openssl': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-b8698b9e-195c-400d-9af3-58e8b855d90b.txt', 'qemu': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-f40e739c-1bb9-4415-b7f8-4bcdf212bd6a.txt', 'tor': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-1b66c448-cbbe-455c-98bc-21bcc01b907d.txt', 'libyal': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-ef5aa10b-44fb-4613-945c-3aee149d4511.txt' }" | tr "'" '"' | jq -r 'to_entries[] | .key as $key | .value as $url | [$key, $url] | @tsv' | while IFS=$'\t' read -r key url; do echo "$key $url" && curl -s "$url" | grep -q "through pointer to incorrect function type" && sed --regexp-extended -i 's/base-builder$/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type/g' ./projects/$( echo $key )/Dockerfile ; done --- projects/bearssl/Dockerfile | 2 +- projects/cairo/Dockerfile | 2 +- projects/cmake/Dockerfile | 2 +- projects/cpuinfo/Dockerfile | 2 +- projects/cpython3/Dockerfile | 2 +- projects/cryptsetup/Dockerfile | 2 +- projects/curl/Dockerfile | 2 +- projects/dovecot/Dockerfile | 2 +- projects/dropbear/Dockerfile | 2 +- projects/frr/Dockerfile | 2 +- projects/glib/Dockerfile | 2 +- projects/gpac/Dockerfile | 2 +- projects/gstreamer/Dockerfile | 2 +- projects/hdf5/Dockerfile | 2 +- projects/igraph/Dockerfile | 2 +- projects/irssi/Dockerfile | 2 +- projects/libfido2/Dockerfile | 2 +- projects/libidn2/Dockerfile | 2 +- projects/libspectre/Dockerfile | 2 +- projects/libtpms/Dockerfile | 2 +- projects/libvips/Dockerfile | 2 +- projects/libyal/Dockerfile | 2 +- projects/mercurial/Dockerfile | 2 +- projects/nss/Dockerfile | 2 +- projects/open62541/Dockerfile | 2 +- projects/openssl/Dockerfile | 2 +- projects/ostree/Dockerfile | 2 +- projects/python3-libraries/Dockerfile | 2 +- projects/qemu/Dockerfile | 2 +- projects/rauc/Dockerfile | 2 +- projects/rtpproxy/Dockerfile | 2 +- projects/sqlite3/Dockerfile | 2 +- projects/strongswan/Dockerfile | 2 +- projects/tor/Dockerfile | 2 +- projects/wireshark/Dockerfile | 2 +- projects/wuffs/Dockerfile | 2 +- projects/xnnpack/Dockerfile | 2 +- projects/xs/Dockerfile | 2 +- projects/yara/Dockerfile | 2 +- 39 files changed, 39 insertions(+), 39 deletions(-) diff --git a/projects/bearssl/Dockerfile b/projects/bearssl/Dockerfile index 1f3a092ec507..e9d9c652d7b4 100644 --- a/projects/bearssl/Dockerfile +++ b/projects/bearssl/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y make autoconf automake libtool wget python RUN git clone --depth 1 https://www.bearssl.org/git/BearSSL RUN git clone --depth 1 https://github.com/randombit/botan.git diff --git a/projects/cairo/Dockerfile b/projects/cairo/Dockerfile index d33c3b4574d6..133dbacbeb35 100644 --- a/projects/cairo/Dockerfile +++ b/projects/cairo/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && \ apt-get install -y python3-pip gtk-doc-tools libffi-dev autotools-dev libtool gperf RUN pip3 install -U meson==1.2.0 ninja packaging diff --git a/projects/cmake/Dockerfile b/projects/cmake/Dockerfile index 8236d193dd7a..4d3c7572d671 100644 --- a/projects/cmake/Dockerfile +++ b/projects/cmake/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y make autoconf automake libtool \ pkg-config libssl-dev RUN git clone --depth 1 https://gitlab.kitware.com/cmake/cmake CMake diff --git a/projects/cpuinfo/Dockerfile b/projects/cpuinfo/Dockerfile index 9ecc0dbf6d36..3cff0d8a49ba 100644 --- a/projects/cpuinfo/Dockerfile +++ b/projects/cpuinfo/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y make autoconf automake libtool RUN git clone --depth 1 https://github.com/pytorch/cpuinfo WORKDIR cpuinfo diff --git a/projects/cpython3/Dockerfile b/projects/cpython3/Dockerfile index 972ed6f2224d..6b4fe7fa2729 100644 --- a/projects/cpython3/Dockerfile +++ b/projects/cpython3/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update RUN apt-get install -y build-essential libncursesw5-dev \ diff --git a/projects/cryptsetup/Dockerfile b/projects/cryptsetup/Dockerfile index 3b8163e01a5c..9e85a800d64d 100644 --- a/projects/cryptsetup/Dockerfile +++ b/projects/cryptsetup/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN git clone --depth 1 https://gitlab.com/cryptsetup/cryptsetup.git diff --git a/projects/curl/Dockerfile b/projects/curl/Dockerfile index 1dc106a53c8f..6745a1fdb433 100644 --- a/projects/curl/Dockerfile +++ b/projects/curl/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN git clone --depth 1 https://github.com/curl/curl.git /src/curl RUN git clone --depth 1 https://github.com/curl/curl-fuzzer.git /src/curl_fuzzer diff --git a/projects/dovecot/Dockerfile b/projects/dovecot/Dockerfile index 253230b576ba..0429c51c2f5e 100755 --- a/projects/dovecot/Dockerfile +++ b/projects/dovecot/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y make autoconf automake libtool wget gettext automake libxml2-dev m4 pkg-config bison flex python3.8-venv libssl-dev zlib1g-dev RUN git clone --depth 1 https://github.com/dovecot/core dovecot WORKDIR dovecot diff --git a/projects/dropbear/Dockerfile b/projects/dropbear/Dockerfile index f2c235486c8c..afd2b0d5e59b 100644 --- a/projects/dropbear/Dockerfile +++ b/projects/dropbear/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y libz-dev autoconf mercurial RUN hg clone https://hg.ucc.asn.au/dropbear-fuzzcorpus dropbear-corpus RUN git clone https://github.com/mkj/dropbear dropbear diff --git a/projects/frr/Dockerfile b/projects/frr/Dockerfile index df3ad026621d..1fd61228a84c 100644 --- a/projects/frr/Dockerfile +++ b/projects/frr/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y git autoconf automake libtool make \ libreadline-dev texinfo libjson-c-dev pkg-config bison flex python3-pip \ diff --git a/projects/glib/Dockerfile b/projects/glib/Dockerfile index d6c32fe3fc21..8cc784147c6c 100644 --- a/projects/glib/Dockerfile +++ b/projects/glib/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y python3-pip RUN unset CFLAGS CXXFLAGS && pip3 install -U meson ninja packaging RUN git clone --depth 1 https://gitlab.gnome.org/GNOME/glib diff --git a/projects/gpac/Dockerfile b/projects/gpac/Dockerfile index 26939ca33822..bf307ce65d40 100755 --- a/projects/gpac/Dockerfile +++ b/projects/gpac/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y build-essential pkg-config libz-dev RUN git clone https://github.com/gpac/gpac && cd gpac && git submodule update --init --remote --recursive diff --git a/projects/gstreamer/Dockerfile b/projects/gstreamer/Dockerfile index 8dfb2ddb46ac..e0e5bbbc94bf 100644 --- a/projects/gstreamer/Dockerfile +++ b/projects/gstreamer/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && \ apt-get install -y make autoconf automake libtool build-essential pkg-config bison flex patchelf \ diff --git a/projects/hdf5/Dockerfile b/projects/hdf5/Dockerfile index 7f4b9c570073..7049fdacdb1a 100644 --- a/projects/hdf5/Dockerfile +++ b/projects/hdf5/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y make autoconf automake libtool \ pkg-config cmake zlib1g-dev RUN git clone --depth 1 https://github.com/HDFGroup/hdf5 diff --git a/projects/igraph/Dockerfile b/projects/igraph/Dockerfile index 2cca925c1a55..5ce93ef6b90d 100644 --- a/projects/igraph/Dockerfile +++ b/projects/igraph/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y cmake bison flex RUN git clone --branch master https://github.com/igraph/igraph WORKDIR igraph diff --git a/projects/irssi/Dockerfile b/projects/irssi/Dockerfile index 5ec650f626e2..f8f69a23334b 100644 --- a/projects/irssi/Dockerfile +++ b/projects/irssi/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y pkg-config libncurses5-dev libssl-dev python3-pip RUN pip3 install -U meson ninja RUN git clone https://github.com/irssi/irssi diff --git a/projects/libfido2/Dockerfile b/projects/libfido2/Dockerfile index 83bfb8aad459..f7b4d8b1b26a 100644 --- a/projects/libfido2/Dockerfile +++ b/projects/libfido2/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y make autoconf automake libtool RUN apt-get install -y cmake libpcsclite-dev libudev-dev pkg-config chrpath RUN git clone --depth 1 --branch v0.11.0 https://github.com/PJK/libcbor diff --git a/projects/libidn2/Dockerfile b/projects/libidn2/Dockerfile index 446e17a1f4b1..ceda5f285267 100644 --- a/projects/libidn2/Dockerfile +++ b/projects/libidn2/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y make autoconf automake gettext libtool autopoint pkg-config gengetopt curl gperf rsync wget RUN git clone --recursive https://gitlab.com/libidn/libidn2.git diff --git a/projects/libspectre/Dockerfile b/projects/libspectre/Dockerfile index 87b8999de8d8..493eae68654c 100755 --- a/projects/libspectre/Dockerfile +++ b/projects/libspectre/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && \ diff --git a/projects/libtpms/Dockerfile b/projects/libtpms/Dockerfile index 2f18000108f0..2c8a18bd2478 100644 --- a/projects/libtpms/Dockerfile +++ b/projects/libtpms/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN \ apt-get update && \ apt-get install -y \ diff --git a/projects/libvips/Dockerfile b/projects/libvips/Dockerfile index bf1d203789ff..6710ed738dee 100644 --- a/projects/libvips/Dockerfile +++ b/projects/libvips/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y \ automake \ autopoint \ diff --git a/projects/libyal/Dockerfile b/projects/libyal/Dockerfile index 2c4a35b29753..6150406bff7e 100644 --- a/projects/libyal/Dockerfile +++ b/projects/libyal/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y make autoconf automake autopoint libtool pkg-config flex byacc diff --git a/projects/mercurial/Dockerfile b/projects/mercurial/Dockerfile index 334d95d497a1..9f92b1dbe5a2 100644 --- a/projects/mercurial/Dockerfile +++ b/projects/mercurial/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y \ autoconf \ automake \ diff --git a/projects/nss/Dockerfile b/projects/nss/Dockerfile index 4b657e5ae2c1..678315d74139 100644 --- a/projects/nss/Dockerfile +++ b/projects/nss/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y make mercurial zlib1g-dev gyp ninja-build libssl-dev python RUN hg clone https://hg.mozilla.org/projects/nspr nspr diff --git a/projects/open62541/Dockerfile b/projects/open62541/Dockerfile index 12c1e1f86d7d..5fa31172f31e 100644 --- a/projects/open62541/Dockerfile +++ b/projects/open62541/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y make cmake python-six wget # We need libmbedtls > 2.5.1 otherwise it does not include the lib for static linking RUN wget https://open62541.org/libmbedtls/libmbedtls-dev_2.6.0-1_amd64.deb && \ diff --git a/projects/openssl/Dockerfile b/projects/openssl/Dockerfile index 6532b06dce90..a313c57bcc56 100644 --- a/projects/openssl/Dockerfile +++ b/projects/openssl/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y make RUN git clone --depth 1 https://github.com/openssl/openssl.git RUN cd $SRC/openssl/ && git submodule update --init fuzz/corpora diff --git a/projects/ostree/Dockerfile b/projects/ostree/Dockerfile index 4ce61c701b0a..1e7a10fce771 100644 --- a/projects/ostree/Dockerfile +++ b/projects/ostree/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type ARG glib_tag=2.78.4 RUN apt-get update && apt-get install -y \ make \ diff --git a/projects/python3-libraries/Dockerfile b/projects/python3-libraries/Dockerfile index 37f6706ecaf3..db765457aef7 100644 --- a/projects/python3-libraries/Dockerfile +++ b/projects/python3-libraries/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && \ apt-get install -y build-essential libncursesw5-dev libreadline-dev libssl-dev libgdbm-dev libc6-dev libsqlite3-dev tk-dev libbz2-dev zlib1g-dev libffi-dev RUN git clone https://github.com/python/cpython.git cpython diff --git a/projects/qemu/Dockerfile b/projects/qemu/Dockerfile index 8ca5dfd0de97..f5708cea9894 100644 --- a/projects/qemu/Dockerfile +++ b/projects/qemu/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y make autoconf automake libtool ninja-build libglib2.0-dev \ libfdt-dev libpixman-1-dev zlib1g-dev libslirp-dev patchelf wget \ libattr1 libattr1-dev libcap-ng-dev pkg-config diff --git a/projects/rauc/Dockerfile b/projects/rauc/Dockerfile index 1f144adb4f15..53d9780c3bcd 100644 --- a/projects/rauc/Dockerfile +++ b/projects/rauc/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y python3-pip RUN unset CFLAGS CXXFLAGS && pip3 install -U meson ninja RUN git clone --depth 1 https://github.com/rauc/rauc.git rauc diff --git a/projects/rtpproxy/Dockerfile b/projects/rtpproxy/Dockerfile index d8c38ad45c0a..a64b1766dd1f 100755 --- a/projects/rtpproxy/Dockerfile +++ b/projects/rtpproxy/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN git clone https://github.com/sippy/rtpproxy RUN git -C rtpproxy submodule update --init --recursive diff --git a/projects/sqlite3/Dockerfile b/projects/sqlite3/Dockerfile index cb5a83b8ddcc..ad3b70c14954 100644 --- a/projects/sqlite3/Dockerfile +++ b/projects/sqlite3/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y make autoconf automake libtool curl tcl zlib1g-dev # We won't be able to poll fossil for changes, so this will build diff --git a/projects/strongswan/Dockerfile b/projects/strongswan/Dockerfile index ea003dbfae9b..27dc1c119801 100644 --- a/projects/strongswan/Dockerfile +++ b/projects/strongswan/Dockerfile @@ -14,7 +14,7 @@ # ############################################################################## -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y automake autoconf libtool pkg-config gettext perl python flex bison gperf lcov libgmp3-dev RUN git clone --depth 1 https://github.com/strongswan/strongswan.git strongswan RUN git clone --depth 1 https://github.com/strongswan/fuzzing-corpora.git strongswan/fuzzing-corpora diff --git a/projects/tor/Dockerfile b/projects/tor/Dockerfile index 3211c40be5d7..034766388bb2 100644 --- a/projects/tor/Dockerfile +++ b/projects/tor/Dockerfile @@ -14,7 +14,7 @@ # ############################################################################## -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y autoconf automake make libtool pkg-config RUN git clone --depth 1 https://git.torproject.org/tor.git RUN git clone --depth 1 https://git.torproject.org/fuzzing-corpora.git tor-fuzz-corpora diff --git a/projects/wireshark/Dockerfile b/projects/wireshark/Dockerfile index dd22532e58d6..6735d66690cd 100644 --- a/projects/wireshark/Dockerfile +++ b/projects/wireshark/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y ninja-build cmake \ flex libc-ares-dev \ diff --git a/projects/wuffs/Dockerfile b/projects/wuffs/Dockerfile index eac342f35179..e8752d2fc7e0 100644 --- a/projects/wuffs/Dockerfile +++ b/projects/wuffs/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y wget # Get Wuffs' first-party code. diff --git a/projects/xnnpack/Dockerfile b/projects/xnnpack/Dockerfile index 0a0b986d9c87..a26e1bf879e6 100644 --- a/projects/xnnpack/Dockerfile +++ b/projects/xnnpack/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN apt-get update && apt-get install -y make autoconf automake libtool libomp-dev libgomp1 RUN git clone --depth 1 https://github.com/google/XNNPACK xnnpack WORKDIR xnnpack diff --git a/projects/xs/Dockerfile b/projects/xs/Dockerfile index 285546e06f44..d6f4b433c1c7 100644 --- a/projects/xs/Dockerfile +++ b/projects/xs/Dockerfile @@ -12,7 +12,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type #Apache-2.0 license RUN git clone --depth 1 https://github.com/dvyukov/go-fuzz-corpus && \ diff --git a/projects/yara/Dockerfile b/projects/yara/Dockerfile index befe3d307a12..48621bc83a69 100644 --- a/projects/yara/Dockerfile +++ b/projects/yara/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type RUN \ apt-get update && apt-get install -y \ automake \ From 77e241663b8468f27e61eda5bb4516c4fc222f95 Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Tue, 2 Apr 2024 13:30:14 +0200 Subject: [PATCH 41/66] formatting --- projects/bearssl/Dockerfile | 3 ++- projects/cairo/Dockerfile | 3 ++- projects/cmake/Dockerfile | 3 ++- projects/cpuinfo/Dockerfile | 3 ++- projects/cpython3/Dockerfile | 3 ++- projects/cryptsetup/Dockerfile | 3 ++- projects/curl/Dockerfile | 3 ++- projects/dovecot/Dockerfile | 3 ++- projects/dropbear/Dockerfile | 3 ++- projects/frr/Dockerfile | 3 ++- projects/glib/Dockerfile | 3 ++- projects/gpac/Dockerfile | 3 ++- projects/gstreamer/Dockerfile | 3 ++- projects/hdf5/Dockerfile | 3 ++- projects/igraph/Dockerfile | 3 ++- projects/irssi/Dockerfile | 3 ++- projects/libfido2/Dockerfile | 3 ++- projects/libidn2/Dockerfile | 3 ++- projects/libspectre/Dockerfile | 3 ++- projects/libtpms/Dockerfile | 3 ++- projects/libvips/Dockerfile | 3 ++- projects/libyal/Dockerfile | 3 ++- projects/mercurial/Dockerfile | 3 ++- projects/nss/Dockerfile | 3 ++- projects/open62541/Dockerfile | 3 ++- projects/openssl/Dockerfile | 3 ++- projects/ostree/Dockerfile | 3 ++- projects/python3-libraries/Dockerfile | 3 ++- projects/qemu/Dockerfile | 3 ++- projects/rauc/Dockerfile | 3 ++- projects/rtpproxy/Dockerfile | 3 ++- projects/sqlite3/Dockerfile | 3 ++- projects/strongswan/Dockerfile | 3 ++- projects/tor/Dockerfile | 3 ++- projects/wireshark/Dockerfile | 3 ++- projects/wuffs/Dockerfile | 3 ++- projects/xnnpack/Dockerfile | 3 ++- projects/xs/Dockerfile | 3 ++- projects/yara/Dockerfile | 3 ++- 39 files changed, 78 insertions(+), 39 deletions(-) diff --git a/projects/bearssl/Dockerfile b/projects/bearssl/Dockerfile index e9d9c652d7b4..0ee87625aa31 100644 --- a/projects/bearssl/Dockerfile +++ b/projects/bearssl/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake libtool wget python RUN git clone --depth 1 https://www.bearssl.org/git/BearSSL RUN git clone --depth 1 https://github.com/randombit/botan.git diff --git a/projects/cairo/Dockerfile b/projects/cairo/Dockerfile index 133dbacbeb35..c9ac64d57603 100644 --- a/projects/cairo/Dockerfile +++ b/projects/cairo/Dockerfile @@ -13,7 +13,8 @@ # limitations under the License. # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && \ apt-get install -y python3-pip gtk-doc-tools libffi-dev autotools-dev libtool gperf RUN pip3 install -U meson==1.2.0 ninja packaging diff --git a/projects/cmake/Dockerfile b/projects/cmake/Dockerfile index 4d3c7572d671..afdf69b118a2 100644 --- a/projects/cmake/Dockerfile +++ b/projects/cmake/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake libtool \ pkg-config libssl-dev RUN git clone --depth 1 https://gitlab.kitware.com/cmake/cmake CMake diff --git a/projects/cpuinfo/Dockerfile b/projects/cpuinfo/Dockerfile index 3cff0d8a49ba..f34643e5dc97 100644 --- a/projects/cpuinfo/Dockerfile +++ b/projects/cpuinfo/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake libtool RUN git clone --depth 1 https://github.com/pytorch/cpuinfo WORKDIR cpuinfo diff --git a/projects/cpython3/Dockerfile b/projects/cpython3/Dockerfile index 6b4fe7fa2729..ec7bc624f797 100644 --- a/projects/cpython3/Dockerfile +++ b/projects/cpython3/Dockerfile @@ -13,7 +13,8 @@ # limitations under the License. # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update RUN apt-get install -y build-essential libncursesw5-dev \ diff --git a/projects/cryptsetup/Dockerfile b/projects/cryptsetup/Dockerfile index 9e85a800d64d..1133e12b5870 100644 --- a/projects/cryptsetup/Dockerfile +++ b/projects/cryptsetup/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN git clone --depth 1 https://gitlab.com/cryptsetup/cryptsetup.git diff --git a/projects/curl/Dockerfile b/projects/curl/Dockerfile index 6745a1fdb433..f62431c0a4b0 100644 --- a/projects/curl/Dockerfile +++ b/projects/curl/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN git clone --depth 1 https://github.com/curl/curl.git /src/curl RUN git clone --depth 1 https://github.com/curl/curl-fuzzer.git /src/curl_fuzzer diff --git a/projects/dovecot/Dockerfile b/projects/dovecot/Dockerfile index 0429c51c2f5e..8c57c9291e08 100755 --- a/projects/dovecot/Dockerfile +++ b/projects/dovecot/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake libtool wget gettext automake libxml2-dev m4 pkg-config bison flex python3.8-venv libssl-dev zlib1g-dev RUN git clone --depth 1 https://github.com/dovecot/core dovecot WORKDIR dovecot diff --git a/projects/dropbear/Dockerfile b/projects/dropbear/Dockerfile index afd2b0d5e59b..dc649b7a270e 100644 --- a/projects/dropbear/Dockerfile +++ b/projects/dropbear/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y libz-dev autoconf mercurial RUN hg clone https://hg.ucc.asn.au/dropbear-fuzzcorpus dropbear-corpus RUN git clone https://github.com/mkj/dropbear dropbear diff --git a/projects/frr/Dockerfile b/projects/frr/Dockerfile index 1fd61228a84c..4257717d6a23 100644 --- a/projects/frr/Dockerfile +++ b/projects/frr/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y git autoconf automake libtool make \ libreadline-dev texinfo libjson-c-dev pkg-config bison flex python3-pip \ diff --git a/projects/glib/Dockerfile b/projects/glib/Dockerfile index 8cc784147c6c..b1b7ef99df0b 100644 --- a/projects/glib/Dockerfile +++ b/projects/glib/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y python3-pip RUN unset CFLAGS CXXFLAGS && pip3 install -U meson ninja packaging RUN git clone --depth 1 https://gitlab.gnome.org/GNOME/glib diff --git a/projects/gpac/Dockerfile b/projects/gpac/Dockerfile index bf307ce65d40..04660f8569f3 100755 --- a/projects/gpac/Dockerfile +++ b/projects/gpac/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y build-essential pkg-config libz-dev RUN git clone https://github.com/gpac/gpac && cd gpac && git submodule update --init --remote --recursive diff --git a/projects/gstreamer/Dockerfile b/projects/gstreamer/Dockerfile index e0e5bbbc94bf..a492fc5992c2 100644 --- a/projects/gstreamer/Dockerfile +++ b/projects/gstreamer/Dockerfile @@ -13,7 +13,8 @@ # limitations under the License. # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && \ apt-get install -y make autoconf automake libtool build-essential pkg-config bison flex patchelf \ diff --git a/projects/hdf5/Dockerfile b/projects/hdf5/Dockerfile index 7049fdacdb1a..b6659b905736 100644 --- a/projects/hdf5/Dockerfile +++ b/projects/hdf5/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake libtool \ pkg-config cmake zlib1g-dev RUN git clone --depth 1 https://github.com/HDFGroup/hdf5 diff --git a/projects/igraph/Dockerfile b/projects/igraph/Dockerfile index 5ce93ef6b90d..dad8a03649d9 100644 --- a/projects/igraph/Dockerfile +++ b/projects/igraph/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y cmake bison flex RUN git clone --branch master https://github.com/igraph/igraph WORKDIR igraph diff --git a/projects/irssi/Dockerfile b/projects/irssi/Dockerfile index f8f69a23334b..8859c517a1bc 100644 --- a/projects/irssi/Dockerfile +++ b/projects/irssi/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y pkg-config libncurses5-dev libssl-dev python3-pip RUN pip3 install -U meson ninja RUN git clone https://github.com/irssi/irssi diff --git a/projects/libfido2/Dockerfile b/projects/libfido2/Dockerfile index f7b4d8b1b26a..ddb5257c982f 100644 --- a/projects/libfido2/Dockerfile +++ b/projects/libfido2/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake libtool RUN apt-get install -y cmake libpcsclite-dev libudev-dev pkg-config chrpath RUN git clone --depth 1 --branch v0.11.0 https://github.com/PJK/libcbor diff --git a/projects/libidn2/Dockerfile b/projects/libidn2/Dockerfile index ceda5f285267..18433480d6e7 100644 --- a/projects/libidn2/Dockerfile +++ b/projects/libidn2/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake gettext libtool autopoint pkg-config gengetopt curl gperf rsync wget RUN git clone --recursive https://gitlab.com/libidn/libidn2.git diff --git a/projects/libspectre/Dockerfile b/projects/libspectre/Dockerfile index 493eae68654c..1891a914f60d 100755 --- a/projects/libspectre/Dockerfile +++ b/projects/libspectre/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && \ diff --git a/projects/libtpms/Dockerfile b/projects/libtpms/Dockerfile index 2c8a18bd2478..ab39cd213dec 100644 --- a/projects/libtpms/Dockerfile +++ b/projects/libtpms/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN \ apt-get update && \ apt-get install -y \ diff --git a/projects/libvips/Dockerfile b/projects/libvips/Dockerfile index 6710ed738dee..bfbe9e019ca3 100644 --- a/projects/libvips/Dockerfile +++ b/projects/libvips/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y \ automake \ autopoint \ diff --git a/projects/libyal/Dockerfile b/projects/libyal/Dockerfile index 6150406bff7e..5ce1a6015e44 100644 --- a/projects/libyal/Dockerfile +++ b/projects/libyal/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake autopoint libtool pkg-config flex byacc diff --git a/projects/mercurial/Dockerfile b/projects/mercurial/Dockerfile index 9f92b1dbe5a2..f15995297d50 100644 --- a/projects/mercurial/Dockerfile +++ b/projects/mercurial/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y \ autoconf \ automake \ diff --git a/projects/nss/Dockerfile b/projects/nss/Dockerfile index 678315d74139..ca1055bcd824 100644 --- a/projects/nss/Dockerfile +++ b/projects/nss/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make mercurial zlib1g-dev gyp ninja-build libssl-dev python RUN hg clone https://hg.mozilla.org/projects/nspr nspr diff --git a/projects/open62541/Dockerfile b/projects/open62541/Dockerfile index 5fa31172f31e..f4ff41a0373f 100644 --- a/projects/open62541/Dockerfile +++ b/projects/open62541/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make cmake python-six wget # We need libmbedtls > 2.5.1 otherwise it does not include the lib for static linking RUN wget https://open62541.org/libmbedtls/libmbedtls-dev_2.6.0-1_amd64.deb && \ diff --git a/projects/openssl/Dockerfile b/projects/openssl/Dockerfile index a313c57bcc56..0951128bcb96 100644 --- a/projects/openssl/Dockerfile +++ b/projects/openssl/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make RUN git clone --depth 1 https://github.com/openssl/openssl.git RUN cd $SRC/openssl/ && git submodule update --init fuzz/corpora diff --git a/projects/ostree/Dockerfile b/projects/ostree/Dockerfile index 1e7a10fce771..5ed135af5db2 100644 --- a/projects/ostree/Dockerfile +++ b/projects/ostree/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e ARG glib_tag=2.78.4 RUN apt-get update && apt-get install -y \ make \ diff --git a/projects/python3-libraries/Dockerfile b/projects/python3-libraries/Dockerfile index db765457aef7..69c78d3abe99 100644 --- a/projects/python3-libraries/Dockerfile +++ b/projects/python3-libraries/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && \ apt-get install -y build-essential libncursesw5-dev libreadline-dev libssl-dev libgdbm-dev libc6-dev libsqlite3-dev tk-dev libbz2-dev zlib1g-dev libffi-dev RUN git clone https://github.com/python/cpython.git cpython diff --git a/projects/qemu/Dockerfile b/projects/qemu/Dockerfile index f5708cea9894..8d9a9b473e50 100644 --- a/projects/qemu/Dockerfile +++ b/projects/qemu/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake libtool ninja-build libglib2.0-dev \ libfdt-dev libpixman-1-dev zlib1g-dev libslirp-dev patchelf wget \ libattr1 libattr1-dev libcap-ng-dev pkg-config diff --git a/projects/rauc/Dockerfile b/projects/rauc/Dockerfile index 53d9780c3bcd..7c8ed41083e5 100644 --- a/projects/rauc/Dockerfile +++ b/projects/rauc/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y python3-pip RUN unset CFLAGS CXXFLAGS && pip3 install -U meson ninja RUN git clone --depth 1 https://github.com/rauc/rauc.git rauc diff --git a/projects/rtpproxy/Dockerfile b/projects/rtpproxy/Dockerfile index a64b1766dd1f..ffc4a824b978 100755 --- a/projects/rtpproxy/Dockerfile +++ b/projects/rtpproxy/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN git clone https://github.com/sippy/rtpproxy RUN git -C rtpproxy submodule update --init --recursive diff --git a/projects/sqlite3/Dockerfile b/projects/sqlite3/Dockerfile index ad3b70c14954..dd2dbd3cfd96 100644 --- a/projects/sqlite3/Dockerfile +++ b/projects/sqlite3/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake libtool curl tcl zlib1g-dev # We won't be able to poll fossil for changes, so this will build diff --git a/projects/strongswan/Dockerfile b/projects/strongswan/Dockerfile index 27dc1c119801..ea77b37160e0 100644 --- a/projects/strongswan/Dockerfile +++ b/projects/strongswan/Dockerfile @@ -14,7 +14,8 @@ # ############################################################################## -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y automake autoconf libtool pkg-config gettext perl python flex bison gperf lcov libgmp3-dev RUN git clone --depth 1 https://github.com/strongswan/strongswan.git strongswan RUN git clone --depth 1 https://github.com/strongswan/fuzzing-corpora.git strongswan/fuzzing-corpora diff --git a/projects/tor/Dockerfile b/projects/tor/Dockerfile index 034766388bb2..065dfe218cf7 100644 --- a/projects/tor/Dockerfile +++ b/projects/tor/Dockerfile @@ -14,7 +14,8 @@ # ############################################################################## -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y autoconf automake make libtool pkg-config RUN git clone --depth 1 https://git.torproject.org/tor.git RUN git clone --depth 1 https://git.torproject.org/fuzzing-corpora.git tor-fuzz-corpora diff --git a/projects/wireshark/Dockerfile b/projects/wireshark/Dockerfile index 6735d66690cd..9cfd337d08cc 100644 --- a/projects/wireshark/Dockerfile +++ b/projects/wireshark/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y ninja-build cmake \ flex libc-ares-dev \ diff --git a/projects/wuffs/Dockerfile b/projects/wuffs/Dockerfile index e8752d2fc7e0..8c679b07b702 100644 --- a/projects/wuffs/Dockerfile +++ b/projects/wuffs/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y wget # Get Wuffs' first-party code. diff --git a/projects/xnnpack/Dockerfile b/projects/xnnpack/Dockerfile index a26e1bf879e6..f3f0d806e0f5 100644 --- a/projects/xnnpack/Dockerfile +++ b/projects/xnnpack/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake libtool libomp-dev libgomp1 RUN git clone --depth 1 https://github.com/google/XNNPACK xnnpack WORKDIR xnnpack diff --git a/projects/xs/Dockerfile b/projects/xs/Dockerfile index d6f4b433c1c7..374526ebe540 100644 --- a/projects/xs/Dockerfile +++ b/projects/xs/Dockerfile @@ -12,7 +12,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e #Apache-2.0 license RUN git clone --depth 1 https://github.com/dvyukov/go-fuzz-corpus && \ diff --git a/projects/yara/Dockerfile b/projects/yara/Dockerfile index 48621bc83a69..99cc5c8a7b87 100644 --- a/projects/yara/Dockerfile +++ b/projects/yara/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e # Pin due to ubsan: call to function _ through pointer to incorrect function type +# Pin due to ubsan: call to function _ through pointer to incorrect function type +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN \ apt-get update && apt-get install -y \ automake \ From 05f99124b356b2f8f50bccd29c41ca34470af3fd Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Tue, 2 Apr 2024 13:48:12 +0200 Subject: [PATCH 42/66] Pin gdal due to 32-bit issue --- projects/gdal/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/gdal/Dockerfile b/projects/gdal/Dockerfile index ac0a048e3cc1..890eba8f7cf1 100644 --- a/projects/gdal/Dockerfile +++ b/projects/gdal/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && \ apt-get install -y make autoconf automake libtool g++ curl cmake sqlite3 pkg-config From 5fe9a77e254f4ba2e06804dc890cf57bce2a12de Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Wed, 3 Apr 2024 10:31:49 +0200 Subject: [PATCH 43/66] CFLAGS -fno-sanitize=function --- infra/base-images/base-builder/compile | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/infra/base-images/base-builder/compile b/infra/base-images/base-builder/compile index 0bf3de620c11..1e00613b4eb6 100755 --- a/infra/base-images/base-builder/compile +++ b/infra/base-images/base-builder/compile @@ -129,6 +129,13 @@ export CUSTOM_LIBFUZZER_STD_CXX=c++ export CFLAGS="$CFLAGS $SANITIZER_FLAGS $COVERAGE_FLAGS" export CXXFLAGS="$CFLAGS $CXXFLAGS_EXTRA" +if [ "$SANITIZER" = "undefined" ]; then + # Disable "function" sanitizer for C code for now, because many projects, + # possibly via legacy C code are affected. + # The projects should be fixed and this workaround be removed in the future. + export CFLAGS="$CFLAGS -fno-sanitize=function" +fi + if [ "$FUZZING_LANGUAGE" = "go" ]; then # required by Go 1.20 export CXX="${CXX} -lresolv" From 21d3761b4377000562c84cf3e5f9492e4e7bae22 Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Wed, 3 Apr 2024 10:32:15 +0200 Subject: [PATCH 44/66] Revert "Pin projects due to ubsan function sanitizer" --- projects/bearssl/Dockerfile | 3 +-- projects/cairo/Dockerfile | 3 +-- projects/cmake/Dockerfile | 3 +-- projects/cpuinfo/Dockerfile | 3 +-- projects/cpython3/Dockerfile | 3 +-- projects/cryptsetup/Dockerfile | 3 +-- projects/curl/Dockerfile | 3 +-- projects/dovecot/Dockerfile | 3 +-- projects/dropbear/Dockerfile | 3 +-- projects/frr/Dockerfile | 3 +-- projects/glib/Dockerfile | 3 +-- projects/gpac/Dockerfile | 3 +-- projects/gstreamer/Dockerfile | 3 +-- projects/hdf5/Dockerfile | 3 +-- projects/igraph/Dockerfile | 3 +-- projects/irssi/Dockerfile | 3 +-- projects/libfido2/Dockerfile | 3 +-- projects/libidn2/Dockerfile | 3 +-- projects/libspectre/Dockerfile | 3 +-- projects/libtpms/Dockerfile | 3 +-- projects/libvips/Dockerfile | 3 +-- projects/libyal/Dockerfile | 3 +-- projects/mercurial/Dockerfile | 3 +-- projects/nss/Dockerfile | 3 +-- projects/open62541/Dockerfile | 3 +-- projects/openssl/Dockerfile | 3 +-- projects/ostree/Dockerfile | 3 +-- projects/python3-libraries/Dockerfile | 3 +-- projects/qemu/Dockerfile | 3 +-- projects/rauc/Dockerfile | 3 +-- projects/rtpproxy/Dockerfile | 3 +-- projects/sqlite3/Dockerfile | 3 +-- projects/strongswan/Dockerfile | 3 +-- projects/tor/Dockerfile | 3 +-- projects/wireshark/Dockerfile | 3 +-- projects/wuffs/Dockerfile | 3 +-- projects/xnnpack/Dockerfile | 3 +-- projects/xs/Dockerfile | 3 +-- projects/yara/Dockerfile | 3 +-- 39 files changed, 39 insertions(+), 78 deletions(-) diff --git a/projects/bearssl/Dockerfile b/projects/bearssl/Dockerfile index 0ee87625aa31..1f3a092ec507 100644 --- a/projects/bearssl/Dockerfile +++ b/projects/bearssl/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool wget python RUN git clone --depth 1 https://www.bearssl.org/git/BearSSL RUN git clone --depth 1 https://github.com/randombit/botan.git diff --git a/projects/cairo/Dockerfile b/projects/cairo/Dockerfile index c9ac64d57603..d33c3b4574d6 100644 --- a/projects/cairo/Dockerfile +++ b/projects/cairo/Dockerfile @@ -13,8 +13,7 @@ # limitations under the License. # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && \ apt-get install -y python3-pip gtk-doc-tools libffi-dev autotools-dev libtool gperf RUN pip3 install -U meson==1.2.0 ninja packaging diff --git a/projects/cmake/Dockerfile b/projects/cmake/Dockerfile index afdf69b118a2..8236d193dd7a 100644 --- a/projects/cmake/Dockerfile +++ b/projects/cmake/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool \ pkg-config libssl-dev RUN git clone --depth 1 https://gitlab.kitware.com/cmake/cmake CMake diff --git a/projects/cpuinfo/Dockerfile b/projects/cpuinfo/Dockerfile index f34643e5dc97..9ecc0dbf6d36 100644 --- a/projects/cpuinfo/Dockerfile +++ b/projects/cpuinfo/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool RUN git clone --depth 1 https://github.com/pytorch/cpuinfo WORKDIR cpuinfo diff --git a/projects/cpython3/Dockerfile b/projects/cpython3/Dockerfile index ec7bc624f797..972ed6f2224d 100644 --- a/projects/cpython3/Dockerfile +++ b/projects/cpython3/Dockerfile @@ -13,8 +13,7 @@ # limitations under the License. # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update RUN apt-get install -y build-essential libncursesw5-dev \ diff --git a/projects/cryptsetup/Dockerfile b/projects/cryptsetup/Dockerfile index 1133e12b5870..3b8163e01a5c 100644 --- a/projects/cryptsetup/Dockerfile +++ b/projects/cryptsetup/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://gitlab.com/cryptsetup/cryptsetup.git diff --git a/projects/curl/Dockerfile b/projects/curl/Dockerfile index f62431c0a4b0..1dc106a53c8f 100644 --- a/projects/curl/Dockerfile +++ b/projects/curl/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone --depth 1 https://github.com/curl/curl.git /src/curl RUN git clone --depth 1 https://github.com/curl/curl-fuzzer.git /src/curl_fuzzer diff --git a/projects/dovecot/Dockerfile b/projects/dovecot/Dockerfile index 8c57c9291e08..253230b576ba 100755 --- a/projects/dovecot/Dockerfile +++ b/projects/dovecot/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool wget gettext automake libxml2-dev m4 pkg-config bison flex python3.8-venv libssl-dev zlib1g-dev RUN git clone --depth 1 https://github.com/dovecot/core dovecot WORKDIR dovecot diff --git a/projects/dropbear/Dockerfile b/projects/dropbear/Dockerfile index dc649b7a270e..f2c235486c8c 100644 --- a/projects/dropbear/Dockerfile +++ b/projects/dropbear/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y libz-dev autoconf mercurial RUN hg clone https://hg.ucc.asn.au/dropbear-fuzzcorpus dropbear-corpus RUN git clone https://github.com/mkj/dropbear dropbear diff --git a/projects/frr/Dockerfile b/projects/frr/Dockerfile index 4257717d6a23..df3ad026621d 100644 --- a/projects/frr/Dockerfile +++ b/projects/frr/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y git autoconf automake libtool make \ libreadline-dev texinfo libjson-c-dev pkg-config bison flex python3-pip \ diff --git a/projects/glib/Dockerfile b/projects/glib/Dockerfile index b1b7ef99df0b..d6c32fe3fc21 100644 --- a/projects/glib/Dockerfile +++ b/projects/glib/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y python3-pip RUN unset CFLAGS CXXFLAGS && pip3 install -U meson ninja packaging RUN git clone --depth 1 https://gitlab.gnome.org/GNOME/glib diff --git a/projects/gpac/Dockerfile b/projects/gpac/Dockerfile index 04660f8569f3..26939ca33822 100755 --- a/projects/gpac/Dockerfile +++ b/projects/gpac/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y build-essential pkg-config libz-dev RUN git clone https://github.com/gpac/gpac && cd gpac && git submodule update --init --remote --recursive diff --git a/projects/gstreamer/Dockerfile b/projects/gstreamer/Dockerfile index a492fc5992c2..8dfb2ddb46ac 100644 --- a/projects/gstreamer/Dockerfile +++ b/projects/gstreamer/Dockerfile @@ -13,8 +13,7 @@ # limitations under the License. # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && \ apt-get install -y make autoconf automake libtool build-essential pkg-config bison flex patchelf \ diff --git a/projects/hdf5/Dockerfile b/projects/hdf5/Dockerfile index b6659b905736..7f4b9c570073 100644 --- a/projects/hdf5/Dockerfile +++ b/projects/hdf5/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool \ pkg-config cmake zlib1g-dev RUN git clone --depth 1 https://github.com/HDFGroup/hdf5 diff --git a/projects/igraph/Dockerfile b/projects/igraph/Dockerfile index dad8a03649d9..2cca925c1a55 100644 --- a/projects/igraph/Dockerfile +++ b/projects/igraph/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y cmake bison flex RUN git clone --branch master https://github.com/igraph/igraph WORKDIR igraph diff --git a/projects/irssi/Dockerfile b/projects/irssi/Dockerfile index 8859c517a1bc..5ec650f626e2 100644 --- a/projects/irssi/Dockerfile +++ b/projects/irssi/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y pkg-config libncurses5-dev libssl-dev python3-pip RUN pip3 install -U meson ninja RUN git clone https://github.com/irssi/irssi diff --git a/projects/libfido2/Dockerfile b/projects/libfido2/Dockerfile index ddb5257c982f..83bfb8aad459 100644 --- a/projects/libfido2/Dockerfile +++ b/projects/libfido2/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool RUN apt-get install -y cmake libpcsclite-dev libudev-dev pkg-config chrpath RUN git clone --depth 1 --branch v0.11.0 https://github.com/PJK/libcbor diff --git a/projects/libidn2/Dockerfile b/projects/libidn2/Dockerfile index 18433480d6e7..446e17a1f4b1 100644 --- a/projects/libidn2/Dockerfile +++ b/projects/libidn2/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake gettext libtool autopoint pkg-config gengetopt curl gperf rsync wget RUN git clone --recursive https://gitlab.com/libidn/libidn2.git diff --git a/projects/libspectre/Dockerfile b/projects/libspectre/Dockerfile index 1891a914f60d..87b8999de8d8 100755 --- a/projects/libspectre/Dockerfile +++ b/projects/libspectre/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && \ diff --git a/projects/libtpms/Dockerfile b/projects/libtpms/Dockerfile index ab39cd213dec..2f18000108f0 100644 --- a/projects/libtpms/Dockerfile +++ b/projects/libtpms/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN \ apt-get update && \ apt-get install -y \ diff --git a/projects/libvips/Dockerfile b/projects/libvips/Dockerfile index bfbe9e019ca3..bf1d203789ff 100644 --- a/projects/libvips/Dockerfile +++ b/projects/libvips/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y \ automake \ autopoint \ diff --git a/projects/libyal/Dockerfile b/projects/libyal/Dockerfile index 5ce1a6015e44..2c4a35b29753 100644 --- a/projects/libyal/Dockerfile +++ b/projects/libyal/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake autopoint libtool pkg-config flex byacc diff --git a/projects/mercurial/Dockerfile b/projects/mercurial/Dockerfile index f15995297d50..334d95d497a1 100644 --- a/projects/mercurial/Dockerfile +++ b/projects/mercurial/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y \ autoconf \ automake \ diff --git a/projects/nss/Dockerfile b/projects/nss/Dockerfile index ca1055bcd824..4b657e5ae2c1 100644 --- a/projects/nss/Dockerfile +++ b/projects/nss/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make mercurial zlib1g-dev gyp ninja-build libssl-dev python RUN hg clone https://hg.mozilla.org/projects/nspr nspr diff --git a/projects/open62541/Dockerfile b/projects/open62541/Dockerfile index f4ff41a0373f..12c1e1f86d7d 100644 --- a/projects/open62541/Dockerfile +++ b/projects/open62541/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make cmake python-six wget # We need libmbedtls > 2.5.1 otherwise it does not include the lib for static linking RUN wget https://open62541.org/libmbedtls/libmbedtls-dev_2.6.0-1_amd64.deb && \ diff --git a/projects/openssl/Dockerfile b/projects/openssl/Dockerfile index 0951128bcb96..6532b06dce90 100644 --- a/projects/openssl/Dockerfile +++ b/projects/openssl/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make RUN git clone --depth 1 https://github.com/openssl/openssl.git RUN cd $SRC/openssl/ && git submodule update --init fuzz/corpora diff --git a/projects/ostree/Dockerfile b/projects/ostree/Dockerfile index 5ed135af5db2..4ce61c701b0a 100644 --- a/projects/ostree/Dockerfile +++ b/projects/ostree/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder ARG glib_tag=2.78.4 RUN apt-get update && apt-get install -y \ make \ diff --git a/projects/python3-libraries/Dockerfile b/projects/python3-libraries/Dockerfile index 69c78d3abe99..37f6706ecaf3 100644 --- a/projects/python3-libraries/Dockerfile +++ b/projects/python3-libraries/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && \ apt-get install -y build-essential libncursesw5-dev libreadline-dev libssl-dev libgdbm-dev libc6-dev libsqlite3-dev tk-dev libbz2-dev zlib1g-dev libffi-dev RUN git clone https://github.com/python/cpython.git cpython diff --git a/projects/qemu/Dockerfile b/projects/qemu/Dockerfile index 8d9a9b473e50..8ca5dfd0de97 100644 --- a/projects/qemu/Dockerfile +++ b/projects/qemu/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool ninja-build libglib2.0-dev \ libfdt-dev libpixman-1-dev zlib1g-dev libslirp-dev patchelf wget \ libattr1 libattr1-dev libcap-ng-dev pkg-config diff --git a/projects/rauc/Dockerfile b/projects/rauc/Dockerfile index 7c8ed41083e5..1f144adb4f15 100644 --- a/projects/rauc/Dockerfile +++ b/projects/rauc/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y python3-pip RUN unset CFLAGS CXXFLAGS && pip3 install -U meson ninja RUN git clone --depth 1 https://github.com/rauc/rauc.git rauc diff --git a/projects/rtpproxy/Dockerfile b/projects/rtpproxy/Dockerfile index ffc4a824b978..d8c38ad45c0a 100755 --- a/projects/rtpproxy/Dockerfile +++ b/projects/rtpproxy/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone https://github.com/sippy/rtpproxy RUN git -C rtpproxy submodule update --init --recursive diff --git a/projects/sqlite3/Dockerfile b/projects/sqlite3/Dockerfile index dd2dbd3cfd96..cb5a83b8ddcc 100644 --- a/projects/sqlite3/Dockerfile +++ b/projects/sqlite3/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool curl tcl zlib1g-dev # We won't be able to poll fossil for changes, so this will build diff --git a/projects/strongswan/Dockerfile b/projects/strongswan/Dockerfile index ea77b37160e0..ea003dbfae9b 100644 --- a/projects/strongswan/Dockerfile +++ b/projects/strongswan/Dockerfile @@ -14,8 +14,7 @@ # ############################################################################## -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y automake autoconf libtool pkg-config gettext perl python flex bison gperf lcov libgmp3-dev RUN git clone --depth 1 https://github.com/strongswan/strongswan.git strongswan RUN git clone --depth 1 https://github.com/strongswan/fuzzing-corpora.git strongswan/fuzzing-corpora diff --git a/projects/tor/Dockerfile b/projects/tor/Dockerfile index 065dfe218cf7..3211c40be5d7 100644 --- a/projects/tor/Dockerfile +++ b/projects/tor/Dockerfile @@ -14,8 +14,7 @@ # ############################################################################## -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y autoconf automake make libtool pkg-config RUN git clone --depth 1 https://git.torproject.org/tor.git RUN git clone --depth 1 https://git.torproject.org/fuzzing-corpora.git tor-fuzz-corpora diff --git a/projects/wireshark/Dockerfile b/projects/wireshark/Dockerfile index 9cfd337d08cc..dd22532e58d6 100644 --- a/projects/wireshark/Dockerfile +++ b/projects/wireshark/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y ninja-build cmake \ flex libc-ares-dev \ diff --git a/projects/wuffs/Dockerfile b/projects/wuffs/Dockerfile index 8c679b07b702..eac342f35179 100644 --- a/projects/wuffs/Dockerfile +++ b/projects/wuffs/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y wget # Get Wuffs' first-party code. diff --git a/projects/xnnpack/Dockerfile b/projects/xnnpack/Dockerfile index f3f0d806e0f5..0a0b986d9c87 100644 --- a/projects/xnnpack/Dockerfile +++ b/projects/xnnpack/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool libomp-dev libgomp1 RUN git clone --depth 1 https://github.com/google/XNNPACK xnnpack WORKDIR xnnpack diff --git a/projects/xs/Dockerfile b/projects/xs/Dockerfile index 374526ebe540..285546e06f44 100644 --- a/projects/xs/Dockerfile +++ b/projects/xs/Dockerfile @@ -12,8 +12,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder #Apache-2.0 license RUN git clone --depth 1 https://github.com/dvyukov/go-fuzz-corpus && \ diff --git a/projects/yara/Dockerfile b/projects/yara/Dockerfile index 99cc5c8a7b87..befe3d307a12 100644 --- a/projects/yara/Dockerfile +++ b/projects/yara/Dockerfile @@ -14,8 +14,7 @@ # ################################################################################ -# Pin due to ubsan: call to function _ through pointer to incorrect function type -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN \ apt-get update && apt-get install -y \ automake \ From 488a9eb370ac35bdd15773d43e5391e67bb270a1 Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Thu, 4 Apr 2024 09:19:36 +0200 Subject: [PATCH 45/66] Add -fno-sanitize=function TODO(#11778) --- infra/base-images/base-builder/compile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/infra/base-images/base-builder/compile b/infra/base-images/base-builder/compile index 1e00613b4eb6..139b6bdbe85f 100755 --- a/infra/base-images/base-builder/compile +++ b/infra/base-images/base-builder/compile @@ -133,6 +133,8 @@ if [ "$SANITIZER" = "undefined" ]; then # Disable "function" sanitizer for C code for now, because many projects, # possibly via legacy C code are affected. # The projects should be fixed and this workaround be removed in the future. + # TODO(#11778): + # https://github.com/google/oss-fuzz/issues/11778 export CFLAGS="$CFLAGS -fno-sanitize=function" fi From a440a470db031899720328e20d3a232871f625df Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Thu, 4 Apr 2024 09:51:08 +0200 Subject: [PATCH 46/66] int-conversion + envoy --- infra/base-images/base-clang/Dockerfile | 4 ++-- projects/gdk-pixbuf/Dockerfile | 2 +- projects/wpantund/Dockerfile | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/infra/base-images/base-clang/Dockerfile b/infra/base-images/base-clang/Dockerfile index 42a376193f5f..b83eb349819c 100644 --- a/infra/base-images/base-clang/Dockerfile +++ b/infra/base-images/base-clang/Dockerfile @@ -58,8 +58,8 @@ ENV CCC "clang++" # The implicit-function-declaration and implicit-int errors are downgraded to a # warning, to allow compiling legacy code. # See https://releases.llvm.org/16.0.0/tools/clang/docs/ReleaseNotes.html#potentially-breaking-changes -# Same for vla-cxx-extension, deprecated-declarations +# Same for vla-cxx-extension, deprecated-declarations, int-conversion -ENV CFLAGS "-O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=deprecated-declarations -Wno-error=vla-cxx-extension -Wno-error=implicit-function-declaration -Wno-error=implicit-int -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" +ENV CFLAGS "-O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=int-conversion -Wno-error=deprecated-declarations -Wno-error=vla-cxx-extension -Wno-error=implicit-function-declaration -Wno-error=implicit-int -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" ENV CXXFLAGS_EXTRA "-stdlib=libc++" ENV CXXFLAGS "$CFLAGS $CXXFLAGS_EXTRA" diff --git a/projects/gdk-pixbuf/Dockerfile b/projects/gdk-pixbuf/Dockerfile index e93ae2f20417..27129ef486b6 