diff --git a/analysis/test_data/pairwise_unique_coverage_heatmap-failed-diff.png b/analysis/test_data/pairwise_unique_coverage_heatmap-failed-diff.png index 5dc618e44..7eb634b74 100644 Binary files a/analysis/test_data/pairwise_unique_coverage_heatmap-failed-diff.png and b/analysis/test_data/pairwise_unique_coverage_heatmap-failed-diff.png differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20665 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20665 deleted file mode 100644 index 1434f1fa7..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20665 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20666 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20666 deleted file mode 100644 index e32f56158..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20666 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20669 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20669 deleted file mode 100644 index a56194a21..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20669 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20670 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20670 deleted file mode 100644 index e92ea4356..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20670 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20675 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20675 deleted file mode 100644 index 7419df89a..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20675 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20681 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20681 deleted file mode 100644 index fe94e1c4e..000000000 --- a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20681 +++ /dev/null @@ -1 +0,0 @@ -˙˙˙˙PAR1 \ No newline at end of file diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20682 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20682 deleted file mode 100644 index b36e17ba5..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20682 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20683 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20683 deleted file mode 100644 index c91539def..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20683 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20685 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20685 deleted file mode 100644 index e256e8418..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20685 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20686 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20686 deleted file mode 100644 index 28c1eacf7..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20686 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20695 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20695 deleted file mode 100644 index 2bced3be4..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20695 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20696 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20696 deleted file mode 100644 index 1d36f9fca..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20696 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20697 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20697 deleted file mode 100644 index 5477f4924..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20697 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20698 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20698 deleted file mode 100644 index e9ba96eb7..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20698 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20711 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20711 deleted file mode 100644 index 3199a8279..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20711 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20721 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20721 deleted file mode 100644 index 5c5b90060..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20721 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20733 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20733 deleted file mode 100644 index 1635d2e47..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20733 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20735 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20735 deleted file mode 100644 index 87277d139..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20735 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20837 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20837 deleted file mode 100644 index 0958fbd3a..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20837 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20849 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20849 deleted file mode 100644 index e1225b59b..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20849 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20897 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20897 deleted file mode 100644 index e5b7879c4..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20897 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20937 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20937 deleted file mode 100644 index 6a92b5e4a..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20937 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20940 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20940 deleted file mode 100644 index afd253701..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20940 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20989 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20989 deleted file mode 100644 index db45789a7..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/20989 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21009 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21009 deleted file mode 100644 index e3f29e42d..