From 5b58108e37e53d7c02ff2356e3d68879141f76f0 Mon Sep 17 00:00:00 2001
From: Tristan Matthews <tmatth@videolan.org>
Date: Thu, 9 Jan 2025 02:39:24 -0500
Subject: [PATCH] CI: add ClusterFuzzLite integration

---
 .clusterfuzzlite/Dockerfile   | 22 +++++++++++++++++
 .clusterfuzzlite/build.sh     | 45 +++++++++++++++++++++++++++++++++++
 .clusterfuzzlite/project.yaml | 16 +++++++++++++
 .gitlab-ci.yml                | 38 +++++++++++++++++++++++++++++
 4 files changed, 121 insertions(+)
 create mode 100644 .clusterfuzzlite/Dockerfile
 create mode 100644 .clusterfuzzlite/build.sh
 create mode 100644 .clusterfuzzlite/project.yaml

diff --git a/.clusterfuzzlite/Dockerfile b/.clusterfuzzlite/Dockerfile
new file mode 100644
index 0000000..fe21519
--- /dev/null
+++ b/.clusterfuzzlite/Dockerfile
@@ -0,0 +1,22 @@
+# Copyright 2018 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y make autoconf libtool pkg-config wget
+RUN git clone --depth 1 https://gitlab.xiph.org/xiph/ogg.git $SRC/ogg
+COPY . $SRC/speex
+WORKDIR $SRC/speex
+COPY .clusterfuzzlite/build.sh $SRC/
diff --git a/.clusterfuzzlite/build.sh b/.clusterfuzzlite/build.sh
new file mode 100644
index 0000000..2962f34
--- /dev/null
+++ b/.clusterfuzzlite/build.sh
@@ -0,0 +1,45 @@
+#!/bin/bash -eu
+# Copyright 2018 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# install ogg from source as the packaged version has some asan/ubsan failures and we need to disable crc
+pushd $SRC/ogg
+./autogen.sh
+./configure --prefix="$WORK" --enable-static --disable-shared --disable-crc
+make clean
+make -j$(nproc)
+make install
+popd
+
+./autogen.sh
+export CFLAGS="$CFLAGS -DDISABLE_NOTIFICATIONS -DDISABLE_WARNINGS"
+# Build fixed-point fuzzer
+PKG_CONFIG_PATH="$WORK"/lib/pkgconfig ./configure --prefix="$WORK" --enable-static --disable-shared --enable-fixed
+make -j$(nproc)
+make install
+$CXX $CXXFLAGS contrib/oss-fuzz/speexdec_fuzzer.cc -o $OUT/speex_decode_fuzzer_fixed -L"$WORK/lib" -I"$WORK/include" $LIB_FUZZING_ENGINE -lspeex -logg
+# Build floating-point fuzzer
+PKG_CONFIG_PATH="$WORK"/lib/pkgconfig ./configure --prefix="$WORK" --enable-static --disable-shared
+make -j$(nproc)
+make install
+$CXX $CXXFLAGS contrib/oss-fuzz/speexdec_fuzzer.cc -o $OUT/speex_decode_fuzzer_float -L"$WORK/lib" -I"$WORK/include" $LIB_FUZZING_ENGINE -lspeex -logg
+
+# build samples and prepare corpus
+cd src/
+./generate-samples.sh
+zip -j0r ${OUT}/speex_decode_fuzzer_fixed_seed_corpus.zip ./samples/
+cp ${OUT}/speex_decode_fuzzer_fixed_seed_corpus.zip ${OUT}/speex_decode_fuzzer_float_seed_corpus.zip
+cd ..
diff --git a/.clusterfuzzlite/project.yaml b/.clusterfuzzlite/project.yaml
new file mode 100644
index 0000000..248a6ea
--- /dev/null
+++ b/.clusterfuzzlite/project.yaml
@@ -0,0 +1,16 @@
+homepage: "https://speex.org/"
+language: c++
+primary_contact: "tmatth@videolan.org"
+auto_ccs:
+  - "twsmith@mozilla.com"
+  - "le.businessman@gmail.com"
+  - "jmvalin@jmvalin.ca"
+fuzzing_engines:
+  - libfuzzer
+  - afl
+  - honggfuzz
+sanitizers:
+  - address
+  - undefined
+  - memory
+main_repo: 'https://gitlab.xiph.org/xiph/speex.git'
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 075d12b..17fb700 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -85,3 +85,41 @@ meson no-binaries:
   extends: .meson
   variables:
     CONFIG_FLAGS: -Dtools=disabled -Dtest-binaries=disabled
+
+variables:
+  SANITIZER: address
+  CFL_PLATFORM: gitlab
+  DOCKER_HOST: "tcp://docker:2375"
+  DOCKER_IN_DOCKER: "true" # may be removed in self-managed GitLab instances
+  DOCKER_TLS_CERTDIR: ""
+
+clusterfuzzlite:
+  tags:
+    - dind
+  image:
+    name: gcr.io/oss-fuzz-base/clusterfuzzlite-run-fuzzers:v1
+    entrypoint: [""]
+  services:
+    - name: docker:dind # may be removed in self-managed GitLab instances
+      command: ["--tls=false"]
+
+  stage: test
+  parallel:
+    matrix:
+      - SANITIZER: [address, undefined, memory]
+  rules:
+    # Default code change.
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+      variables:
+        MODE: "code-change"
+  before_script:
+    # Get GitLab's container id.
+    - export CFL_CONTAINER_ID=`docker ps -q -f "label=com.gitlab.gitlab-runner.job.id=$CI_JOB_ID" -f "label=com.gitlab.gitlab-runner.type=build"`
+  script:
+    # Will build and run the fuzzers.
+    - python3 "/opt/oss-fuzz/infra/cifuzz/cifuzz_combined_entrypoint.py"
+  artifacts:
+    # Upload artifacts when a crash makes the job fail.
+    when: always
+    paths:
+      - artifacts/
-- 
GitLab