100644 --- a/projects/gdk-pixbuf/Dockerfile +++ b/projects/gdk-pixbuf/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y ffmpeg python3-pip gtk-doc-tools libffi-dev RUN pip3 install meson==0.55.3 ninja diff --git a/projects/wpantund/Dockerfile b/projects/wpantund/Dockerfile index 7aa3e6244df7..c4cbe7c686d7 100644 --- a/projects/wpantund/Dockerfile +++ b/projects/wpantund/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get -y update \ && DEBIAN_FRONTEND=noninteractive \ From a9962850b8b8792b3511263550169ab33b360175 Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Thu, 4 Apr 2024 10:05:47 +0200 Subject: [PATCH 47/66] fluent-bit: Pin due to dwarf error --- projects/fluent-bit/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/fluent-bit/Dockerfile b/projects/fluent-bit/Dockerfile index 9c9d0e637355..e2e39aaf57b7 100755 --- a/projects/fluent-bit/Dockerfile +++ b/projects/fluent-bit/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make cmake flex bison libssl-dev libyaml-dev RUN git clone --depth 1 https://github.com/fluent/fluent-bit/ fluent-bit From a996f20b68d51a4f43bb4fe416efb15f664a9fda Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Thu, 4 Apr 2024 10:06:21 +0200 Subject: [PATCH 48/66] grpc-httpjson-transcoding: Pin due to /usr/bin/ld.gold: warning: Cannot export local symbol '__asan_extra_spill_area' --- projects/grpc-httpjson-transcoding/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/grpc-httpjson-transcoding/Dockerfile b/projects/grpc-httpjson-transcoding/Dockerfile index fecfd2f9ac93..d2d0ccc92a3a 100644 --- a/projects/grpc-httpjson-transcoding/Dockerfile +++ b/projects/grpc-httpjson-transcoding/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e MAINTAINER nareddyt@google.com RUN apt-get update && apt-get install python -y From 44c695dd5c16b4d2f92333cef9072c1fe22a69a1 Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Thu, 4 Apr 2024 10:21:27 +0200 Subject: [PATCH 49/66] envoy: Pin due to int-conversion error --- projects/envoy/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/envoy/Dockerfile b/projects/envoy/Dockerfile index 2b0ec708aa7a..97aa6d5022ab 100644 --- a/projects/envoy/Dockerfile +++ b/projects/envoy/Dockerfile @@ -15,7 +15,7 @@ ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get -y install \ build-essential \ From ac951796befb92f666705bffa8b1ad3311e116b3 Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Thu, 4 Apr 2024 10:49:02 +0200 Subject: [PATCH 50/66] Pin 32-bit build failures --- projects/lua/Dockerfile | 2 +- projects/proj4/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/projects/lua/Dockerfile b/projects/lua/Dockerfile index 9fcd066af67b..7b9ad1951371 100644 --- a/projects/lua/Dockerfile +++ b/projects/lua/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN git clone https://github.com/ligurio/lua-c-api-tests testdir WORKDIR testdir RUN git clone --depth 1 --jobs $(nproc) https://github.com/ligurio/lua-c-api-corpus corpus_dir diff --git a/projects/proj4/Dockerfile b/projects/proj4/Dockerfile index 70ea99bdfc3c..50a41748a6ba 100644 --- a/projects/proj4/Dockerfile +++ b/projects/proj4/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && \ apt-get install -y make autoconf automake libtool g++ sqlite3 pkg-config wget From 1fa5335485acba46d7344b5c699b6aa9f944611a Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Thu, 4 Apr 2024 10:51:08 +0200 Subject: [PATCH 51/66] -Wno-error=incompatible-function-pointer-types --- infra/base-images/base-clang/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/infra/base-images/base-clang/Dockerfile b/infra/base-images/base-clang/Dockerfile index b83eb349819c..f8b5076f63b0 100644 --- a/infra/base-images/base-clang/Dockerfile +++ b/infra/base-images/base-clang/Dockerfile @@ -58,8 +58,8 @@ ENV CCC "clang++" # The implicit-function-declaration and implicit-int errors are downgraded to a # warning, to allow compiling legacy code. # See https://releases.llvm.org/16.0.0/tools/clang/docs/ReleaseNotes.html#potentially-breaking-changes -# Same for vla-cxx-extension, deprecated-declarations, int-conversion +# Same for vla-cxx-extension, deprecated-declarations, int-conversion, incompatible-function-pointer-types -ENV CFLAGS "-O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=int-conversion -Wno-error=deprecated-declarations -Wno-error=vla-cxx-extension -Wno-error=implicit-function-declaration -Wno-error=implicit-int -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" +ENV CFLAGS "-O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=incompatible-function-pointer-types -Wno-error=int-conversion -Wno-error=deprecated-declarations -Wno-error=vla-cxx-extension -Wno-error=implicit-function-declaration -Wno-error=implicit-int -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" ENV CXXFLAGS_EXTRA "-stdlib=libc++" ENV CXXFLAGS "$CFLAGS $CXXFLAGS_EXTRA" From d083d8b54773914fafdd71c073e054f1b3aa40d0 Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Thu, 4 Apr 2024 11:18:59 +0200 Subject: [PATCH 52/66] enum-constexpr-conversion --- infra/base-images/base-clang/Dockerfile | 5 +++-- projects/osquery/Dockerfile | 2 +- projects/quantlib/Dockerfile | 2 +- projects/thrift/Dockerfile | 2 +- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/infra/base-images/base-clang/Dockerfile b/infra/base-images/base-clang/Dockerfile index f8b5076f63b0..5f817502f928 100644 --- a/infra/base-images/base-clang/Dockerfile +++ b/infra/base-images/base-clang/Dockerfile @@ -58,8 +58,9 @@ ENV CCC "clang++" # The implicit-function-declaration and implicit-int errors are downgraded to a # warning, to allow compiling legacy code. # See https://releases.llvm.org/16.0.0/tools/clang/docs/ReleaseNotes.html#potentially-breaking-changes -# Same for vla-cxx-extension, deprecated-declarations, int-conversion, incompatible-function-pointer-types +# Same for vla-cxx-extension, deprecated-declarations, int-conversion, +# incompatible-function-pointer-types, enum-constexpr-conversion -ENV CFLAGS "-O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=incompatible-function-pointer-types -Wno-error=int-conversion -Wno-error=deprecated-declarations -Wno-error=vla-cxx-extension -Wno-error=implicit-function-declaration -Wno-error=implicit-int -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" +ENV CFLAGS "-O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=enum-constexpr-conversion -Wno-error=incompatible-function-pointer-types -Wno-error=int-conversion -Wno-error=deprecated-declarations -Wno-error=vla-cxx-extension -Wno-error=implicit-function-declaration -Wno-error=implicit-int -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" ENV CXXFLAGS_EXTRA "-stdlib=libc++" ENV CXXFLAGS "$CFLAGS $CXXFLAGS_EXTRA" diff --git a/projects/osquery/Dockerfile b/projects/osquery/Dockerfile index b086e0c3cdd5..f01fa08c8a77 100755 --- a/projects/osquery/Dockerfile +++ b/projects/osquery/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update RUN apt-get install -y --no-install-recommends python python3 bison flex make wget xz-utils libunwind-dev lsb-release build-essential libssl-dev diff --git a/projects/quantlib/Dockerfile b/projects/quantlib/Dockerfile index 7f29efce7315..6f99760edb12 100644 --- a/projects/quantlib/Dockerfile +++ b/projects/quantlib/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y cmake ninja-build libboost-dev RUN git clone --depth 1 https://github.com/lballabio/QuantLib.git quantlib WORKDIR quantlib diff --git a/projects/thrift/Dockerfile b/projects/thrift/Dockerfile index f0ee82fe4a55..f6694170045a 100644 --- a/projects/thrift/Dockerfile +++ b/projects/thrift/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder # We use compile_go_fuzzer in this set up and also go itself FROM gcr.io/oss-fuzz-base/base-builder-go From 659d1e6093feb7f52fcbce3ab5257aa24152b89c Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Thu, 4 Apr 2024 11:58:40 +0200 Subject: [PATCH 53/66] pin orbit due to conan setting --- projects/orbit/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/orbit/Dockerfile b/projects/orbit/Dockerfile index dedbc494a8ef..ab502580bd46 100644 --- a/projects/orbit/Dockerfile +++ b/projects/orbit/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y m4 libglu1-mesa-dev mesa-common-dev \ libxmu-dev libxi-dev pkg-config libxxf86vm-dev patchelf From 8a14a29d0f4b0cdfc0fcd9121f45280f90e79a1f Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Thu, 4 Apr 2024 12:00:13 +0200 Subject: [PATCH 54/66] pin hdf5 due to dwarf error --- projects/hdf5/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/hdf5/Dockerfile b/projects/hdf5/Dockerfile index 7f4b9c570073..7f595fe3c883 100644 --- a/projects/hdf5/Dockerfile +++ b/projects/hdf5/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake libtool \ pkg-config cmake zlib1g-dev RUN git clone --depth 1 https://github.com/HDFGroup/hdf5 From 601eb97bacfb0d001131df7e3d40e707333bc35b Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Thu, 4 Apr 2024 12:11:49 +0200 Subject: [PATCH 55/66] UBSAN_CALLS_THRESHOLD_FOR_UBSAN_BUILD=168 I determined the value via: $ python infra/helper.py check_build --sanitizer undefined --engine libfuzzer --architecture x86_64 vulnerable-project INFO:__main__:Running: docker run --rm --privileged --shm-size=2g --platform linux/amd64 -i -e FUZZING_ENGINE=libfuzzer -e SANITIZER=undefined -e ARCHITECTURE=x86_64 -e FUZZING_LANGUAGE=c++ -e HELPER=True -v /root/oss-fuzz/build/out/vulnerable-project:/out -t gcr.io/oss-fuzz-base/base-runner test_all.py. INFO: performing bad build checks for /tmp/not-out/tmpscntlbk6/vulnerable Retrying failed fuzz targets sequentially 1 INFO: performing bad build checks for /tmp/not-out/tmpscntlbk6/vulnerable Broken fuzz targets 1 ('/tmp/not-out/tmpscntlbk6/vulnerable', CompletedProcess(args=['bad_build_check', '/tmp/not-out/tmpscntlbk6/vulnerable'], returncode=1, stdout=b'BAD BUILD: /tmp/not-out/tmpscntlbk6/vulnerable seems to have only partial coverage instrumentation.\nBAD BUILD: /tmp/not-out/tmpscntlbk6/vulnerable does not seem to be compiled with UBSan.\n', stderr=b"+ MIN_NUMBER_OF_RUNS=4\n+ THRESHOLD_FOR_NUMBER_OF_EDGES=100\n+ THRESHOLD_FOR_NUMBER_OF_FUNCTIONS=2\n+ ASAN_CALLS_THRESHOLD_FOR_ASAN_BUILD=1000\n+ ASAN_CALLS_THRESHOLD_FOR_NON_ASAN_BUILD=0\n+ DFSAN_CALLS_THRESHOLD_FOR_DFSAN_BUILD=100\n+ DFSAN_CALLS_THRESHOLD_FOR_NON_DFSAN_BUILD=0\n+ MSAN_CALLS_THRESHOLD_FOR_MSAN_BUILD=1000\n+ MSAN_CALLS_THRESHOLD_FOR_NON_MSAN_BUILD=3\n+ UBSAN_CALLS_THRESHOLD_FOR_UBSAN_BUILD=169\n+ UBSAN_CALLS_THRESHOLD_FOR_NON_UBSAN_BUILD=200\n+ [[ x86_64 == \\i\\3\\8\\6 ]]\n+ '[' 1 -ne 1 -a 1 -ne 2 ']'\n+ FUZZER=/tmp/not-out/tmpscntlbk6/vulnerable\n+ AUXILIARY_FUZZER=\n+ main /tmp/not-out/tmpscntlbk6/vulnerable\n+ local FUZZER=/tmp/not-out/tmpscntlbk6/vulnerable\n+ local AUXILIARY_FUZZER=\n+ local checks_failed=0\n+ local result=0\n+ export RUN_FUZZER_MODE=batch\n+ RUN_FUZZER_MODE=batch\n+ check_engine /tmp/not-out/tmpscntlbk6/vulnerable\n+ local FUZZER=/tmp/not-out/tmpscntlbk6/vulnerable\n++ basename /tmp/not-out/tmpscntlbk6/vulnerable\n+ local FUZZER_NAME=vulnerable\n+ local FUZZER_OUTPUT=/tmp/vulnerable.output\n+ local CHECK_FAILED=0\n+ [[ libfuzzer == libfuzzer ]]\n+ /tmp/not-out/tmpscntlbk6/vulnerable -seed=1337 -runs=4\n++ egrep 'ERROR: no interesting inputs were found. Is the code instrumented' -c /tmp/vulnerable.output\n+ CHECK_FAILED=0\n+ (( 0 > 0 ))\n++ grep -Po 'INFO: Loaded [[:digit:]]+ module.*\\(.*(counters|guards)\\):[[:space:]]+\\K[[:digit:]]+' /tmp/vulnerable.output\n+ local NUMBER_OF_EDGES=18\n+ [[ -z 18 ]]\n+ (( 18 < 100 ))\n+ echo 'BAD BUILD: /tmp/not-out/tmpscntlbk6/vulnerable seems to have only partial coverage instrumentation.'\n+ return 0\n+ result=0\n+ checks_failed=0\n+ check_architecture /tmp/not-out/tmpscntlbk6/vulnerable\n+ local FUZZER=/tmp/not-out/tmpscntlbk6/vulnerable\n++ basename /tmp/not-out/tmpscntlbk6/vulnerable\n+ local FUZZER_NAME=vulnerable\n+ '[' c++ = jvm ']'\n+ '[' c++ = javascript ']'\n+ '[' c++ = python ']'\n+ [[ /tmp/not-out/tmpscntlbk6/vulnerable == *\\@* ]]\n++ file /tmp/not-out/tmpscntlbk6/vulnerable\n+ FILE_OUTPUT='/tmp/not-out/tmpscntlbk6/vulnerable: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, with debug_info, not stripped'\n+ [[ x86_64 == \\x\\8\\6\\_\\6\\4 ]]\n+ echo /tmp/not-out/tmpscntlbk6/vulnerable: ELF 64-bit LSB shared object, x86-64, version 1 '(SYSV),' dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, with debug_info, not stripped\n+ grep x86-64\n+ result=0\n+ [[ 0 != 0 ]]\n+ return 0\n+ result=0\n+ checks_failed=0\n+ [[ libfuzzer == centipede ]]\n+ check_mixed_sanitizers /tmp/not-out/tmpscntlbk6/vulnerable\n+ local FUZZER=/tmp/not-out/tmpscntlbk6/vulnerable\n+ local result=0\n+ local CALL_INSN=\n+ '[' c++ = jvm ']'\n+ '[' c++ = javascript ']'\n+ '[' c++ = python ']'\n+ [[ /tmp/not-out/tmpscntlbk6/vulnerable == *\\@* ]]\n+ CALL_INSN=\n+ [[ x86_64 == \\x\\8\\6\\_\\6\\4 ]]\n+ CALL_INSN='callq?\\s+[0-9a-f]+\\s+<'\n++ objdump -dC /tmp/not-out/tmpscntlbk6/vulnerable\n++ egrep 'callq?\\s+[0-9a-f]+\\s+<__asan' -c\n+ local ASAN_CALLS=0\n++ objdump -dC /tmp/not-out/tmpscntlbk6/vulnerable\n++ egrep 'callq?\\s+[0-9a-f]+\\s+<__dfsan' -c\n+ local DFSAN_CALLS=0\n++ objdump -dC /tmp/not-out/tmpscntlbk6/vulnerable\n++ egrep 'callq?\\s+[0-9a-f]+\\s+<__msan' -c\n+ local MSAN_CALLS=0\n++ objdump -dC /tmp/not-out/tmpscntlbk6/vulnerable\n++ egrep 'callq?\\s+[0-9a-f]+\\s+<__ubsan' -c\n+ local UBSAN_CALLS=168\n+ [[ undefined = address ]]\n+ [[ undefined = dataflow ]]\n+ [[ undefined = memory ]]\n+ [[ undefined = undefined ]]\n+ check_ubsan_build /tmp/not-out/tmpscntlbk6/vulnerable 0 0 0 168\n+ local FUZZER=/tmp/not-out/tmpscntlbk6/vulnerable\n+ local ASAN_CALLS=0\n+ local DFSAN_CALLS=0\n+ local MSAN_CALLS=0\n+ local UBSAN_CALLS=168\n+ [[ libfuzzer != libfuzzer ]]\n+ (( 0 > 0 ))\n+ (( 0 > 0 ))\n+ (( 0 > 3 ))\n+ (( 168 < 169 ))\n+ echo 'BAD BUILD: /tmp/not-out/tmpscntlbk6/vulnerable does not seem to be compiled with UBSan.'\n+ return 1\n+ result=1\n+ return 1\n+ result=1\n+ checks_failed=1\n+ check_startup_crash /tmp/not-out/tmpscntlbk6/vulnerable\n+ local FUZZER=/tmp/not-out/tmpscntlbk6/vulnerable\n++ basename /tmp/not-out/tmpscntlbk6/vulnerable\n+ local FUZZER_NAME=vulnerable\n+ local FUZZER_OUTPUT=/tmp/vulnerable.output\n+ local CHECK_PASSED=0\n+ [[ libfuzzer = libfuzzer ]]\n+ SKIP_SEED_CORPUS=1\n+ run_fuzzer vulnerable -seed=1337 -runs=4\n++ egrep 'Done 4 runs' -c /tmp/vulnerable.output\n+ CHECK_PASSED=1\n+ '[' 1 -eq 0 ']'\n+ return 0\n+ result=0\n+ checks_failed=1\n+ return 1\n+ exit 1\n")) BAD BUILD: /tmp/not-out/tmpscntlbk6/vulnerable seems to have only partial coverage instrumentation. BAD BUILD: /tmp/not-out/tmpscntlbk6/vulnerable does not seem to be compiled with UBSan. + MIN_NUMBER_OF_RUNS=4 + THRESHOLD_FOR_NUMBER_OF_EDGES=100 + THRESHOLD_FOR_NUMBER_OF_FUNCTIONS=2 + ASAN_CALLS_THRESHOLD_FOR_ASAN_BUILD=1000 + ASAN_CALLS_THRESHOLD_FOR_NON_ASAN_BUILD=0 + DFSAN_CALLS_THRESHOLD_FOR_DFSAN_BUILD=100 + DFSAN_CALLS_THRESHOLD_FOR_NON_DFSAN_BUILD=0 + MSAN_CALLS_THRESHOLD_FOR_MSAN_BUILD=1000 + MSAN_CALLS_THRESHOLD_FOR_NON_MSAN_BUILD=3 + UBSAN_CALLS_THRESHOLD_FOR_UBSAN_BUILD=169 + UBSAN_CALLS_THRESHOLD_FOR_NON_UBSAN_BUILD=200 + [[ x86_64 == \i\3\8\6 ]] + '[' 1 -ne 1 -a 1 -ne 2 ']' + FUZZER=/tmp/not-out/tmpscntlbk6/vulnerable + AUXILIARY_FUZZER= + main /tmp/not-out/tmpscntlbk6/vulnerable + local FUZZER=/tmp/not-out/tmpscntlbk6/vulnerable + local AUXILIARY_FUZZER= + local checks_failed=0 + local result=0 + export RUN_FUZZER_MODE=batch + RUN_FUZZER_MODE=batch + check_engine /tmp/not-out/tmpscntlbk6/vulnerable + local FUZZER=/tmp/not-out/tmpscntlbk6/vulnerable ++ basename /tmp/not-out/tmpscntlbk6/vulnerable + local FUZZER_NAME=vulnerable + local FUZZER_OUTPUT=/tmp/vulnerable.output + local CHECK_FAILED=0 + [[ libfuzzer == libfuzzer ]] + /tmp/not-out/tmpscntlbk6/vulnerable -seed=1337 -runs=4 ++ egrep 'ERROR: no interesting inputs were found. Is the code instrumented' -c /tmp/vulnerable.output + CHECK_FAILED=0 + (( 0 > 0 )) ++ grep -Po 'INFO: Loaded [[:digit:]]+ module.*\(.