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21009 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21010 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21010 deleted file mode 100644 index 37e61e0a1..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21010 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21101 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21101 deleted file mode 100644 index 245a18b3b..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21101 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21106 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21106 deleted file mode 100644 index 5cefec65e..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21106 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21147 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21147 deleted file mode 100644 index 1dd7f46c6..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21147 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21166 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21166 deleted file mode 100644 index 23f479e45..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21166 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21251 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21251 deleted file mode 100644 index 7ce1254b2..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21251 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21453 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21453 deleted file mode 100644 index 3255e1d29..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21453 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21567 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21567 deleted file mode 100644 index d3127f838..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/21567 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/26064 b/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/26064 deleted file mode 100644 index b2bbf5e55..000000000 Binary files a/benchmarks/arrow_arrow-ipc-stream-fuzz_1a34a0/testcases/26064 and /dev/null differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/Dockerfile b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/Dockerfile new file mode 100644 index 000000000..c5d22a343 --- /dev/null +++ b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/Dockerfile @@ -0,0 +1,35 @@ +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +ENV DEBIAN_FRONTEND noninteractive +RUN apt-get update && \ + apt-get install -y -q --no-install-recommends \ + bison \ + build-essential \ + cmake \ + flex \ + libboost-all-dev \ + ninja-build \ + python3 + +RUN git clone \ + --recurse-submodules \ + https://github.com/apache/arrow.git \ + $SRC/arrow + +COPY build.sh thrift.patch $SRC/ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/benchmark.yaml b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/benchmark.yaml new file mode 100644 index 000000000..914506926 --- /dev/null +++ b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/benchmark.yaml @@ -0,0 +1,57 @@ +# 4846902008479744 +commit: eee13b0acc3397d132051dcf47e6f5813436bf91 +commit_date: 2022-08-19T03:19:28+0000 +fuzz_target: arrow-ipc-stream-fuzz +project: arrow +type: bug +unsupported_fuzzers: + - honggfuzz # To Be Fixed. + - aflcc + - afl_qemu + - aflplusplus_qemu + - aflplusplus_qemu_tracepc + - aflplusplus_frida + - honggfuzz_qemu + - klee + - weizz_qemu + - lafintel + - neuzz + - aflplusplus_qemu_tracepc + - aflplusplus_qemu_cmplog + - aflplusplus_qemu_cmplog_inmem + - aflplusplus_qemu_inmem + - aflplusplus_classic_ctx + - aflplusplus_classic_ctx_18 + - aflplusplus_classic_ctx_20 + - aflplusplus_classic_ctx_21 + - aflplusplus_classic_ctx_23 + - aflplusplus_pcguard + - cfctx_basic + - cfctx_bottom + - cfctx_dataflow_seadsa + - cfctx_dataflow_svf + - cfctx_params + - cfctx_plain + - cfctx_randomic + - cfctx_bottom_llc + - cfctx_dataflow_seadsa_llc + - cfctx_dataflow_svf_llc + - cfctx_randomic_llc + - cfctx_params_llc + - cfctx_params_1mb + - cfctx_params_2mb + - cfctx_params_4mb + - cfctx_params_512kb + - cfctx_params_768kb + - cfctx_full + - aflplusplus_cmplog_double + - symcc_aflplusplus_single + - eclipser_aflplusplus + - aflplusplus_qemu_double + - fuzzolic_aflplusplus_z3 + - symqemu_aflplusplus + - fuzzolic_aflplusplus_fuzzy + - fuzzolic_aflplusplus_z3dict + - aflplusplus_gcc + - aflplusplus_classic + - tortoisefuzz diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/build.sh b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/build.sh new file mode 100755 index 000000000..31e12b625 --- /dev/null +++ b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/build.sh @@ -0,0 +1,72 @@ +#!/bin/bash -eu +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +set -ex + +# Fix thrift download. +# This needs to be done in build.sh because the checkout happens after the +# builder.Dockerfile completes. +cd $SRC/arrow +git apply ../thrift.patch || true +cd - +ARROW=${SRC}/arrow/cpp + +cd ${WORK} + +# The CMake build setup compiles and runs the Thrift compiler, but ASAN +# would report leaks and error out. +export ASAN_OPTIONS="detect_leaks=0" + +cmake ${ARROW} -GNinja \ + -DCMAKE_BUILD_TYPE=Release \ + -DARROW_DEPENDENCY_SOURCE=BUNDLED \ + -DBOOST_SOURCE=SYSTEM \ + -DCMAKE_C_FLAGS="${CFLAGS}" \ + -DCMAKE_CXX_FLAGS="${CXXFLAGS}" \ + -DARROW_EXTRA_ERROR_CONTEXT=off \ + -DARROW_JEMALLOC=off \ + -DARROW_MIMALLOC=off \ + -DARROW_FILESYSTEM=off \ + -DARROW_PARQUET=on \ + -DARROW_BUILD_SHARED=off \ + -DARROW_BUILD_STATIC=on \ + -DARROW_BUILD_TESTS=off \ + -DARROW_BUILD_INTEGRATION=off \ + -DARROW_BUILD_BENCHMARKS=off \ + -DARROW_BUILD_EXAMPLES=off \ + -DARROW_BUILD_UTILITIES=off \ + -DARROW_TEST_LINKAGE=static \ + -DPARQUET_BUILD_EXAMPLES=off \ + -DPARQUET_BUILD_EXECUTABLES=off \ + -DPARQUET_REQUIRE_ENCRYPTION=off \ + -DARROW_WITH_BROTLI=on \ + -DARROW_WITH_BZ2=off \ + -DARROW_WITH_LZ4=off \ + -DARROW_WITH_SNAPPY=off \ + -DARROW_WITH_ZLIB=off \ + -DARROW_WITH_ZSTD=off \ + -DARROW_USE_GLOG=off \ + -DARROW_USE_ASAN=off \ + -DARROW_USE_UBSAN=off \ + -DARROW_USE_TSAN=off \ + -DARROW_FUZZING=on \ + +cmake --build . + +cp -a release/* ${OUT} + +${ARROW}/build-support/fuzzing/generate_corpuses.sh ${OUT} diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/thrift.patch b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/thrift.patch new file mode 100644 index 000000000..abdbf6255 --- /dev/null +++ b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/thrift.patch @@ -0,0 +1,22 @@ +diff --git a/cpp/cmake_modules/ThirdpartyToolchain.cmake b/cpp/cmake_modules/ThirdpartyToolchain.cmake +index 9c062f86a..5d04ef92c 100644 +--- a/cpp/cmake_modules/ThirdpartyToolchain.cmake ++++ b/cpp/cmake_modules/ThirdpartyToolchain.cmake +@@ -39,7 +39,7 @@ endif() + # ---------------------------------------------------------------------- + # We should not use the Apache dist server for build dependencies + +-set(APACHE_MIRROR "") ++set(APACHE_MIRROR "https://archive.apache.org") + + macro(get_apache_mirror) + if(APACHE_MIRROR STREQUAL "") +@@ -1129,7 +1129,7 @@ macro(build_thrift) + get_apache_mirror() + set( + THRIFT_SOURCE_URL +- "${APACHE_MIRROR}/thrift/${ARROW_THRIFT_BUILD_VERSION}/thrift-${ARROW_THRIFT_BUILD_VERSION}.tar.gz" ++ "${APACHE_MIRROR}/dist/thrift/${ARROW_THRIFT_BUILD_VERSION}/thrift-${ARROW_THRIFT_BUILD_VERSION}.tar.gz" + ) + endif() + diff --git a/benchmarks/aspell_aspell_fuzzer_aed7cd/Dockerfile b/benchmarks/aspell_aspell_fuzzer_aed7cd/Dockerfile new file mode 100644 index 000000000..262954263 --- /dev/null +++ b/benchmarks/aspell_aspell_fuzzer_aed7cd/Dockerfile @@ -0,0 +1,31 @@ +# Copyright 2019 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN git clone \ + https://github.com/gnuaspell/aspell.git \ + $SRC/aspell + +RUN git clone \ + https://github.com/gnuaspell/aspell-fuzz.git \ + $SRC/aspell-fuzz && \ + git -C $SRC/aspell-fuzz checkout fa4aa32c6bf9573801a7675137e1c31b9f13247f + + +WORKDIR $SRC/aspell-fuzz +COPY build.sh $SRC/ + diff --git a/benchmarks/aspell_aspell_fuzzer_aed7cd/benchmark.yaml b/benchmarks/aspell_aspell_fuzzer_aed7cd/benchmark.yaml new file mode 100644 index 000000000..62c42bdb2 --- /dev/null +++ b/benchmarks/aspell_aspell_fuzzer_aed7cd/benchmark.yaml @@ -0,0 +1,50 @@ +# 4546146634170368 +commit: aed7cd364b2f50f3f01b9a6eec79f7289ede2bed +commit_date : 2022-06-01T23:38:41+0000 +fuzz_target: aspell_fuzzer +project: aspell +type: bug +unsupported_fuzzers: + - aflcc + - afl_qemu + - aflplusplus_qemu + - aflplusplus_qemu_tracepc + - aflplusplus_frida + - honggfuzz_qemu + - klee + - lafintel + - weizz_qemu + - aflplusplus_classic_ctx + - aflplusplus_classic_ctx_18 + - aflplusplus_classic_ctx_20 + - aflplusplus_classic_ctx_21 + - aflplusplus_classic_ctx_23 + - aflplusplus_pcguard + - aflplusplus_classic + - cfctx_basic + - cfctx_bottom + - cfctx_dataflow_seadsa + - cfctx_dataflow_svf + - cfctx_params + - cfctx_plain + - cfctx_randomic + - cfctx_bottom_llc + - cfctx_dataflow_seadsa_llc + - cfctx_dataflow_svf_llc + - cfctx_randomic_llc + - cfctx_params_llc + - cfctx_params_1mb + - cfctx_params_2mb + - cfctx_params_4mb + - cfctx_params_512kb + - cfctx_params_768kb + - cfctx_full + - aflplusplus_cmplog_double + - symcc_aflplusplus_single + - eclipser_aflplusplus + - aflplusplus_qemu_double + - fuzzolic_aflplusplus_z3 + - symqemu_aflplusplus + - fuzzolic_aflplusplus_fuzzy + - fuzzolic_aflplusplus_z3dict + - tortoisefuzz diff --git a/benchmarks/aspell_aspell_fuzzer_aed7cd/build.sh b/benchmarks/aspell_aspell_fuzzer_aed7cd/build.sh new file mode 100755 index 000000000..e77ebd3e6 --- /dev/null +++ b/benchmarks/aspell_aspell_fuzzer_aed7cd/build.sh @@ -0,0 +1,21 @@ +#!/bin/bash -eu +# Copyright 2019 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Run the OSS-Fuzz script in the fuzzer project. +pushd $SRC/aspell-fuzz +./ossfuzz.sh +popd diff --git a/benchmarks/assimp_assimp_fuzzer_bdee65/Dockerfile b/benchmarks/assimp_assimp_fuzzer_bdee65/Dockerfile new file mode 100644 index 000000000..6fca7685b --- /dev/null +++ b/benchmarks/assimp_assimp_fuzzer_bdee65/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN apt-get update && apt-get install -y cmake ninja-build +RUN git clone --recursive https://github.com/assimp/assimp.git +WORKDIR assimp +COPY build.sh $SRC/ + diff --git a/benchmarks/assimp_assimp_fuzzer_bdee65/benchmark.yaml b/benchmarks/assimp_assimp_fuzzer_bdee65/benchmark.yaml new file mode 100644 index 000000000..6207adb20 --- /dev/null +++ b/benchmarks/assimp_assimp_fuzzer_bdee65/benchmark.yaml @@ -0,0 +1,5 @@ +# 4515118433566720 +commit: bdee65e577caa6f2eea8e6e22d2175407cde5de3 +fuzz_target: assimp_fuzzer +project: assimp +type: bug diff --git a/benchmarks/assimp_assimp_fuzzer_bdee65/build.sh b/benchmarks/assimp_assimp_fuzzer_bdee65/build.sh new file mode 100644 index 000000000..4cb8bea37 --- /dev/null +++ b/benchmarks/assimp_assimp_fuzzer_bdee65/build.sh @@ -0,0 +1,27 @@ +#!/bin/bash -eu +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# generate build env and build assimp +cmake CMakeLists.txt -G "Ninja" -DBUILD_SHARED_LIBS=OFF -DASSIMP_BUILD_ZLIB=ON \ + -DASSIMP_BUILD_TESTS=OFF -DASSIMP_BUILD_ASSIMP_TOOLS=OFF \ + -DASSIMP_BUILD_SAMPLES=OFF +cmake --build . + +# Build the fuzzer +$CXX $CXXFLAGS $LIB_FUZZING_ENGINE -std=c++11 -I$SRC/assimp/include \ + fuzz/assimp_fuzzer.cc -o $OUT/assimp_fuzzer \ + ./lib/libassimp.a ./contrib/zlib/libzlibstatic.a diff --git a/benchmarks/bloaty_fuzz_target_f01ea5/Dockerfile b/benchmarks/bloaty_fuzz_target_f01ea5/Dockerfile new file mode 100644 index 000000000..28055243a --- /dev/null +++ b/benchmarks/bloaty_fuzz_target_f01ea5/Dockerfile @@ -0,0 +1,30 @@ +# Copyright 2017 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN apt-get update && \ + apt-get install -y \ + cmake \ + ninja-build \ + g++ \ + libz-dev + +RUN git clone \ + https://github.com/google/bloaty.git + +WORKDIR bloaty +COPY build.sh $SRC/ diff --git a/benchmarks/bloaty_fuzz_target_f01ea5/benchmark.yaml b/benchmarks/bloaty_fuzz_target_f01ea5/benchmark.yaml new file mode 100644 index 000000000..26f43a9e5 --- /dev/null +++ b/benchmarks/bloaty_fuzz_target_f01ea5/benchmark.yaml @@ -0,0 +1,30 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# 6440215450877952 +commit: f01ea59bdda11708d74a3826c23d6e2db6c996f0 +commit_date: 2022-11-11T17:41:21+00:00 +fuzz_target: fuzz_target +project: bloaty +type: bug +unsupported_fuzzers: + - klee + - aflplusplus_cmplog_double + - symcc_aflplusplus_single + - eclipser_aflplusplus + - aflplusplus_qemu_double + - fuzzolic_aflplusplus_z3 + - symqemu_aflplusplus + - fuzzolic_aflplusplus_fuzzy + - fuzzolic_aflplusplus_z3dict diff --git a/benchmarks/bloaty_fuzz_target_f01ea5/build.sh b/benchmarks/bloaty_fuzz_target_f01ea5/build.sh new file mode 100644 index 000000000..8adf40690 --- /dev/null +++ b/benchmarks/bloaty_fuzz_target_f01ea5/build.sh @@ -0,0 +1,22 @@ +#!/bin/bash -eu +# Copyright 2017 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +cd $WORK +cmake -G Ninja -DBUILD_TESTING=false $SRC/bloaty +ninja -j$(nproc) +cp fuzz_target $OUT +zip -j $OUT/fuzz_target_seed_corpus.zip $SRC/bloaty/tests/testdata/fuzz_corpus/* diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/Dockerfile b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/Dockerfile new file mode 100644 index 000000000..a5b6390f1 --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/Dockerfile @@ -0,0 +1,111 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN apt-get update && \ + apt-get install -y \ + make \ + autoconf \ + libtool \ + build-essential \ + libass-dev \ + libfreetype6-dev \ + libsdl1.2-dev \ + libvdpau-dev \ + libxcb1-dev \ + libxcb-shm0-dev \ + libdrm-dev \ + pkg-config \ + texinfo \ + libbz2-dev \ + zlib1g-dev \ + yasm \ + cmake \ + mercurial \ + wget \ + xutils-dev \ + libpciaccess-dev \ + nasm \ + meson \ + rsync && \ + curl \ + -LO \ + http://mirrors.kernel.org/ubuntu/pool/main/a/automake-1.16/automake_1.16.5-1.3_all.deb && \ + apt install ./automake_1.16.5-1.3_all.deb && \ + rm automake_1.16.5-1.3_all.deb + +RUN git clone \ + --branch v1.2.8 \ + --depth 1 \ + https://github.com/alsa-project/alsa-lib.git + +RUN git clone \ + --branch v2.0.2 \ + --depth 1 \ + https://github.com/mstorsjo/fdk-aac.git + +RUN git clone \ + --branch libXext-1.3.5 \ + --depth 1 \ + https://gitlab.freedesktop.org/xorg/lib/libxext.git + +RUN git clone \ + --depth 1 \ + --branch 2.16.0 \ + https://github.com/intel/libva + +RUN git clone \ + --depth 1 \ + --branch libvdpau-1.2 \ + https://gitlab.freedesktop.org/vdpau/libvdpau.git + +RUN git clone \ + --depth 1 \ + --branch v1.12.0 \ + https://chromium.googlesource.com/webm/libvpx + +RUN git clone \ + --depth 1 \ + --branch v1.3.5 \ + https://github.com/xiph/ogg + +RUN git clone \ + --depth 1 \ + --branch v1.3.1 \ + https://github.com/xiph/opus + +RUN git clone \ + --depth 1 \ + --branch v1.1.1 \ + https://github.com/xiph/theora + +RUN git clone \ + --depth 1 \ + --branch v1.3.7 \ + https://github.com/xiph/vorbis + +RUN git clone \ + --depth 1 \ + --branch v2.10.3 \ + https://gitlab.gnome.org/GNOME/libxml2.git + +RUN git clone \ + --branch n5.1.2 \ + --depth 1 \ + https://git.ffmpeg.org/ffmpeg.git + +COPY build.sh group_seed_corpus.py $SRC/ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/benchmark.yaml b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/benchmark.yaml new file mode 100644 index 000000000..c7541fe45 --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/benchmark.yaml @@ -0,0 +1,47 @@ +# 5706852010164224 +commit: fe85afbf8cb2b9cf8cb28cb13bff654949b43823 +fuzz_target: ffmpeg_DEMUXER_fuzzer +project: ffmpeg +type: bug +unsupported_fuzzers: + - aflcc + - afl_qemu + - aflplusplus_qemu + - aflplusplus_qemu_tracepc + - aflplusplus_zafl + - aflplusplus_frida + - honggfuzz_qemu + - klee + - weizz_qemu + - lafintel + - eclipser + - eclipser_aflplusplus + - aflplusplus_qemu_inmem + - symcc_afl + - symcc_afl_single + - symcc_aflplusplus + - symcc_aflplusplus_single + - aflplusplus_unusual_enabled + - aflplusplus_unusual_disabled + - aflplusplus_cmplog_double + - symcc_aflplusplus_single + - eclipser_aflplusplus + - aflplusplus_qemu_double + - fuzzolic_aflplusplus_z3 + - symqemu_aflplusplus + - fuzzolic_aflplusplus_fuzzy + - fuzzolic_aflplusplus_z3dict + - cfctx_bottom + - cfctx_dataflow_seadsa + - cfctx_dataflow_svf + - cfctx_randomic + - cfctx_params + - cfctx_params_512kb + - afldd + - aflpp_vs_dd + - aflplusplus_gcc + - libfuzzer_dataflow + - libfuzzer_dataflow_load + - libfuzzer_dataflow_store + - libfuzzer_dataflow_pre + - wingfuzz diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/bionic.list b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/bionic.list new file mode 100644 index 000000000..8621803a7 --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/bionic.list @@ -0,0 +1,2 @@ +# use nasm 2.13.02 from bionic +deb http://archive.ubuntu.com/ubuntu/ bionic universe diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/build.sh b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/build.sh new file mode 100755 index 000000000..d45d543c2 --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/build.sh @@ -0,0 +1,175 @@ +#!