From 5b58108e37e53d7c02ff2356e3d68879141f76f0 Mon Sep 17 00:00:00 2001 From: Tristan Matthews <tmatth@videolan.org> Date: Thu, 9 Jan 2025 02:39:24 -0500 Subject: [PATCH] CI: add ClusterFuzzLite integration --- .clusterfuzzlite/Dockerfile | 22 +++++++++++++++++ .clusterfuzzlite/build.sh | 45 +++++++++++++++++++++++++++++++++++ .clusterfuzzlite/project.yaml | 16 +++++++++++++ .gitlab-ci.yml | 38 +++++++++++++++++++++++++++++ 4 files changed, 121 insertions(+) create mode 100644 .clusterfuzzlite/Dockerfile create mode 100644 .clusterfuzzlite/build.sh create mode 100644 .clusterfuzzlite/project.yaml diff --git a/.clusterfuzzlite/Dockerfile b/.clusterfuzzlite/Dockerfile new file mode 100644 index 0000000..fe21519 --- /dev/null +++ b/.clusterfuzzlite/Dockerfile @@ -0,0 +1,22 @@ +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +RUN apt-get update && apt-get install -y make autoconf libtool pkg-config wget +RUN git clone --depth 1 https://gitlab.xiph.org/xiph/ogg.git $SRC/ogg +COPY . $SRC/speex +WORKDIR $SRC/speex +COPY .clusterfuzzlite/build.sh $SRC/ diff --git a/.clusterfuzzlite/build.sh b/.clusterfuzzlite/build.sh new file mode 100644 index 0000000..2962f34 --- /dev/null +++ b/.clusterfuzzlite/build.sh @@ -0,0 +1,45 @@ +#!/bin/bash -eu +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# install ogg from source as the packaged version has some asan/ubsan failures and we need to disable crc +pushd $SRC/ogg +./autogen.sh +./configure --prefix="$WORK" --enable-static --disable-shared --disable-crc +make clean +make -j$(nproc) +make install +popd + +./autogen.sh +export CFLAGS="$CFLAGS -DDISABLE_NOTIFICATIONS -DDISABLE_WARNINGS" +# Build fixed-point fuzzer +PKG_CONFIG_PATH="$WORK"/lib/pkgconfig ./configure --prefix="$WORK" --enable-static --disable-shared --enable-fixed +make -j$(nproc) +make install +$CXX $CXXFLAGS contrib/oss-fuzz/speexdec_fuzzer.cc -o $OUT/speex_decode_fuzzer_fixed -L"$WORK/lib" -I"$WORK/include" $LIB_FUZZING_ENGINE -lspeex -logg +# Build floating-point fuzzer +PKG_CONFIG_PATH="$WORK"/lib/pkgconfig ./configure --prefix="$WORK" --enable-static --disable-shared +make -j$(nproc) +make install +$CXX $CXXFLAGS contrib/oss-fuzz/speexdec_fuzzer.cc -o $OUT/speex_decode_fuzzer_float -L"$WORK/lib" -I"$WORK/include" $LIB_FUZZING_ENGINE -lspeex -logg + +# build samples and prepare corpus +cd src/ +./generate-samples.sh +zip -j0r ${OUT}/speex_decode_fuzzer_fixed_seed_corpus.zip ./samples/ +cp ${OUT}/speex_decode_fuzzer_fixed_seed_corpus.zip ${OUT}/speex_decode_fuzzer_float_seed_corpus.zip +cd .. diff --git a/.clusterfuzzlite/project.yaml b/.clusterfuzzlite/project.yaml new file mode 100644 index 0000000..248a6ea --- /dev/null +++ b/.clusterfuzzlite/project.yaml @@ -0,0 +1,16 @@ +homepage: "https://speex.org/" +language: c++ +primary_contact: "tmatth@videolan.org" +auto_ccs: + - "twsmith@mozilla.com" + - "le.businessman@gmail.com" + - "jmvalin@jmvalin.ca" +fuzzing_engines: + - libfuzzer + - afl + - honggfuzz +sanitizers: + - address + - undefined + - memory +main_repo: 'https://gitlab.xiph.org/xiph/speex.git' diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 075d12b..17fb700 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -85,3 +85,41 @@ meson no-binaries: extends: .meson variables: CONFIG_FLAGS: -Dtools=disabled -Dtest-binaries=disabled + +variables: + SANITIZER: address + CFL_PLATFORM: gitlab + DOCKER_HOST: "tcp://docker:2375" + DOCKER_IN_DOCKER: "true" # may be removed in self-managed GitLab instances + DOCKER_TLS_CERTDIR: "" + +clusterfuzzlite: + tags: + - dind + image: + name: gcr.io/oss-fuzz-base/clusterfuzzlite-run-fuzzers:v1 + entrypoint: [""] + services: + - name: docker:dind # may be removed in self-managed GitLab instances + command: ["--tls=false"] + + stage: test + parallel: + matrix: + - SANITIZER: [address, undefined, memory] + rules: + # Default code change. + - if: $CI_PIPELINE_SOURCE == "merge_request_event" + variables: + MODE: "code-change" + before_script: + # Get GitLab's container id. + - export CFL_CONTAINER_ID=`docker ps -q -f "label=com.gitlab.gitlab-runner.job.id=$CI_JOB_ID" -f "label=com.gitlab.gitlab-runner.type=build"` + script: + # Will build and run the fuzzers. + - python3 "/opt/oss-fuzz/infra/cifuzz/cifuzz_combined_entrypoint.py" + artifacts: + # Upload artifacts when a crash makes the job fail. + when: always + paths: + - artifacts/ -- GitLab