*(counters|guards)\):[[:space:]]+\K[[:digit:]]+' /tmp/vulnerable.output + local NUMBER_OF_EDGES=18 + [[ -z 18 ]] + (( 18 < 100 )) + echo 'BAD BUILD: /tmp/not-out/tmpscntlbk6/vulnerable seems to have only partial coverage instrumentation.' + return 0 + result=0 + checks_failed=0 + check_architecture /tmp/not-out/tmpscntlbk6/vulnerable + local FUZZER=/tmp/not-out/tmpscntlbk6/vulnerable ++ basename /tmp/not-out/tmpscntlbk6/vulnerable + local FUZZER_NAME=vulnerable + '[' c++ = jvm ']' + '[' c++ = javascript ']' + '[' c++ = python ']' + [[ /tmp/not-out/tmpscntlbk6/vulnerable == *\@* ]] ++ file /tmp/not-out/tmpscntlbk6/vulnerable + FILE_OUTPUT='/tmp/not-out/tmpscntlbk6/vulnerable: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, with debug_info, not stripped' + [[ x86_64 == \x\8\6\_\6\4 ]] + echo /tmp/not-out/tmpscntlbk6/vulnerable: ELF 64-bit LSB shared object, x86-64, version 1 '(SYSV),' dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, with debug_info, not stripped + grep x86-64 + result=0 + [[ 0 != 0 ]] + return 0 + result=0 + checks_failed=0 + [[ libfuzzer == centipede ]] + check_mixed_sanitizers /tmp/not-out/tmpscntlbk6/vulnerable + local FUZZER=/tmp/not-out/tmpscntlbk6/vulnerable + local result=0 + local CALL_INSN= + '[' c++ = jvm ']' + '[' c++ = javascript ']' + '[' c++ = python ']' + [[ /tmp/not-out/tmpscntlbk6/vulnerable == *\@* ]] + CALL_INSN= + [[ x86_64 == \x\8\6\_\6\4 ]] + CALL_INSN='callq?\s+[0-9a-f]+\s+<' ++ objdump -dC /tmp/not-out/tmpscntlbk6/vulnerable ++ egrep 'callq?\s+[0-9a-f]+\s+<__asan' -c + local ASAN_CALLS=0 ++ objdump -dC /tmp/not-out/tmpscntlbk6/vulnerable ++ egrep 'callq?\s+[0-9a-f]+\s+<__dfsan' -c + local DFSAN_CALLS=0 ++ objdump -dC /tmp/not-out/tmpscntlbk6/vulnerable ++ egrep 'callq?\s+[0-9a-f]+\s+<__msan' -c + local MSAN_CALLS=0 ++ objdump -dC /tmp/not-out/tmpscntlbk6/vulnerable ++ egrep 'callq?\s+[0-9a-f]+\s+<__ubsan' -c + local UBSAN_CALLS=168 + [[ undefined = address ]] + [[ undefined = dataflow ]] + [[ undefined = memory ]] + [[ undefined = undefined ]] + check_ubsan_build /tmp/not-out/tmpscntlbk6/vulnerable 0 0 0 168 + local FUZZER=/tmp/not-out/tmpscntlbk6/vulnerable + local ASAN_CALLS=0 + local DFSAN_CALLS=0 + local MSAN_CALLS=0 + local UBSAN_CALLS=168 + [[ libfuzzer != libfuzzer ]] + (( 0 > 0 )) + (( 0 > 0 )) + (( 0 > 3 )) + (( 168 < 169 )) + echo 'BAD BUILD: /tmp/not-out/tmpscntlbk6/vulnerable does not seem to be compiled with UBSan.' + return 1 + result=1 + return 1 + result=1 + checks_failed=1 + check_startup_crash /tmp/not-out/tmpscntlbk6/vulnerable + local FUZZER=/tmp/not-out/tmpscntlbk6/vulnerable ++ basename /tmp/not-out/tmpscntlbk6/vulnerable + local FUZZER_NAME=vulnerable + local FUZZER_OUTPUT=/tmp/vulnerable.output + local CHECK_PASSED=0 + [[ libfuzzer = libfuzzer ]] + SKIP_SEED_CORPUS=1 + run_fuzzer vulnerable -seed=1337 -runs=4 ++ egrep 'Done 4 runs' -c /tmp/vulnerable.output + CHECK_PASSED=1 + '[' 1 -eq 0 ']' + return 0 + result=0 + checks_failed=1 + return 1 + exit 1 ERROR: 100.0% of fuzz targets seem to be broken. See the list above for a detailed information. ERROR:__main__:Check build failed. --- infra/base-images/base-runner/bad_build_check | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/infra/base-images/base-runner/bad_build_check b/infra/base-images/base-runner/bad_build_check index 53caf0dbcd17..8aa901db6c65 100755 --- a/infra/base-images/base-runner/bad_build_check +++ b/infra/base-images/base-runner/bad_build_check @@ -44,8 +44,8 @@ MSAN_CALLS_THRESHOLD_FOR_NON_MSAN_BUILD=3 # Usually, a non UBSan build (e.g. ASan) has 165 calls to UBSan runtime. The # majority of targets built with UBSan have 200+ UBSan calls, but there are # some very small targets that may have < 200 UBSan calls even in a UBSan build. -# Use the threshold value of 169 (slightly > 165) for UBSan build. -UBSAN_CALLS_THRESHOLD_FOR_UBSAN_BUILD=169 +# Use the threshold value of 168 (slightly > 165) for UBSan build. +UBSAN_CALLS_THRESHOLD_FOR_UBSAN_BUILD=168 # It would be risky to use the threshold value close to 165 for non UBSan build, # as UBSan runtime may change any time and thus we could have different number From 32fee35f162178c129b574bc43837e0c718fb1fa Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Thu, 4 Apr 2024 12:35:35 +0200 Subject: [PATCH 56/66] unpin projects --- infra/base-images/base-clang/Dockerfile | 6 ++++-- projects/freeimage/Dockerfile | 2 +- projects/msquic/Dockerfile | 2 +- projects/poppler/Dockerfile | 2 +- projects/readstat/Dockerfile | 2 +- projects/samba/Dockerfile | 2 +- projects/tinyusb/Dockerfile | 2 +- 7 files changed, 10 insertions(+), 8 deletions(-) diff --git a/infra/base-images/base-clang/Dockerfile b/infra/base-images/base-clang/Dockerfile index 5f817502f928..d750ef343ee1 100644 --- a/infra/base-images/base-clang/Dockerfile +++ b/infra/base-images/base-clang/Dockerfile @@ -59,8 +59,10 @@ ENV CCC "clang++" # warning, to allow compiling legacy code. # See https://releases.llvm.org/16.0.0/tools/clang/docs/ReleaseNotes.html#potentially-breaking-changes # Same for vla-cxx-extension, deprecated-declarations, int-conversion, -# incompatible-function-pointer-types, enum-constexpr-conversion +# incompatible-function-pointer-types, enum-constexpr-conversion, +# dynamic-exception-spec, invalid-unevaluated-string, unused-but-set-variable, +# strict-prototypes, missing-field-initializers -ENV CFLAGS "-O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=enum-constexpr-conversion -Wno-error=incompatible-function-pointer-types -Wno-error=int-conversion -Wno-error=deprecated-declarations -Wno-error=vla-cxx-extension -Wno-error=implicit-function-declaration -Wno-error=implicit-int -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" +ENV CFLAGS "-O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=missing-field-initializers -Wno-error=strict-prototypes -Wno-error=unused-but-set-variable -Wno-error=invalid-unevaluated-string -Wno-error=dynamic-exception-spec -Wno-error=enum-constexpr-conversion -Wno-error=incompatible-function-pointer-types -Wno-error=int-conversion -Wno-error=deprecated-declarations -Wno-error=vla-cxx-extension -Wno-error=implicit-function-declaration -Wno-error=implicit-int -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" ENV CXXFLAGS_EXTRA "-stdlib=libc++" ENV CXXFLAGS "$CFLAGS $CXXFLAGS_EXTRA" diff --git a/projects/freeimage/Dockerfile b/projects/freeimage/Dockerfile index a55afb7f30a1..3133e71a36a4 100644 --- a/projects/freeimage/Dockerfile +++ b/projects/freeimage/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool wget RUN svn checkout https://svn.code.sf.net/p/freeimage/svn/ freeimage-svn WORKDIR $SRC/freeimage-svn/FreeImage/trunk/ diff --git a/projects/msquic/Dockerfile b/projects/msquic/Dockerfile index ed5255a90999..ccfe429447c2 100644 --- a/projects/msquic/Dockerfile +++ b/projects/msquic/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder ADD https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb packages-microsoft-prod.deb RUN apt-get update && \ diff --git a/projects/poppler/Dockerfile b/projects/poppler/Dockerfile index 2afa41c16a7a..37140eeffe4e 100644 --- a/projects/poppler/Dockerfile +++ b/projects/poppler/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y wget autoconf automake libtool pkg-config gperf python RUN pip3 install meson ninja gyp-next diff --git a/projects/readstat/Dockerfile b/projects/readstat/Dockerfile index 07847fb8d4be..d68a1aebe6a2 100644 --- a/projects/readstat/Dockerfile +++ b/projects/readstat/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake gettext libtool zip zlib1g-dev RUN git clone --depth 1 https://github.com/WizardMac/ReadStat readstat diff --git a/projects/samba/Dockerfile b/projects/samba/Dockerfile index ed3bb5567330..3d3ee35adaf3 100644 --- a/projects/samba/Dockerfile +++ b/projects/samba/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN git clone https://gitlab.com/samba-team/samba samba RUN samba/lib/fuzzing/oss-fuzz/build_image.sh diff --git a/projects/tinyusb/Dockerfile b/projects/tinyusb/Dockerfile index ea89c10de043..1f2e7c00647f 100644 --- a/projects/tinyusb/Dockerfile +++ b/projects/tinyusb/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool # TODO: Update this to use hathath instead of this fork. From 1614e2f6ddb775da54bc32623ab67a15a151a06a Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Thu, 4 Apr 2024 12:43:25 +0200 Subject: [PATCH 57/66] Revert "unpin projects" This reverts commit 32fee35f162178c129b574bc43837e0c718fb1fa. --- infra/base-images/base-clang/Dockerfile | 6 ++---- projects/freeimage/Dockerfile | 2 +- projects/msquic/Dockerfile | 2 +- projects/poppler/Dockerfile | 2 +- projects/readstat/Dockerfile | 2 +- projects/samba/Dockerfile | 2 +- projects/tinyusb/Dockerfile | 2 +- 7 files changed, 8 insertions(+), 10 deletions(-) diff --git a/infra/base-images/base-clang/Dockerfile b/infra/base-images/base-clang/Dockerfile index d750ef343ee1..5f817502f928 100644 --- a/infra/base-images/base-clang/Dockerfile +++ b/infra/base-images/base-clang/Dockerfile @@ -59,10 +59,8 @@ ENV CCC "clang++" # warning, to allow compiling legacy code. # See https://releases.llvm.org/16.0.0/tools/clang/docs/ReleaseNotes.html#potentially-breaking-changes # Same for vla-cxx-extension, deprecated-declarations, int-conversion, -# incompatible-function-pointer-types, enum-constexpr-conversion, -# dynamic-exception-spec, invalid-unevaluated-string, unused-but-set-variable, -# strict-prototypes, missing-field-initializers +# incompatible-function-pointer-types, enum-constexpr-conversion -ENV CFLAGS "-O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=missing-field-initializers -Wno-error=strict-prototypes -Wno-error=unused-but-set-variable -Wno-error=invalid-unevaluated-string -Wno-error=dynamic-exception-spec -Wno-error=enum-constexpr-conversion -Wno-error=incompatible-function-pointer-types -Wno-error=int-conversion -Wno-error=deprecated-declarations -Wno-error=vla-cxx-extension -Wno-error=implicit-function-declaration -Wno-error=implicit-int -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" +ENV CFLAGS "-O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=enum-constexpr-conversion -Wno-error=incompatible-function-pointer-types -Wno-error=int-conversion -Wno-error=deprecated-declarations -Wno-error=vla-cxx-extension -Wno-error=implicit-function-declaration -Wno-error=implicit-int -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" ENV CXXFLAGS_EXTRA "-stdlib=libc++" ENV CXXFLAGS "$CFLAGS $CXXFLAGS_EXTRA" diff --git a/projects/freeimage/Dockerfile b/projects/freeimage/Dockerfile index 3133e71a36a4..a55afb7f30a1 100644 --- a/projects/freeimage/Dockerfile +++ b/projects/freeimage/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake libtool wget RUN svn checkout https://svn.code.sf.net/p/freeimage/svn/ freeimage-svn WORKDIR $SRC/freeimage-svn/FreeImage/trunk/ diff --git a/projects/msquic/Dockerfile b/projects/msquic/Dockerfile index ccfe429447c2..ed5255a90999 100644 --- a/projects/msquic/Dockerfile +++ b/projects/msquic/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e ADD https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb packages-microsoft-prod.deb RUN apt-get update && \ diff --git a/projects/poppler/Dockerfile b/projects/poppler/Dockerfile index 37140eeffe4e..2afa41c16a7a 100644 --- a/projects/poppler/Dockerfile +++ b/projects/poppler/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y wget autoconf automake libtool pkg-config gperf python RUN pip3 install meson ninja gyp-next diff --git a/projects/readstat/Dockerfile b/projects/readstat/Dockerfile index d68a1aebe6a2..07847fb8d4be 100644 --- a/projects/readstat/Dockerfile +++ b/projects/readstat/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake gettext libtool zip zlib1g-dev RUN git clone --depth 1 https://github.com/WizardMac/ReadStat readstat diff --git a/projects/samba/Dockerfile b/projects/samba/Dockerfile index 3d3ee35adaf3..ed3bb5567330 100644 --- a/projects/samba/Dockerfile +++ b/projects/samba/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN git clone https://gitlab.com/samba-team/samba samba RUN samba/lib/fuzzing/oss-fuzz/build_image.sh diff --git a/projects/tinyusb/Dockerfile b/projects/tinyusb/Dockerfile index 1f2e7c00647f..ea89c10de043 100644 --- a/projects/tinyusb/Dockerfile +++ b/projects/tinyusb/Dockerfile @@ -14,7 +14,7 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e RUN apt-get update && apt-get install -y make autoconf automake libtool # TODO: Update this to use hathath instead of this fork. From 0f72c7f7e73fb160d54f8286bc7f9cdb09c4590d Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Thu, 4 Apr 2024 13:00:28 +0200 Subject: [PATCH 58/66] Disable failing msan echo "{ 'ampproject': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-0aba63af-f97f-4267-8037-4ef20255b019.txt', 'aptos-core': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-f085c889-9df6-476f-ab27-5d736e165a4f.txt', 'arrow': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-f1f5e465-98a5-45a8-b374-393fdf0d0d60.txt', 'bignum-fuzzer': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-6083635a-3f72-444d-80ef-3a0a26670cf7.txt', 'bitcoin-core': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-8908958a-ccd9-4b5d-a7bb-2ee531a55c24.txt', 'boost': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-9aa4122e-6abc-4a63-a4a9-7b63640e31b4.txt', 'boost-json': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-1be5ef3e-0b29-497f-ac3e-767f93c5fac6.txt', 'brunsli': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-f5583c45-faa2-44d4-8b2f-b27e83c25588.txt', 'croaring': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-12b78d7a-4346-47d6-8109-5ede78fbad38.txt', 'crosvm': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-77751e82-3e71-48f6-b2f4-ae727b2d57ff.txt', 'cryptofuzz': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-8bc8a5ea-9bfb-421d-bfe9-911828e88741.txt', 'cryptsetup': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-bf77a9dc-080e-4e3b-ba89-cbaf65a54e61.txt', 'envoy': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-0d20bf28-2a86-4569-b3f6-9fe3a982fe55.txt', 'flatbuffers': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-95e0163b-a2c5-4cfe-8e1f-dcf521c125e0.txt', 'fluent-bit': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-44e092bc-a17c-4c70-b928-0dfacfd522e5.txt', 'freeimage': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-d6661966-7581-45a3-a739-3b734c78e114.txt', 'gdk-pixbuf': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-5c1309be-0911-41bf-9367-6c0686584aa8.txt', 'gnutls': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-b6399aa9-b7ba-494d-a317-fa86968f9bff.txt', 'grpc-httpjson-transcoding': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-c5d9348a-50d6-4d1f-9a7f-62f3b74bfde7.txt', 'grpc-swift': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-a546b7f5-8b9b-4ab3-ba73-96b939205528.txt', 'gstreamer': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-5294bfca-5896-4a62-b503-a41214d786dd.txt', 'hadoop': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-7adf92a8-e2d7-4f1c-8f23-9f811a8351f7.txt', 'hdf5': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-5ba8ebd3-3686-4fe7-a0b5-6d7e03bfcba6.txt', 'hunspell': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-46e640a5-de1c-4dcf-9812-d4f69c75dbbb.txt', 'jansi': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-c159725b-77cd-469b-841e-54d17291eba2.txt', 'jettison': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-bd1a6d19-e1ec-4944-a8fc-53fe0d982bb3.txt', 'json': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-2934fed0-ecd0-4bd9-800d-872b35e844e9.txt', 'kimageformats': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-5d0f6c23-845b-4a89-bc62-184b3eec4ffc.txt', 'knot-dns': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-502f58fd-d62b-4f42-b7c7-1878cd4df1d6.txt', 'leveldb': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-ae7a114e-6410-4bfb-a444-a068bdc9cc1c.txt', 'libavif': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-ffe75b3d-0f1a-48c5-b687-c9b47e2bf24b.txt', 'libecc': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-bca72181-cfb2-4b2f-98f1-c2addee0aa4b.txt', 'libfido2': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-64f6f45d-a700-42a0-9675-31f43e230e10.txt', 'libressl': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-db180642-1ff0-4223-91e6-3bf060adb174.txt', 'libultrahdr': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-c0b4a952-1726-4be3-9260-c4f9dd8c8550.txt', 'lua': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-e39e53e2-ce13-4754-8218-7048a5e4b736.txt', 'migtd': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-bccc5bba-c976-4fb7-a98c-2359d6a37835.txt', 'monero': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-b7f4c92c-91cb-4398-bd3d-212ec2765e8f.txt', 'mongoose': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-57ef8651-c8bf-44d2-a44e-d4385844837d.txt', 'msquic': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-494c9b6f-f4a2-4a88-b82c-3b4182c6e420.txt', 'nettle': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-e701b6fa-f3a0-414e-ad6e-0223e6d42ebd.txt', 'oak': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-9d32da56-cbed-47a9-9f2b-0ec927aee64d.txt', 'opennavsurf-bag': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-ba0d87bd-a741-4415-8fc3-c96fd151be8c.txt', 