/bin/bash -eux +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Disable UBSan vptr since several targets built with -fno-rtti. +export CFLAGS="$CFLAGS -fno-sanitize=vptr" +export CXXFLAGS="$CXXFLAGS -fno-sanitize=vptr" + +# Build dependencies. +export FFMPEG_DEPS_PATH="$SRC/ffmpeg_deps" +mkdir -p $FFMPEG_DEPS_PATH + +export PATH="$FFMPEG_DEPS_PATH/bin:$PATH" +export LD_LIBRARY_PATH="$FFMPEG_DEPS_PATH/lib" +export PKG_CONFIG_PATH="$LD_LIBRARY_PATH/pkgconfig:$LD_LIBRARY_PATH/x86_64-linux-gnu/pkgconfig" + +(cd $SRC/alsa-lib +./gitcompile +./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static --disable-shared +make clean +make -j$(nproc) all +make install) + +(cd $SRC/fdk-aac +autoreconf -fiv +CXXFLAGS="$CXXFLAGS -fno-sanitize=shift-base" \ +./configure --prefix="$FFMPEG_DEPS_PATH" --disable-shared +make clean +make -j$(nproc) all +make install) + +(cd $SRC/libxext +./autogen.sh +./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static +make clean +make -j$(nproc) +make install) + +(cd $SRC/libva +./autogen.sh +./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static --disable-shared +make clean +make -j$(nproc) all +make install) + +(cd $SRC/libvdpau +# Requires libpciaccess-dev +./autogen.sh +./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static --disable-shared +make clean +make -j$(nproc) all +make install) + +(cd $SRC/libvpx +LDFLAGS="$CXXFLAGS" ./configure --prefix="$FFMPEG_DEPS_PATH" \ + --disable-examples --disable-unit-tests \ + --size-limit=12288x12288 \ + --extra-cflags="-DVPX_MAX_ALLOCABLE_MEMORY=1073741824" +make clean +make -j$(nproc) all +make install) + +(cd $SRC/ogg +./autogen.sh +./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static --disable-crc +make clean +make -j$(nproc) +make install) + +(cd $SRC/opus +./autogen.sh +./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static +make clean +make -j$(nproc) all +make install) + +(cd $SRC/theora +# theora requires ogg, need to pass its location to the "configure" script. +CFLAGS="$CFLAGS -fPIC" LDFLAGS="-L$FFMPEG_DEPS_PATH/lib/" \ + CPPFLAGS="$CXXFLAGS -I$FFMPEG_DEPS_PATH/include/" \ + LD_LIBRARY_PATH="$FFMPEG_DEPS_PATH/lib/" \ + ./autogen.sh +./configure --with-ogg="$FFMPEG_DEPS_PATH" --prefix="$FFMPEG_DEPS_PATH" \ + --enable-static --disable-examples +make clean +make -j$(nproc) +make install) + +(cd $SRC/vorbis +./autogen.sh +./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static +make clean +make -j$(nproc) +make install) + +(cd $SRC/libxml2 +./autogen.sh --prefix="$FFMPEG_DEPS_PATH" --enable-static \ + --without-debug --without-ftp --without-http \ + --without-legacy --without-python +make clean +make -j$(nproc) +make install) + +# Remove shared libraries to avoid accidental linking against them. +rm $FFMPEG_DEPS_PATH/lib/*.so +rm $FFMPEG_DEPS_PATH/lib/*.so.* + +# Build ffmpeg. +cd $SRC/ffmpeg +PKG_CONFIG_PATH="$FFMPEG_DEPS_PATH/lib/pkgconfig" ./configure \ + --cc=$CC --cxx=$CXX --ld="$CXX $CXXFLAGS -std=c++11" \ + --extra-cflags="-I$FFMPEG_DEPS_PATH/include" \ + --extra-ldflags="-L$FFMPEG_DEPS_PATH/lib" \ + --prefix="$FFMPEG_DEPS_PATH" \ + --pkg-config-flags="--static" \ + --enable-ossfuzz \ + --libfuzzer=$LIB_FUZZING_ENGINE \ + --optflags=-O1 \ + --enable-gpl \ + --enable-libass \ + --enable-libfdk-aac \ + --enable-libfreetype \ + --enable-libopus \ + --enable-libtheora \ + --enable-libvorbis \ + --enable-libvpx \ + --enable-libxml2 \ + --enable-nonfree \ + --disable-muxers \ + --disable-protocols \ + --disable-demuxer=rtp,rtsp,sdp \ + --disable-devices \ + --disable-shared +make clean +make -j$(nproc) install + +# Download test sampes, will be used as seed corpus. +# DISABLED. +# TODO: implement a better way to maintain a minimized seed corpora +# for all targets. As of 2017-05-04 now the combined size of corpora +# is too big for ClusterFuzz (over 10Gb compressed data). +# export TEST_SAMPLES_PATH=$SRC/ffmpeg/fate-suite/ +# make fate-rsync SAMPLES=$TEST_SAMPLES_PATH + +# Build the fuzzers. +cd $SRC/ffmpeg + +FUZZ_TARGET_SOURCE=$SRC/ffmpeg/tools/target_dec_fuzzer.c + +export TEMP_VAR_CODEC="AV_CODEC_ID_H264" +export TEMP_VAR_CODEC_TYPE="VIDEO" + + +# Build fuzzer for demuxer +fuzzer_name=ffmpeg_DEMUXER_fuzzer +echo -en "[libfuzzer]\nmax_len = 1000000\n" > $OUT/${fuzzer_name}.options +make tools/target_dem_fuzzer +mv tools/target_dem_fuzzer $OUT/${fuzzer_name} + +# Find relevant corpus in test samples and archive them for every fuzzer. +#cd $SRC +#python group_seed_corpus.py $TEST_SAMPLES_PATH $OUT/ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/group_seed_corpus.py b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/group_seed_corpus.py new file mode 100755 index 000000000..1e1d51cd6 --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/group_seed_corpus.py @@ -0,0 +1,138 @@ +#!/usr/bin/env python +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +from __future__ import print_function +import logging +import os +import re +import sys +import zipfile + + +logging.basicConfig(level=logging.INFO, format='INFO: %(message)s') +CODEC_NAME_REGEXP = re.compile(r'codec_id_(.+?)_fuzzer') + + +def get_fuzzer_tags(fuzzer_name): + """Extract tags (are used to filter samples) from the given fuzzer name.""" + tags = [] + fuzzer_name = fuzzer_name.lower() + # All subtitle samples are in 'sub' directory, need to add 'sub' tag manually. + if 'subtitle' in fuzzer_name: + tags.append('sub') + m = CODEC_NAME_REGEXP.search(fuzzer_name) + if m: + codec_name = m.group(1) + # Some names are complex, need to split them and filter common strings. + codec_name_parts = codec_name.split('_') + for codec in codec_name_parts: + # Remove common strings from codec names like 'mpeg1video' or 'msvideo1'. + codec = codec.split('video')[0] + codec = codec.split('audio')[0] + codec = codec.split('subtitle')[0] + codec = codec.split('text')[0] + if codec: + # Some codec names have trailing characters: 'VP6F','FLV1', 'JPEGLS'. + # Use only first 3 characters for long enough codec names. + if len(codec) > 3: + tags.append(codec[:3]) + else: + tags.append(codec) + + return tags + + +def parse_corpus(corpus_directory): + """Recursively list all files in the given directory and ignore checksums.""" + all_corpus_files = [] + for root, dirs, files in os.walk(corpus_directory): + for filename in files: + # Skip checksum files, they are useless in corpus. + if 'md5sum' in filename: + continue + path = os.path.join(root, filename) + all_corpus_files.append(path) + + logging.info('Parsed %d corpus files from %s' % (len(all_corpus_files), + corpus_directory)) + return all_corpus_files + + +def parse_fuzzers(fuzzers_directory): + """Recursively list all fuzzers in the given directory.""" + all_fuzzers = [] + for filename in os.listdir(fuzzers_directory): + # Skip non-ffmpeg and non-fuzzer files in the given directory, + if not filename.startswith('ffmpeg_') or not filename.endswith('_fuzzer'): + continue + fuzzer_path = os.path.join(fuzzers_directory, filename) + all_fuzzers.append(fuzzer_path) + + logging.info('Parsed %d fuzzers from %s' % (len(all_fuzzers), + fuzzers_directory)) + return all_fuzzers + + +def zip_relevant_corpus(corpus_files, fuzzers): + """Find relevant corpus files and archive them for every fuzzer given.""" + for fuzzer in fuzzers: + fuzzer_name = os.path.basename(fuzzer) + fuzzer_directory = os.path.dirname(fuzzer) + fuzzer_tags = get_fuzzer_tags(fuzzer_name) + relevant_corpus_files = set() + for filename in corpus_files: + # Remove 'ffmpeg' substring to do not use everything for 'MPEG' codec. + sanitized_filename = filename.replace('ffmpeg', '').lower() + for tag in fuzzer_tags: + if tag in sanitized_filename: + relevant_corpus_files.add(filename) + + if not relevant_corpus_files: + # Strip last symbol from tags if we haven't found relevant corpus. + # It helps for such codecs as 'RV40' ('RV4' -> 'RV') or 'PCX' (-> 'PC'). + for tag in fuzzer_tags: + if tag[:-1] in sanitized_filename: + relevant_corpus_files.add(filename) + + logging.info( + 'Found %d relevant samples for %s' % (len(relevant_corpus_files), + fuzzer_name)) + + if not relevant_corpus_files: + continue + + zip_archive_name = fuzzer + "_seed_corpus.zip" + with zipfile.ZipFile(zip_archive_name, 'w') as archive: + for filename in relevant_corpus_files: + archive.write(filename) + + +def main(): + if len(sys.argv) < 3: + print('Usage: %s ' % __file__) + sys.exit(1) + + seed_corpus_directory = sys.argv[1] + fuzzers_directory = sys.argv[2] + + corpus_files = parse_corpus(seed_corpus_directory) + fuzzers = parse_fuzzers(fuzzers_directory) + zip_relevant_corpus(corpus_files, fuzzers) + + +if __name__ == '__main__': + sys.exit(main()) diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/nasm_apt.pin b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/nasm_apt.pin new file mode 100644 index 000000000..69099026b --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/nasm_apt.pin @@ -0,0 +1,7 @@ +Package: * +Pin: release n=bionic +Pin-Priority: 1 + +Package: nasm +Pin: release n=bionic +Pin-Priority: 555 diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15111 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15111 new file mode 100644 index 000000000..7f006e05e --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15111 @@ -0,0 +1 @@ + KPV ˙˙ K  \ No newline at end of file diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15113 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15113 new file mode 100644 index 000000000..f4f504dff --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15113 @@ -0,0 +1 @@ +904444:4 \ No newline at end of file diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15117 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15117 new file mode 100644 index 000000000..def776441 --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15117 @@ -0,0 +1 @@ +@5@44444442˙ \ No newline at end of file diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15118 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15118 new file mode 100644 index 000000000..beab19b9b Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15118 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15123 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15123 new file mode 100644 index 000000000..165f81ed6 --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15123 @@ -0,0 +1 @@ +1bit ˙˙ ˙˙ ˙ \ No newline at end of file diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15151 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15151 new file mode 100644 index 000000000..8ac930ba2 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15151 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15166 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15166 new file mode 100644 index 000000000..0a64b8a80 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15166 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15174 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15174 new file mode 100644 index 000000000..f0e491a57 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15174 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15205 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15205 new file mode 100644 index 000000000..b439058e6 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15205 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15271 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15271 new file mode 100644 index 000000000..5d920d8d2 --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15271 @@ -0,0 +1 @@ +TWIN € \ No newline at end of file diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15286 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15286 new file mode 100644 index 000000000..84b860b07 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15286 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15365 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15365 new file mode 100644 index 000000000..0444728fb Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15365 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15480 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15480 new file mode 100644 index 000000000..686c5c70f Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15480 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15496 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15496 new file mode 100644 index 000000000..c87568078 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15496 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15604 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15604 new file mode 100644 index 000000000..24dbf1dac Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15604 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15633 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15633 new file mode 100644 index 000000000..a0f6047f3 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15633 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15922 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15922 new file mode 100644 index 000000000..bb81c9566 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15922 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16022 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16022 new file mode 100644 index 000000000..7a30b6e85 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16022 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16057 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16057 new file mode 100644 index 000000000..1e533e002 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16057 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16079 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16079 new file mode 100644 index 000000000..700349f19 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16079 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16127 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16127 new file mode 100644 index 000000000..3dcad9405 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16127 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16430 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16430 new file mode 100644 index 000000000..58be0c688 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16430 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16624 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16624 new file mode 100644 index 000000000..0bb4cfc7b Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16624 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/17640 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/17640 new file mode 100644 index 000000000..4ed5f7858 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/17640 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/17828 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/17828 new file mode 100644 index 000000000..d0856031d --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/17828 @@ -0,0 +1 @@ +18446744073709574852,-3,"" \ No newline at end of file diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/18768 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/18768 new file mode 100644 index 000000000..a77e0ef6b Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/18768 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/20873 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/20873 new file mode 100644 index 000000000..caa2b6ebb Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/20873 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/22520 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/22520 new file mode 100644 index 000000000..144039b56 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/22520 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/23162 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/23162 new file mode 100644 index 000000000..74be838b1 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/23162 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/23167 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/23167 new file mode 100644 index 000000000..c9cffe2c7 --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/23167 @@ -0,0 +1,3 @@ +[2][] +[-1][18632997793934840606] + \ No newline at end of file diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/23490 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/23490 new file mode 100644 index 000000000..978fb7372 --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/23490 @@ -0,0 +1,4 @@ +{0}{} +{1}{} +{0}{} +}} \ No newline at end of file diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/23491 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/23491 new file mode 100644 index 000000000..b4eb78c2d Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/23491 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24193 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24193 new file mode 100644 index 000000000..64222f1fe --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24193 @@ -0,0 +1,3 @@ + +0:0:0.1,0:0:1.1 + \ No newline at end of file diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24457 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24457 new file mode 100644 index 000000000..d45dd1fb0 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24457 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24708 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24708 new file mode 100644 index 000000000..64898df5e Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24708 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24793 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24793 new file mode 100644 index 000000000..8af873008 --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24793 @@ -0,0 +1 @@ +.raý ˙ Int4 \ No newline at end of file diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24908 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24908 new file mode 100644 index 000000000..b86c2ca06 --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24908 @@ -0,0 +1 @@ +DEXA a ˙˙  \ No newline at end of file diff --git a/benchmarks/grok_grk_decompress_fuzzer_d9ff920/Dockerfile b/benchmarks/grok_grk_decompress_fuzzer_d9ff920/Dockerfile new