'pcapplusplus': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-1f13ef0f-0037-49c3-8d80-9b784f8f7589.txt', 'pcl': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-ab5a2af3-714a-4128-8592-c303aeb944ef.txt', 'php': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-d696e7e3-3995-4587-93d5-6a3a495c6c73.txt', 'powerdns': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-dd90b3cd-8abf-4d26-a9ef-671a3bcf4920.txt', 'proj4': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-3a3f7406-cea8-46d5-b14d-c8aaaa84f986.txt', 'quantlib': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-2062da72-afc5-4418-95cf-b6c94927069e.txt', 'rdf4j': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-5da37707-012d-465e-9c78-174db950ac7b.txt', 'readstat': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-8025367d-cb2c-4438-8da4-3be282b66587.txt', 'relic': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-0f11d5c7-bf6c-440f-8861-48c1ba79f4de.txt', 'rome': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-da74a231-d1ec-4c39-8ce7-604ffbee279c.txt', 'rust-lexical': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-ed12eb54-79ed-4cf3-ae69-b67bf3172051.txt', 's2geometry': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-d1550028-db2f-45ad-b9fa-da7c127c6954.txt', 'samba': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-eacc567d-7953-477c-9d22-22577a6eb478.txt', 'scipy': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-92c55d73-3f1e-428e-87f8-7defdcd6578c.txt', 'sketches-core': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-e0084fb2-a510-446c-b0cd-6ed9ebc1096e.txt', 'solidity': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-df8ad50b-0615-43ea-bfcd-c1c90874b34a.txt', 'spdm-rs': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-822fb40f-23ac-4d78-ace4-a22d9b04f1cf.txt', 'spicy': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-6cd32221-5444-4290-8dc7-b46a0b1c9c93.txt', 'spirv-tools': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-8e0fc9d7-ba92-4454-94f7-93c4223a30a6.txt', 'suricata': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-766d7f55-0523-4760-be0c-6c2d7f59dedd.txt', 'swift-nio': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-9bfb5d86-d255-46a4-aa84-debc07d954f1.txt', 'swift-protobuf': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-b9133259-ee38-4663-ad70-a5fe86f6e297.txt', 'tablesaw': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-2bb65e8d-cc74-410f-9c75-7ea80f1ad3d1.txt', 'tarantool': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-ca19c0f1-4c14-46e6-8629-dae0a2a1a64c.txt', 'td-shim': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-16ae04d2-83cf-41bd-a4be-f2b4ec52d0e9.txt', 'tinyusb': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-417021a1-ef19-4f88-acce-76bce0af28a7.txt', 'tungstenite-rs': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-be892186-bfeb-46c0-b93a-fe1c9b48646d.txt', 'unrar': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-0e63ea12-6919-4452-a96c-7dbe4c9811ae.txt', 'vtpm-td': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-cc350fb4-1db5-4ed2-8599-39472ca468e4.txt', 'vulnerable-project': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-73b3949a-af4d-405f-a61d-ef8bcedf878f.txt', 'wpantund': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-a0035ad8-8815-4a94-9a6a-825e52efc7dd.txt', 'xnu': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-779a6d10-e7f1-4feb-a108-1e53e6842c14.txt', 'frr': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-578d5cfd-98af-4f99-81cd-dba1f9849c8c.txt', 'libigl': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-1fb2e80c-1d08-443f-947d-57fde65a721f.txt', 'orbit': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-fb01fb49-2057-41b4-b4fb-6c684cbf5c52.txt', 'thrift': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-8f1934bf-9b56-46b2-b7d5-f872e92a1342.txt', 'undertow': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-fee1aabb-f60a-4a33-a96c-77328e965b34.txt', 'bearssl': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-86a9ca7b-98e8-4e7e-a138-16d4acacc17f.txt', 'bls-signatures': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-3cd81ff0-7552-4e87-973e-ff5da4520ad5.txt', 'exprtk': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-fbecbadc-e426-46cb-b2fc-be9012b5f1be.txt', 'libass': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-513ca43e-8181-4b8a-941f-3097e3969cc5.txt', 'poppler': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-f0a61dd9-892d-4284-a61b-2546c6628b91.txt', 'wasmer': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-eea663ee-fc5f-4572-90f9-a5c327e6aa4c.txt', 'gdal': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-70e475c5-67ca-468d-9f14-cae4fae694f3.txt', 'skia': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-8aacfca6-c946-4753-a977-d836fc3e334f.txt', 'imagemagick': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-b070b9c3-fcf2-4220-84f7-a99937964cc5.txt', 'graphicsmagick': 'https://oss-fuzz-gcb-logs.storage.googleapis.com/log-17b7b4f4-53de-4bd7-878c-d1240f276016.txt' }" | tr "'" '"' | jq -r 'to_entries[] | .key as $key | .value as $url | [$key, $url] | @tsv' | while IFS=$'\t' read -r key url; do curl -s "$url" | grep -q "build_fuzzers --sanitizer memory --engine libfuzzer --architecture x86_64" && echo "msan $key $value" && sed --regexp-extended -i "$(echo "s|- memory|# - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: $url|g" )" ./projects/$( echo $key )/project.yaml ; done --- projects/bearssl/project.yaml | 2 +- projects/bls-signatures/project.yaml | 2 +- projects/brunsli/project.yaml | 2 +- projects/croaring/project.yaml | 2 +- projects/cryptsetup/project.yaml | 2 +- projects/exprtk/project.yaml | 2 +- projects/flatbuffers/project.yaml | 2 +- projects/graphicsmagick/project.yaml | 4 ++-- projects/hunspell/project.yaml | 2 +- projects/imagemagick/project.yaml | 2 +- projects/json/project.yaml | 2 +- projects/libfido2/project.yaml | 2 +- projects/libigl/project.yaml | 2 +- projects/libultrahdr/project.yaml | 2 +- projects/opennavsurf-bag/project.yaml | 2 +- projects/pcapplusplus/project.yaml | 2 +- projects/skia/project.yaml | 2 +- projects/spirv-tools/project.yaml | 2 +- projects/unrar/project.yaml | 2 +- 19 files changed, 20 insertions(+), 20 deletions(-) diff --git a/projects/bearssl/project.yaml b/projects/bearssl/project.yaml index bfc57e5f29fa..12ae437c5061 100644 --- a/projects/bearssl/project.yaml +++ b/projects/bearssl/project.yaml @@ -7,7 +7,7 @@ auto_ccs: sanitizers: - address - undefined - - memory + # - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-86a9ca7b-98e8-4e7e-a138-16d4acacc17f.txt architectures: - x86_64 - i386 diff --git a/projects/bls-signatures/project.yaml b/projects/bls-signatures/project.yaml index 4b192dc8a4f6..38df54701eb4 100644 --- a/projects/bls-signatures/project.yaml +++ b/projects/bls-signatures/project.yaml @@ -5,7 +5,7 @@ main_repo: "https://github.com/supranational/blst.git" sanitizers: - address - undefined - - memory + # - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-3cd81ff0-7552-4e87-973e-ff5da4520ad5.txt architectures: - x86_64 - i386 diff --git a/projects/brunsli/project.yaml b/projects/brunsli/project.yaml index ea901916fbe0..0cf4cf4017f6 100644 --- a/projects/brunsli/project.yaml +++ b/projects/brunsli/project.yaml @@ -6,7 +6,7 @@ vendor_ccs: - "twsmith@mozilla.com" sanitizers: - address - - memory + # - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-f5583c45-faa2-44d4-8b2f-b27e83c25588.txt - undefined architectures: - x86_64 diff --git a/projects/croaring/project.yaml b/projects/croaring/project.yaml index 9d580472d00c..8f52cff72ddf 100644 --- a/projects/croaring/project.yaml +++ b/projects/croaring/project.yaml @@ -7,7 +7,7 @@ auto_ccs: sanitizers: - address - undefined - - memory: + # - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-12b78d7a-4346-47d6-8109-5ede78fbad38.txt: experimental: True main_repo: "https://github.com/RoaringBitmap/CRoaring" fuzzing_engines: diff --git a/projects/cryptsetup/project.yaml b/projects/cryptsetup/project.yaml index c446c0e86eb9..2546b4258e4e 100644 --- a/projects/cryptsetup/project.yaml +++ b/projects/cryptsetup/project.yaml @@ -8,7 +8,7 @@ auto_ccs: - daniel.zatovic@gmail.com sanitizers: - address - - memory + # - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-bf77a9dc-080e-4e3b-ba89-cbaf65a54e61.txt - undefined architectures: - x86_64 diff --git a/projects/exprtk/project.yaml b/projects/exprtk/project.yaml index ac0747e76066..369610b50e4a 100644 --- a/projects/exprtk/project.yaml +++ b/projects/exprtk/project.yaml @@ -10,5 +10,5 @@ fuzzing_engines: sanitizers: - address - undefined - - memory + # - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-fbecbadc-e426-46cb-b2fc-be9012b5f1be.txt main_repo: 'https://github.com/ArashPartow/exprtk.git' diff --git a/projects/flatbuffers/project.yaml b/projects/flatbuffers/project.yaml index 59de9ac5ad24..337fad5e1a8e 100644 --- a/projects/flatbuffers/project.yaml +++ b/projects/flatbuffers/project.yaml @@ -6,7 +6,7 @@ auto_ccs: - "vglavnyy@gmail.com" sanitizers: - address - - memory + # - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-95e0163b-a2c5-4cfe-8e1f-dcf521c125e0.txt - undefined main_repo: 'https://github.com/google/flatbuffers' file_github_issue: True diff --git a/projects/graphicsmagick/project.yaml b/projects/graphicsmagick/project.yaml index e432a5ab9469..c3e73db42d69 100644 --- a/projects/graphicsmagick/project.yaml +++ b/projects/graphicsmagick/project.yaml @@ -8,9 +8,9 @@ auto_ccs: - paul.l.kehrer@gmail.com sanitizers: - address - - memory + # - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-17b7b4f4-53de-4bd7-878c-d1240f276016.txt # Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294 -# - memory +# # - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-17b7b4f4-53de-4bd7-878c-d1240f276016.txt architectures: - x86_64 - i386 diff --git a/projects/hunspell/project.yaml b/projects/hunspell/project.yaml index 76d82ab6f83f..e57d5615721c 100644 --- a/projects/hunspell/project.yaml +++ b/projects/hunspell/project.yaml @@ -5,7 +5,7 @@ vendor_ccs: - "twsmith@mozilla.com" sanitizers: - address - - memory + # - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-46e640a5-de1c-4dcf-9812-d4f69c75dbbb.txt - undefined architectures: - i386 diff --git a/projects/imagemagick/project.yaml b/projects/imagemagick/project.yaml index 4ae485ffd499..1deceae42649 100644 --- a/projects/imagemagick/project.yaml +++ b/projects/imagemagick/project.yaml @@ -8,6 +8,6 @@ auto_ccs: - jon.sneyers@gmail.com sanitizers: - address - - memory + # - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-b070b9c3-fcf2-4220-84f7-a99937964cc5.txt - undefined main_repo: 'https://github.com/imagemagick/imagemagick' diff --git a/projects/json/project.yaml b/projects/json/project.yaml index f4cf4e510637..abd3b8061369 100644 --- a/projects/json/project.yaml +++ b/projects/json/project.yaml @@ -6,7 +6,7 @@ auto_ccs: sanitizers: - address - undefined - - memory + # - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-2934fed0-ecd0-4bd9-800d-872b35e844e9.txt main_repo: 'https://github.com/nlohmann/json.git' fuzzing_engines: diff --git a/projects/libfido2/project.yaml b/projects/libfido2/project.yaml index 477262236f2b..f632ec276172 100644 --- a/projects/libfido2/project.yaml +++ b/projects/libfido2/project.yaml @@ -10,7 +10,7 @@ auto_ccs: sanitizers: - address - undefined - - memory + # - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-64f6f45d-a700-42a0-9675-31f43e230e10.txt fuzzing_engines: - libfuzzer - honggfuzz diff --git a/projects/libigl/project.yaml b/projects/libigl/project.yaml index f11cdc4dbdc1..bd5c4329b5e8 100644 --- a/projects/libigl/project.yaml +++ b/projects/libigl/project.yaml @@ -6,7 +6,7 @@ auto_ccs: sanitizers: - address - undefined - - memory + # - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-1fb2e80c-1d08-443f-947d-57fde65a721f.txt main_repo: "https://github.com/libigl/libigl" fuzzing_engines: diff --git a/projects/libultrahdr/project.yaml b/projects/libultrahdr/project.yaml index f62813821982..6bdee7bcaa3e 100644 --- a/projects/libultrahdr/project.yaml +++ b/projects/libultrahdr/project.yaml @@ -3,7 +3,7 @@ language: c++ primary_contact: "dichenzhang@google.com" sanitizers: - address - - memory + # - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-c0b4a952-1726-4be3-9260-c4f9dd8c8550.txt - undefined: experimental: True auto_ccs: diff --git a/projects/opennavsurf-bag/project.yaml b/projects/opennavsurf-bag/project.yaml index aa374aaca480..adeb9a9d280e 100644 --- a/projects/opennavsurf-bag/project.yaml +++ b/projects/opennavsurf-bag/project.yaml @@ -14,4 +14,4 @@ main_repo: 'https://github.com/OpenNavigationSurface/BAG' sanitizers: - address - undefined - - memory + # - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-ba0d87bd-a741-4415-8fc3-c96fd151be8c.txt diff --git a/projects/pcapplusplus/project.yaml b/projects/pcapplusplus/project.yaml index 231bf016707c..2d361ee0cf19 100644 --- a/projects/pcapplusplus/project.yaml +++ b/projects/pcapplusplus/project.yaml @@ -10,7 +10,7 @@ fuzzing_engines: - libfuzzer sanitizers: - address - - memory + # - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-1f13ef0f-0037-49c3-8d80-9b784f8f7589.txt - undefined main_repo: 'https://github.com/seladb/PcapPlusPlus' coverage_extra_args: -ignore-filename-regex=/libpcap/ -ignore-filename-regex=/PcapPlusPlus/3rdParty/ diff --git a/projects/skia/project.yaml b/projects/skia/project.yaml index 34c8426e6d81..d952eb77963c 100644 --- a/projects/skia/project.yaml +++ b/projects/skia/project.yaml @@ -19,7 +19,7 @@ vendor_ccs: sanitizers: - address - undefined - - memory + # - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-8aacfca6-c946-4753-a977-d836fc3e334f.txt help_url: "https://skia.org/docs/dev/testing/fuzz/" builds_per_day: 4 main_repo: 'https://skia.googlesource.com/skia.git' diff --git a/projects/spirv-tools/project.yaml b/projects/spirv-tools/project.yaml index 2455c338f090..075bb1a7309e 100644 --- a/projects/spirv-tools/project.yaml +++ b/projects/spirv-tools/project.yaml @@ -8,7 +8,7 @@ auto_ccs: - "nathangauer@google.com" sanitizers: - address - - memory + # - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-8e0fc9d7-ba92-4454-94f7-93c4223a30a6.txt - undefined main_repo: 'https://github.com/KhronosGroup/SPIRV-Tools.git' architectures: diff --git a/projects/unrar/project.yaml b/projects/unrar/project.yaml index 09c4340260fa..23c4ef649eb7 100644 --- a/projects/unrar/project.yaml +++ b/projects/unrar/project.yaml @@ -6,7 +6,7 @@ auto_ccs: - "drubery@chromium.org" sanitizers: - address - - memory + # - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-0e63ea12-6919-4452-a96c-7dbe4c9811ae.txt - undefined main_repo: 'https://github.com/aawc/unrar.git' From 53d96abc8ff7f3886e92a1879b1be6545b960eb1 Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Thu, 4 Apr 2024 13:10:16 +0200 Subject: [PATCH 59/66] format --- projects/croaring/project.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/croaring/project.yaml b/projects/croaring/project.yaml index 8f52cff72ddf..a74d2ab3dc89 100644 --- a/projects/croaring/project.yaml +++ b/projects/croaring/project.yaml @@ -8,7 +8,7 @@ sanitizers: - address - undefined # - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-12b78d7a-4346-47d6-8109-5ede78fbad38.txt: - experimental: True + # experimental: True main_repo: "https://github.com/RoaringBitmap/CRoaring" fuzzing_engines: - libfuzzer From 5e168fe1b3a3cb7052bd7322b74fb8ff878c8d8a Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Thu, 4 Apr 2024 13:20:59 +0200 Subject: [PATCH 60/66] Pin afl link errors --- projects/bignum-fuzzer/Dockerfile | 3 ++- projects/cryptofuzz/Dockerfile | 3 ++- projects/libecc/Dockerfile | 3 ++- projects/libressl/Dockerfile | 3 ++- projects/nettle/Dockerfile | 3 ++- 5 files changed, 10 insertions(+), 5 deletions(-) diff --git a/projects/bignum-fuzzer/Dockerfile b/projects/bignum-fuzzer/Dockerfile index 0a434afa4c8f..93e35e393142 100644 --- a/projects/bignum-fuzzer/Dockerfile +++ b/projects/bignum-fuzzer/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! Project pinned after a clang update and an afl link error. Log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-6083635a-3f72-444d-80ef-3a0a26670cf7.txt RUN apt-get update && apt-get install -y software-properties-common curl sudo mercurial autoconf bison texinfo libboost-all-dev cmake wget lzip RUN wget https://go.dev/dl/go1.17.5.linux-amd64.tar.gz && rm -rf /usr/local/go && tar -C /usr/local -xzf go1.17.5.linux-amd64.tar.gz && ldconfig ENV PATH=$PATH:/usr/local/go/bin diff --git a/projects/cryptofuzz/Dockerfile b/projects/cryptofuzz/Dockerfile index 953a93ef4154..29e5413359d0 100644 --- a/projects/cryptofuzz/Dockerfile +++ b/projects/cryptofuzz/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust +FROM gcr.io/oss-fuzz-base/base-builder-rust@sha256:c5216a9896a598dced7ce6708bb3226e443473f567045b4f282595776cc641f1 +# ! Project pinned after a clang update and an afl link error. Log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-8bc8a5ea-9bfb-421d-bfe9-911828e88741.txt RUN apt-get update && \ apt-get install -y software-properties-common wget make autoconf automake libtool build-essential cmake mercurial gyp ninja-build zlib1g-dev libsqlite3-dev bison flex texinfo lzip bsdmainutils diff --git a/projects/libecc/Dockerfile b/projects/libecc/Dockerfile index 12ca162fe493..90b7e0999c77 100644 --- a/projects/libecc/Dockerfile +++ b/projects/libecc/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! Project pinned after a clang update and an afl link error. Log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-bca72181-cfb2-4b2f-98f1-c2addee0aa4b.txt RUN apt-get update && apt-get install -y make autoconf automake libtool wget python bison flex texinfo lzip bsdmainutils RUN git clone --depth 1 --branch cryptofuzz https://github.com/libecc/libecc.git RUN git clone --depth 1 https://github.com/randombit/botan.git diff --git a/projects/libressl/Dockerfile b/projects/libressl/Dockerfile index 38ab6bb41d3c..d3f69eb916a2 100644 --- a/projects/libressl/Dockerfile +++ b/projects/libressl/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! Project pinned after a clang update and an afl link error. Log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-db180642-1ff0-4223-91e6-3bf060adb174.txt RUN apt-get update && apt-get install -y make cmake wget autoconf automake libtool bison flex texinfo lzip RUN git clone --depth 1 https://github.com/libressl/portable.git libressl diff --git a/projects/nettle/Dockerfile b/projects/nettle/Dockerfile index 77feeeba1f7f..e751dc378392 100644 --- a/projects/nettle/Dockerfile +++ b/projects/nettle/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! Project pinned after a clang update and an afl link error. Log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-e701b6fa-f3a0-414e-ad6e-0223e6d42ebd.txt RUN apt-get install -y software-properties-common make autoconf build-essential wget lzip libtool python RUN git clone --depth 1 https://git.lysator.liu.se/nettle/nettle RUN git clone --depth 1 https://github.com/randombit/botan.git From 27148ba481e47fec3f6a1db8b5c921b68d61237d Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Thu, 4 Apr 2024 13:28:03 +0200 Subject: [PATCH 61/66] Add comment about the pin --- projects/ampproject/Dockerfile | 1 + projects/arrow/Dockerfile | 1 + projects/bitcoin-core/Dockerfile | 1 + projects/boost-json/Dockerfile | 1 + projects/boost/Dockerfile | 1 + projects/envoy/Dockerfile | 1 + projects/ffmpeg/Dockerfile | 1 + projects/fluent-bit/Dockerfile | 1 + projects/freeimage/Dockerfile | 1 + projects/gdal/Dockerfile | 1 + projects/gnutls/Dockerfile | 1 + projects/grpc-httpjson-transcoding/Dockerfile | 1 + projects/hdf5/Dockerfile | 1 + projects/kimageformats/Dockerfile | 1 + projects/knot-dns/Dockerfile | 1 + projects/leveldb/Dockerfile | 1 + projects/libavif/Dockerfile | 1 + projects/lua/Dockerfile | 1 + projects/monero/Dockerfile | 1 + projects/msquic/Dockerfile | 1 + projects/orbit/Dockerfile | 1 + projects/pcl/Dockerfile | 1 + projects/php/Dockerfile | 1 + projects/poppler/Dockerfile | 1 + projects/powerdns/Dockerfile | 1 + projects/proj4/Dockerfile | 1 + projects/quiche/Dockerfile | 1 + projects/readstat/Dockerfile | 1 + projects/rust-lexical/Dockerfile | 1 + projects/rustcrypto/Dockerfile | 1 + projects/s2geometry/Dockerfile | 1 + projects/samba/Dockerfile | 1 + projects/solidity/Dockerfile | 1 + projects/spicy/Dockerfile | 1 + projects/tensorflow-serving/Dockerfile | 1 + projects/tensorflow/Dockerfile | 1 + projects/tinyusb/Dockerfile | 1 + projects/tungstenite-rs/Dockerfile | 1 + projects/xnu/Dockerfile | 1 + 39 files changed, 39 insertions(+) diff --git a/projects/ampproject/Dockerfile b/projects/ampproject/Dockerfile index 6b48a9ba183b..86e67e38b53f 100644 --- a/projects/ampproject/Dockerfile +++ b/projects/ampproject/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install -y make autoconf automake libtool libomp-dev libgomp1 nodejs COPY build.sh *.diff $SRC/ diff --git a/projects/arrow/Dockerfile b/projects/arrow/Dockerfile index c0be4d2a7413..543a84105c78 100644 --- a/projects/arrow/Dockerfile +++ b/projects/arrow/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors ENV DEBIAN_FRONTEND noninteractive RUN apt-get update -y -q && \ diff --git a/projects/bitcoin-core/Dockerfile b/projects/bitcoin-core/Dockerfile index cd355402966a..981e6418dd02 100644 --- a/projects/bitcoin-core/Dockerfile +++ b/projects/bitcoin-core/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors # Packages taken from: # * https://github.com/bitcoin/bitcoin/blob/master/doc/build-unix.md#dependency-build-instructions diff --git a/projects/boost-json/Dockerfile b/projects/boost-json/Dockerfile index 33856a179e3a..c6f4dd83eaa5 100644 --- a/projects/boost-json/Dockerfile +++ b/projects/boost-json/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors #RUN apt-get update && apt-get install -y g++ RUN git clone --depth 1 --single-branch --branch master https://github.com/boostorg/boost.git diff --git a/projects/boost/Dockerfile b/projects/boost/Dockerfile index ef53b19cf05a..c8c001c141ee 100644 --- a/projects/boost/Dockerfile +++ b/projects/boost/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install -y g++ python RUN git clone --recursive https://github.com/boostorg/boost.git diff --git a/projects/envoy/Dockerfile b/projects/envoy/Dockerfile index 97aa6d5022ab..9211abb2aad3 100644 --- a/projects/envoy/Dockerfile +++ b/projects/envoy/Dockerfile @@ -16,6 +16,7 @@ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get -y install \ build-essential \ diff --git a/projects/ffmpeg/Dockerfile b/projects/ffmpeg/Dockerfile index f81f0f4d0a7d..196124db7ced 100644 --- a/projects/ffmpeg/Dockerfile +++ b/projects/ffmpeg/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install -y make autoconf libtool build-essential \ libass-dev:i386 libfreetype6-dev:i386 \ libvdpau-dev:i386 libxcb1-dev:i386 libxcb-shm0-dev:i386 libdrm-dev:i386 \ diff --git a/projects/fluent-bit/Dockerfile b/projects/fluent-bit/Dockerfile index e2e39aaf57b7..31d424a2cc25 100755 --- a/projects/fluent-bit/Dockerfile +++ b/projects/fluent-bit/Dockerfile @@ -14,6 +14,7 @@ # ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install -y make cmake flex bison libssl-dev libyaml-dev RUN git clone --depth 1 https://github.com/fluent/fluent-bit/ fluent-bit diff --git a/projects/freeimage/Dockerfile b/projects/freeimage/Dockerfile index a55afb7f30a1..98148e79160c 100644 --- a/projects/freeimage/Dockerfile +++ b/projects/freeimage/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install -y make autoconf automake libtool wget RUN svn checkout https://svn.code.sf.net/p/freeimage/svn/ freeimage-svn WORKDIR $SRC/freeimage-svn/FreeImage/trunk/ diff --git a/projects/gdal/Dockerfile b/projects/gdal/Dockerfile index 890eba8f7cf1..3d84751fab5d 100644 --- a/projects/gdal/Dockerfile +++ b/projects/gdal/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && \ apt-get install -y make autoconf automake libtool g++ curl cmake sqlite3 pkg-config diff --git a/projects/gnutls/Dockerfile b/projects/gnutls/Dockerfile index faa7ac8bd973..778233a4612a 100644 --- a/projects/gnutls/Dockerfile +++ b/projects/gnutls/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install -y \ make \ pkg-config \ diff --git a/projects/grpc-httpjson-transcoding/Dockerfile b/projects/grpc-httpjson-transcoding/Dockerfile index d2d0ccc92a3a..3b59c83abd21 100644 --- a/projects/grpc-httpjson-transcoding/Dockerfile +++ b/projects/grpc-httpjson-transcoding/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors MAINTAINER nareddyt@google.com RUN apt-get update && apt-get install python -y diff --git a/projects/hdf5/Dockerfile b/projects/hdf5/Dockerfile index 7f595fe3c883..ac8a4ea7df45 100644 --- a/projects/hdf5/Dockerfile +++ b/projects/hdf5/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install -y make autoconf automake libtool \ pkg-config cmake zlib1g-dev RUN git clone --depth 1 https://github.com/HDFGroup/hdf5 diff --git a/projects/kimageformats/Dockerfile b/projects/kimageformats/Dockerfile index 1e36c8982055..be426de36488 100644 --- a/projects/kimageformats/Dockerfile +++ b/projects/kimageformats/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install --yes cmake autoconf libtool pkg-config RUN git clone --depth 1 https://github.com/madler/zlib.git RUN git clone --depth 1 https://github.com/nih-at/libzip.git diff --git a/projects/knot-dns/Dockerfile b/projects/knot-dns/Dockerfile index b00ec89d3fc4..7ada5ffca913 100644 --- a/projects/knot-dns/Dockerfile +++ b/projects/knot-dns/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install -y \ autoconf \ autogen \ diff --git a/projects/leveldb/Dockerfile b/projects/leveldb/Dockerfile index 9d825fa40016..be8ce897d8cd 100644 --- a/projects/leveldb/Dockerfile +++ b/projects/leveldb/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install -y build-essential cmake gettext make RUN git clone --recurse-submodules https://github.com/google/leveldb.git diff --git a/projects/libavif/Dockerfile b/projects/libavif/Dockerfile index adf458009575..62acd2752296 100644 --- a/projects/libavif/Dockerfile +++ b/projects/libavif/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && \ apt-get install --no-install-recommends -y curl python3-pip python3-setuptools python3-wheel cmake git nasm && \ pip3 install meson ninja diff --git a/projects/lua/Dockerfile b/projects/lua/Dockerfile index 7b9ad1951371..7ea955b8c41b 100644 --- a/projects/lua/Dockerfile +++ b/projects/lua/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN git clone https://github.com/ligurio/lua-c-api-tests testdir WORKDIR testdir RUN git clone --depth 1 --jobs $(nproc) https://github.com/ligurio/lua-c-api-corpus corpus_dir diff --git a/projects/monero/Dockerfile b/projects/monero/Dockerfile index 88ecd41fc7fe..5e563c125a5e 100644 --- a/projects/monero/Dockerfile +++ b/projects/monero/Dockerfile @@ -18,6 +18,7 @@ # builder stage FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN set -ex && \ apt-get update && \ diff --git a/projects/msquic/Dockerfile b/projects/msquic/Dockerfile index ed5255a90999..ae3c92fb726a 100644 --- a/projects/msquic/Dockerfile +++ b/projects/msquic/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors ADD https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb packages-microsoft-prod.deb RUN apt-get update && \ diff --git a/projects/orbit/Dockerfile b/projects/orbit/Dockerfile index ab502580bd46..a9136e03d04e 100644 --- a/projects/orbit/Dockerfile +++ b/projects/orbit/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install -y m4 libglu1-mesa-dev mesa-common-dev \ libxmu-dev libxi-dev pkg-config libxxf86vm-dev patchelf diff --git a/projects/pcl/Dockerfile b/projects/pcl/Dockerfile index 5c0af93cbf34..7bc7911bd3df 100644 --- a/projects/pcl/Dockerfile +++ b/projects/pcl/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install -y make cmake autoconf \ automake libtool gettext pkg-config build-essential \ mercurial wget libeigen3-dev libflann-dev python python-dev diff --git a/projects/php/Dockerfile b/projects/php/Dockerfile index 7d53eb34f62d..97905b77a19b 100644 --- a/projects/php/Dockerfile +++ b/projects/php/Dockerfile @@ -16,6 +16,7 @@ # The current clang revision is broken, pin to older one. FROM gcr.io/oss-fuzz-base/base-builder@sha256:111d6b9d3a52bd3392602c71dc8936c628607a7a9bc86d381db7586f9b1e840f +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && \ apt-get install -y autoconf automake libtool bison re2c pkg-config RUN git clone --depth 1 --branch master https://github.com/php/php-src.git php-src diff --git a/projects/poppler/Dockerfile b/projects/poppler/Dockerfile index 2afa41c16a7a..25fb48647594 100644 --- a/projects/poppler/Dockerfile +++ b/projects/poppler/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install -y wget autoconf automake libtool pkg-config gperf python RUN pip3 install meson ninja gyp-next diff --git a/projects/powerdns/Dockerfile b/projects/powerdns/Dockerfile index e879b31e780d..5115daaaaf1b 100644 --- a/projects/powerdns/Dockerfile +++ b/projects/powerdns/Dockerfile @@ -16,6 +16,7 @@ # base image with clang toolchain FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors # maintainer for this file diff --git a/projects/proj4/Dockerfile b/projects/proj4/Dockerfile index 50a41748a6ba..474360e4fbb9 100644 --- a/projects/proj4/Dockerfile +++ b/projects/proj4/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && \ apt-get install -y make autoconf automake libtool g++ sqlite3 pkg-config wget diff --git a/projects/quiche/Dockerfile b/projects/quiche/Dockerfile index e50521cf82d8..b983ae41fb8e 100644 --- a/projects/quiche/Dockerfile +++ b/projects/quiche/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install -y zlib1g-dev libicu-dev RUN git clone --depth 1 https://github.com/google/quiche diff --git a/projects/readstat/Dockerfile b/projects/readstat/Dockerfile index 07847fb8d4be..04bad07f04d6 100644 --- a/projects/readstat/Dockerfile +++ b/projects/readstat/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install -y make autoconf automake gettext libtool zip zlib1g-dev RUN git clone --depth 1 https://github.com/WizardMac/ReadStat readstat diff --git a/projects/rust-lexical/Dockerfile b/projects/rust-lexical/Dockerfile index 24e452af17fb..d12c4732f5ab 100644 --- a/projects/rust-lexical/Dockerfile +++ b/projects/rust-lexical/Dockerfile @@ -14,6 +14,7 @@ # ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder-rust@sha256:c5216a9896a598dced7ce6708bb3226e443473f567045b4f282595776cc641f1 as builder +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors ## Install build dependencies. RUN apt-get update diff --git a/projects/rustcrypto/Dockerfile b/projects/rustcrypto/Dockerfile index 0655fd72e834..21ae73d8c1d3 100644 --- a/projects/rustcrypto/Dockerfile +++ b/projects/rustcrypto/Dockerfile @@ -17,6 +17,7 @@ # Held back because of github.com/google/oss-fuzz/pull/8313 # Please fix failure and upgrade. FROM gcr.io/oss-fuzz-base/base-builder@sha256:111d6b9d3a52bd3392602c71dc8936c628607a7a9bc86d381db7586f9b1e840f +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install -y make autoconf automake libtool wget python RUN git clone --depth 1 https://github.com/guidovranken/cryptofuzz RUN git clone --depth 1 https://github.com/randombit/botan.git diff --git a/projects/s2geometry/Dockerfile b/projects/s2geometry/Dockerfile index 25dd0848c4e6..38af1f284850 100644 --- a/projects/s2geometry/Dockerfile +++ b/projects/s2geometry/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && \ apt-get -y install \ libgflags-dev \ diff --git a/projects/samba/Dockerfile b/projects/samba/Dockerfile index ed3bb5567330..b3d443e7ad1b 100644 --- a/projects/samba/Dockerfile +++ b/projects/samba/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN git clone https://gitlab.com/samba-team/samba samba RUN samba/lib/fuzzing/oss-fuzz/build_image.sh diff --git a/projects/solidity/Dockerfile b/projects/solidity/Dockerfile index da0427309d40..52952b0ee262 100644 --- a/projects/solidity/Dockerfile +++ b/projects/solidity/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install -y make autoconf automake libtool \ build-essential libbz2-dev ninja-build zlib1g-dev wget python python-dev \ liblzma-dev uuid-dev pkg-config openjdk-8-jdk unzip mlton bison texinfo diff --git a/projects/spicy/Dockerfile b/projects/spicy/Dockerfile index ed3a4215a068..e038a3a87e8a 100644 --- a/projects/spicy/Dockerfile +++ b/projects/spicy/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors SHELL ["/bin/bash", "-o", "pipefail", "-c"] ENV DEBIAN_FRONTEND=noninteractive diff --git a/projects/tensorflow-serving/Dockerfile b/projects/tensorflow-serving/Dockerfile index eb7ef6e8d681..724a242aa781 100644 --- a/projects/tensorflow-serving/Dockerfile +++ b/projects/tensorflow-serving/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install -y make autoconf automake libtool default-jdk bison m4 \ build-essential\ curl \ diff --git a/projects/tensorflow/Dockerfile b/projects/tensorflow/Dockerfile index 42bc08d1e724..d42f8126f808 100644 --- a/projects/tensorflow/Dockerfile +++ b/projects/tensorflow/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install -y --no-install-recommends \ curl \ diff --git a/projects/tinyusb/Dockerfile b/projects/tinyusb/Dockerfile index ea89c10de043..e3ec71df5981 100644 --- a/projects/tinyusb/Dockerfile +++ b/projects/tinyusb/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install -y make autoconf automake libtool # TODO: Update this to use hathath instead of this fork. diff --git a/projects/tungstenite-rs/Dockerfile b/projects/tungstenite-rs/Dockerfile index 92384cc1b956..2b6497490193 100644 --- a/projects/tungstenite-rs/Dockerfile +++ b/projects/tungstenite-rs/Dockerfile @@ -14,6 +14,7 @@ # ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder-rust@sha256:c5216a9896a598dced7ce6708bb3226e443473f567045b4f282595776cc641f1 +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors ## Install build dependencies. RUN git clone --depth 1 https://github.com/snapview/tungstenite-rs.git diff --git a/projects/xnu/Dockerfile b/projects/xnu/Dockerfile index a6300920745a..e9497e0b015e 100644 --- a/projects/xnu/Dockerfile +++ b/projects/xnu/Dockerfile @@ -15,6 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install -y \ autoconf \ From 7977bcd6e54fce1a3c822a1232eb272eaba60d45 Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Wed, 10 Apr 2024 09:59:21 +0200 Subject: [PATCH 62/66] Roll clang to a previous 18-trunk to allow the coverage build for pinned projects Taken from: commit 5c46fabf81887bcf9e6292551e38b8d0fd03548f Author: Hans Wennborg Date: Fri Sep 8 18:38:56 2023 +0000 Roll clang llvmorg-17-init-16420-g0c545a44-8 : llvmorg-18-init-4631-gd50b56d1-1 (skipping rust) https://chromium.googlesource.com/external/github.com/llvm/llvm-project/+log/0c545a44..d50b56d1 Ran: ./tools/clang/scripts/upload_revision.py d50b56d18c96e0ce462d7236eb268c54098cbaf9 Bug: 1472655 Change-Id: I4a97764a8d5680f4a500d5f7e0e42438eb01381c Disable-Rts: True Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4852899 Reviewed-by: Nico Weber Commit-Queue: Hans Wennborg Reviewed-by: danakj Cr-Commit-Position: refs/heads/main@{#1194242} NOKEYCHECK=True GitOrigin-RevId: 7c883a7eae94d250ba0ee14e152968fa68e76720 --- infra/base-images/base-clang/Dockerfile | 4 ++-- infra/base-images/base-clang/checkout_build_install_llvm.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/infra/base-images/base-clang/Dockerfile b/infra/base-images/base-clang/Dockerfile index 5f817502f928..01d4022a15c5 100644 --- a/infra/base-images/base-clang/Dockerfile +++ b/infra/base-images/base-clang/Dockerfile @@ -58,9 +58,9 @@ ENV CCC "clang++" # The implicit-function-declaration and implicit-int errors are downgraded to a # warning, to allow compiling legacy code. # See https://releases.llvm.org/16.0.0/tools/clang/docs/ReleaseNotes.html#potentially-breaking-changes -# Same for vla-cxx-extension, deprecated-declarations, int-conversion, +# Same for deprecated-declarations, int-conversion, # incompatible-function-pointer-types, enum-constexpr-conversion -ENV CFLAGS "-O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=enum-constexpr-conversion -Wno-error=incompatible-function-pointer-types -Wno-error=int-conversion -Wno-error=deprecated-declarations -Wno-error=vla-cxx-extension -Wno-error=implicit-function-declaration -Wno-error=implicit-int -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" +ENV CFLAGS "-O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=enum-constexpr-conversion -Wno-error=incompatible-function-pointer-types -Wno-error=int-conversion -Wno-error=deprecated-declarations -Wno-error=implicit-function-declaration -Wno-error=implicit-int -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" ENV CXXFLAGS_EXTRA "-stdlib=libc++" ENV CXXFLAGS "$CFLAGS $CXXFLAGS_EXTRA" diff --git a/infra/base-images/base-clang/checkout_build_install_llvm.sh b/infra/base-images/base-clang/checkout_build_install_llvm.sh index 34067a132f56..bcc04c9f1783 100755 --- a/infra/base-images/base-clang/checkout_build_install_llvm.sh +++ b/infra/base-images/base-clang/checkout_build_install_llvm.sh @@ -50,7 +50,7 @@ LLVM_DEP_PACKAGES="build-essential make ninja-build git python3 python3-distutil apt-get update && apt-get install -y $LLVM_DEP_PACKAGES --no-install-recommends # For manual bumping. -OUR_LLVM_REVISION=llvmorg-18-init-14420-gea3a3b25 +OUR_LLVM_REVISION=llvmorg-18-init-4631-gd50b56d1 mkdir $SRC/chromium_tools cd $SRC/chromium_tools From 2a4086431feb44fdbdd71772adbf0c58457ab29c Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Wed, 17 Apr 2024 12:03:48 +0200 Subject: [PATCH 63/66] Revert "infra: bump rust" This reverts commit 73f101e4770931c045d6eb9b799e20615d61a42a. This is required, because the llvm version in oss-fuzz has been downgraded to before the coverage raw profile version bump. However, rust is using a more recent llvm version after the raw profile version bump. Restore the current pin, which can then be removed once all projects are unpinned, and the oss-fuzz clang version has been bumped again. --- infra/base-images/base-builder/install_rust.sh | 4 ++-- projects/askama/build.sh | 2 +- projects/crosvm/build.sh | 2 +- projects/gitoxide/build.sh | 2 +- projects/linkerd2-proxy/build.sh | 2 +- projects/naga/build.sh | 2 +- projects/opendal/build.sh | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/infra/base-images/base-builder/install_rust.sh b/infra/base-images/base-builder/install_rust.sh index 4966740109d0..fd733cca3860 100755 --- a/infra/base-images/base-builder/install_rust.sh +++ b/infra/base-images/base-builder/install_rust.sh @@ -15,8 +15,8 @@ # ################################################################################ -curl https://sh.rustup.rs | sh -s -- -y --default-toolchain=nightly --profile=minimal +curl https://sh.rustup.rs | sh -s -- -y --default-toolchain=nightly-2023-12-28 --profile=minimal cargo install cargo-fuzz && rm -rf /rust/registry # Needed to recompile rust std library for MSAN -rustup component add rust-src --toolchain nightly +rustup component add rust-src --toolchain nightly-2023-12-28 cp -r /usr/local/lib/x86_64-unknown-linux-gnu/* /usr/local/lib/ diff --git a/projects/askama/build.sh b/projects/askama/build.sh index 18303473261e..dc9b7030ff28 100755 --- a/projects/askama/build.sh +++ b/projects/askama/build.sh @@ -23,7 +23,7 @@ for CRATE_DIR in ${FUZZ_CRATE_DIRS[@]}; do echo "Building crate: $CRATE_DIR" cd $CRATE_DIR - cargo +nightly fuzz build -O + cargo +nightly-2023-12-28 fuzz build -O FUZZ_TARGET_OUTPUT_DIR=fuzz/target/x86_64-unknown-linux-gnu/release for f in fuzz/fuzz_targets/*.rs do diff --git a/projects/crosvm/build.sh b/projects/crosvm/build.sh index 322501449312..cdda20e505c8 100755 --- a/projects/crosvm/build.sh +++ b/projects/crosvm/build.sh @@ -19,7 +19,7 @@ cd crosvm # Build crosvm fuzzers # Unset the SRC variable as it will interfere with minijail's common.mk framework. -env -u SRC cargo +nightly fuzz build -O +env -u SRC cargo +nightly-2023-12-28 fuzz build -O # Copy fuzzer binaries to $OUT FUZZ_TARGET_OUTPUT_DIR="target/x86_64-unknown-linux-gnu/release" diff --git a/projects/gitoxide/build.sh b/projects/gitoxide/build.sh index 3d7329762b12..8bd52d90230b 100755 --- a/projects/gitoxide/build.sh +++ b/projects/gitoxide/build.sh @@ -25,7 +25,7 @@ for CRATE_DIR in ${FUZZ_CRATE_DIRS[@]}; do echo "Building crate: $CRATE_DIR" cd $CRATE_DIR - cargo +nightly fuzz build -O --debug-assertions + cargo +nightly-2023-12-28 fuzz build -O --debug-assertions FUZZ_TARGET_OUTPUT_DIR=$CARGO_BUILD_TARGET_DIR/x86_64-unknown-linux-gnu/release for f in fuzz/fuzz_targets/*.rs do diff --git a/projects/linkerd2-proxy/build.sh b/projects/linkerd2-proxy/build.sh index 838d51c2fc64..3a1a4cc457f2 100755 --- a/projects/linkerd2-proxy/build.sh +++ b/projects/linkerd2-proxy/build.sh @@ -23,7 +23,7 @@ then export CFLAGS="" fi -BUILD_FUZZER="cargo +nightly fuzz build " +BUILD_FUZZER="cargo +nightly-2023-12-28 fuzz build " TARGET_PATH="./fuzz/target/x86_64-unknown-linux-gnu/release" BASE="$SRC/linkerd2-proxy/linkerd" diff --git a/projects/naga/build.sh b/projects/naga/build.sh index aa3d7f7b4321..b7d68cacf9e2 100755 --- a/projects/naga/build.sh +++ b/projects/naga/build.sh @@ -15,7 +15,7 @@ # ################################################################################ -cargo +nightly fuzz build -O +cargo +nightly-2023-12-28 fuzz build -O fuzz_release=$SRC/wgpu/target/x86_64-unknown-linux-gnu/release cp $fuzz_release/spv_parser $OUT/ cp $fuzz_release/wgsl_parser $OUT/ diff --git a/projects/opendal/build.sh b/projects/opendal/build.sh index 365fcdae9b09..b915530efd1e 100644 --- a/projects/opendal/build.sh +++ b/projects/opendal/build.sh @@ -15,7 +15,7 @@ # build fuzz targets cd $SRC/opendal/core -cargo +nightly fuzz build -O --debug-assertions +cargo +nightly-2023-12-28 fuzz build -O --debug-assertions # copy fuzz targets to $OUT targets=( From 767c7d3abfa725e1df137195b375358e8ea4e75c Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Wed, 17 Apr 2024 16:24:37 +0200 Subject: [PATCH 64/66] Pin some projects (with comments) --- projects/immer/Dockerfile | 3 ++- projects/libreoffice/project.yaml | 5 +++-- projects/naga/Dockerfile | 3 ++- projects/opencv/Dockerfile | 3 ++- projects/openthread/Dockerfile | 3 ++- projects/poco/Dockerfile | 3 ++- projects/quantlib/project.yaml | 2 +- projects/relic/project.yaml | 2 +- projects/rnp/Dockerfile | 3 ++- projects/tarantool/Dockerfile | 3 ++- projects/wolfssl/project.yaml | 2 +- projects/zeek/Dockerfile | 3 ++- 12 files changed, 22 insertions(+), 13 deletions(-) diff --git a/projects/immer/Dockerfile b/projects/immer/Dockerfile index 3b3c706ea3a7..43ca22b368a6 100644 --- a/projects/immer/Dockerfile +++ b/projects/immer/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install -y cmake libgc-dev pkg-config RUN git clone --depth 1 https://github.com/arximboldi/immer.git immer WORKDIR immer diff --git a/projects/libreoffice/project.yaml b/projects/libreoffice/project.yaml index e6ba0406409a..f05aa6a9ced5 100644 --- a/projects/libreoffice/project.yaml +++ b/projects/libreoffice/project.yaml @@ -3,8 +3,9 @@ language: c++ primary_contact: "caolanm@gmail.com" sanitizers: - address - - memory: - experimental: True + #- memory: + # experimental: True + # # - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-712b40fe-c70f-4ece-90a2-150c61afc6f4.txt - undefined fuzzing_engines: # see https://github.com/google/oss-fuzz/issues/6233 for missing afl diff --git a/projects/naga/Dockerfile b/projects/naga/Dockerfile index e93d5e41eb89..130c92f0929f 100644 --- a/projects/naga/Dockerfile +++ b/projects/naga/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder-rust +FROM gcr.io/oss-fuzz-base/base-builder-rust@sha256:c5216a9896a598dced7ce6708bb3226e443473f567045b4f282595776cc641f1 +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors. The coverage build fails due to a presumed compiler bug, which may be fixed on the next oss-fuzz clang bump. RUN apt-get update && apt-get install -y make autoconf automake libtool RUN git clone --depth 1 https://github.com/gfx-rs/wgpu wgpu WORKDIR wgpu/naga diff --git a/projects/opencv/Dockerfile b/projects/opencv/Dockerfile index f9e11f52023f..1c58a02cb988 100644 --- a/projects/opencv/Dockerfile +++ b/projects/opencv/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors. A compiler bug is the suspected cause, and it may be fixed on the next oss-fuzz clang roll RUN apt-get update && apt-get install -y build-essential cmake pkg-config RUN git clone --depth 1 https://github.com/opencv/opencv.git opencv WORKDIR opencv/ diff --git a/projects/openthread/Dockerfile b/projects/openthread/Dockerfile index 4ef0e6e4645f..71684668c8d6 100644 --- a/projects/openthread/Dockerfile +++ b/projects/openthread/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors. A clang compiler bug is the suspected cause of the failure, which will be fixed on the next clang roll in oss-fuzz. RUN apt-get update && apt-get install -y cmake ninja-build RUN git clone --depth 1 https://github.com/openthread/openthread diff --git a/projects/poco/Dockerfile b/projects/poco/Dockerfile index bf42a4d40002..29c20793b5df 100644 --- a/projects/poco/Dockerfile +++ b/projects/poco/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install -y openssl libssl-dev git make cmake libssl-dev RUN git clone --depth 1 https://github.com/pocoproject/poco WORKDIR $SRC/poco diff --git a/projects/quantlib/project.yaml b/projects/quantlib/project.yaml index b1c2d60b64dd..1cba4854719b 100644 --- a/projects/quantlib/project.yaml +++ b/projects/quantlib/project.yaml @@ -6,7 +6,7 @@ auto_ccs: - nathaniel.brough@gmail.com sanitizers: - address - - memory + # - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-d6a22300-216b-497d-999c-9b12779d05e2.txt fuzzing_engines: - libfuzzer - honggfuzz diff --git a/projects/relic/project.yaml b/projects/relic/project.yaml index e3781a282781..672df5ac7404 100644 --- a/projects/relic/project.yaml +++ b/projects/relic/project.yaml @@ -7,7 +7,7 @@ auto_ccs: sanitizers: - address - undefined - - memory + # - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-27b372a0-a02b-4a88-9267-6db2fca9794e.txt architectures: - x86_64 - i386 diff --git a/projects/rnp/Dockerfile b/projects/rnp/Dockerfile index f5257bc03ace..0350cee2a1ea 100755 --- a/projects/rnp/Dockerfile +++ b/projects/rnp/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update RUN apt-get install -y \ make \ diff --git a/projects/tarantool/Dockerfile b/projects/tarantool/Dockerfile index 63fead4d32b3..7d6bf6bb96fc 100644 --- a/projects/tarantool/Dockerfile +++ b/projects/tarantool/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install -y \ build-essential cmake make coreutils sed lld \ autoconf automake libtool zlib1g-dev \ diff --git a/projects/wolfssl/project.yaml b/projects/wolfssl/project.yaml index 87861d4f85d8..d69b00f4a5ff 100644 --- a/projects/wolfssl/project.yaml +++ b/projects/wolfssl/project.yaml @@ -21,7 +21,7 @@ fuzzing_engines: - honggfuzz sanitizers: - address - - memory + # - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-dc084406-0ddc-4ebd-a7be-2387cffb19ff.txt - undefined architectures: - x86_64 diff --git a/projects/zeek/Dockerfile b/projects/zeek/Dockerfile index a009f965746c..cf8088279c2b 100644 --- a/projects/zeek/Dockerfile +++ b/projects/zeek/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install -y --no-install-recommends \ patchelf \ From 321ebca38243cab78272b84e71a9d6d102d1d505 Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Wed, 17 Apr 2024 17:02:21 +0200 Subject: [PATCH 65/66] wireshark: Turn compile errors into compile warnings --- projects/wireshark/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/wireshark/build.sh b/projects/wireshark/build.sh index d883a86a632a..3f172ce9deb0 100755 --- a/projects/wireshark/build.sh +++ b/projects/wireshark/build.sh @@ -43,7 +43,7 @@ cd "$WIRESHARK_BUILD_PATH" cmake -GNinja \ -DCMAKE_C_COMPILER=$CC -DCMAKE_CXX_COMPILER=$CXX \ - -DCMAKE_C_FLAGS="$CFLAGS" -DCMAKE_CXX_FLAGS="$CXXFLAGS" \ + -DCMAKE_C_FLAGS="-Wno-error=fortify-source -Wno-error=missing-field-initializers $CFLAGS" -DCMAKE_CXX_FLAGS="-Wno-error=fortify-source -Wno-error=missing-field-initializers $CXXFLAGS" \ -DDISABLE_WERROR=ON -DOSS_FUZZ=ON $CMAKE_DEFINES $SRC/wireshark/ ninja all-fuzzers From cdd10ade931887ef70d769da1eec670584d2140f Mon Sep 17 00:00:00 2001 From: MarcoFalke <6399679+MarcoFalke@users.noreply.github.com> Date: Mon, 29 Apr 2024 10:30:32 +0200 Subject: [PATCH 66/66] projects: Two small fixups --- projects/llvm/project.yaml | 2 +- projects/serenity/Dockerfile | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/projects/llvm/project.yaml b/projects/llvm/project.yaml index 60e55390cd79..e7929e54660b 100644 --- a/projects/llvm/project.yaml +++ b/projects/llvm/project.yaml @@ -20,7 +20,7 @@ auto_ccs: sanitizers: - address - - memory +# - memory ## msan disabled after a clang bump. Please re-enable it, Try to fix any build warnings and build errors, as well as msan runtime warnings and errors. msan failure log: https://oss-fuzz-gcb-logs.storage.googleapis.com/log-a3d59d5e-8ae4-4294-9a84-bed1f85c2923.txt fuzzing_engines: - libfuzzer diff --git a/projects/serenity/Dockerfile b/projects/serenity/Dockerfile index 0a52571e0764..1d5a63c4cab2 100644 --- a/projects/serenity/Dockerfile +++ b/projects/serenity/Dockerfile @@ -14,7 +14,8 @@ # ################################################################################ -FROM gcr.io/oss-fuzz-base/base-builder +FROM gcr.io/oss-fuzz-base/base-builder@sha256:19782f7fe8092843368894dbc471ce9b30dd6a2813946071a36e8b05f5b1e27e +# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors RUN apt-get update && apt-get install -y build-essential cmake curl ninja-build RUN git clone https://github.com/SerenityOS/serenity COPY build.sh $SRC/