file mode 100644 index 000000000..a87646f8b --- /dev/null +++ b/benchmarks/grok_grk_decompress_fuzzer_d9ff920/Dockerfile @@ -0,0 +1,27 @@ +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN git clone \ + https://github.com/GrokImageCompression/grok.git \ + grok +RUN git clone https://github.com/GrokImageCompression/grok-test-data.git \ + grok-data + +WORKDIR grok +COPY build.sh $SRC/ + diff --git a/benchmarks/grok_grk_decompress_fuzzer_d9ff920/benchmark.yaml b/benchmarks/grok_grk_decompress_fuzzer_d9ff920/benchmark.yaml new file mode 100644 index 000000000..0c156fb63 --- /dev/null +++ b/benchmarks/grok_grk_decompress_fuzzer_d9ff920/benchmark.yaml @@ -0,0 +1,27 @@ + +commit: d9ff9204d64880960afa4e26643a61e265c5e2b2 +commit_date: 2022-12-07T16:22:50+0000 +fuzz_target: grk_decompress_fuzzer +project: grok +type: bug +unsupported_fuzzers: + - centipede + - aflcc + - afl_qemu + - aflplusplus_qemu + - aflplusplus_qemu_tracepc + - aflplusplus_frida + - honggfuzz_qemu + - klee + - lafintel + - weizz_qemu + - cfctx_dataflow_seadsa + - cfctx_dataflow_seadsa_llc + - aflplusplus_cmplog_double + - symcc_aflplusplus_single + - eclipser_aflplusplus + - aflplusplus_qemu_double + - fuzzolic_aflplusplus_z3 + - symqemu_aflplusplus + - fuzzolic_aflplusplus_fuzzy + - fuzzolic_aflplusplus_z3dict diff --git a/benchmarks/grok_grk_decompress_fuzzer_d9ff920/build.sh b/benchmarks/grok_grk_decompress_fuzzer_d9ff920/build.sh new file mode 100755 index 000000000..21ee2269b --- /dev/null +++ b/benchmarks/grok_grk_decompress_fuzzer_d9ff920/build.sh @@ -0,0 +1,26 @@ +#!/bin/bash -eu +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +mkdir build +cd build +cmake .. -DGRK_BUILD_CODEC=OFF -DBUILD_SHARED_LIBS=OFF -DGRK_BUILD_THIRDPARY=ON +make clean -s +make -j$(nproc) -s +cd .. + +./tests/fuzzers/build_google_oss_fuzzers.sh +./tests/fuzzers/build_seed_corpus.sh diff --git a/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/Dockerfile b/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/Dockerfile new file mode 100644 index 000000000..a62ded5df --- /dev/null +++ b/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/Dockerfile @@ -0,0 +1,31 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN apt-get update && \ + apt-get install -y \ + make \ + automake \ + libtool \ + wget + +RUN git clone https://github.com/mm2/Little-CMS.git + +RUN wget -qO $OUT/cms_transform_all_fuzzer.dict \ + https://raw.githubusercontent.com/google/fuzzing/master/dictionaries/icc.dict +COPY cms_transform_all_fuzzer.c build.sh $SRC/ +ADD seeds /opt/seeds diff --git a/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/benchmark.yaml b/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/benchmark.yaml new file mode 100644 index 000000000..05942d426 --- /dev/null +++ b/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/benchmark.yaml @@ -0,0 +1,26 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# 5883733894365184 +commit: a9796f61c682f5320ff572c888062ee34315b836 +commit_date: 2022-07-26T14:34:48+0000 +fuzz_target: cms_transform_all_fuzzer +project: lcms +type: bug +unsupported_fuzzers: + - symcc_afl + - symcc_afl_single + - symcc_aflplusplus + - afldd + - aflpp_vs_dd diff --git a/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/build.sh b/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/build.sh new file mode 100755 index 000000000..283d68df0 --- /dev/null +++ b/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/build.sh @@ -0,0 +1,32 @@ +#!/bin/bash -ex +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +cd Little-CMS +./autogen.sh +./configure +make -j $(nproc) + +# build your fuzzer(s) +FUZZERS="cms_transform_all_fuzzer" + +for F in $FUZZERS; do + $CC $CFLAGS -c -Iinclude \ + $SRC/$F.c -o $SRC/$F.o + $CXX $CXXFLAGS \ + $SRC/$F.o -o $OUT/$F \ + $LIB_FUZZING_ENGINE src/.libs/liblcms2.a +done + +cp -r /opt/seeds $OUT/ diff --git a/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/cms_transform_all_fuzzer.c b/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/cms_transform_all_fuzzer.c new file mode 100644 index 000000000..0684505ee --- /dev/null +++ b/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/cms_transform_all_fuzzer.c @@ -0,0 +1,59 @@ +/* Copyright 2022 Google LLC +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#include +#include "lcms2.h" + +void +run_test(const uint8_t *data, + size_t size, + uint32_t intent_id, + uint32_t input_format, + uint32_t output_format, + uint32_t flags) { + if (size < 2) { + return; + } + + size_t mid = size / 2; + + cmsHPROFILE hInProfile, hOutProfile; + cmsHTRANSFORM hTransform; + + hInProfile = cmsOpenProfileFromMem(data, mid); + hOutProfile = cmsOpenProfileFromMem(data + mid, size - mid); + hTransform = cmsCreateTransform(hInProfile, input_format, hOutProfile, + output_format, intent_id, flags); + cmsCloseProfile(hInProfile); + cmsCloseProfile(hOutProfile); + + if (hTransform) { + cmsDeleteTransform(hTransform); + } +} + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size < 16) { + return 0; + } + + // Generate a random set of args for cmsCreateTransform + uint32_t input_format = *((const uint32_t *)data); + uint32_t output_format = *((const uint32_t *)data+1); + uint32_t flags = *((const uint32_t *)data+2); + uint32_t intent = *((const uint32_t *)data+3) % 16; + data += 16; + size -= 16; + + run_test(data, size, intent, input_format, output_format, flags); + return 0; +} diff --git a/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/seeds/seed b/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/seeds/seed new file mode 100644 index 000000000..84618ba47 Binary files /dev/null and b/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/seeds/seed differ diff --git a/benchmarks/libaom_av1_dec_fuzzer_6e1848/Dockerfile b/benchmarks/libaom_av1_dec_fuzzer_5a4757/Dockerfile similarity index 100% rename from benchmarks/libaom_av1_dec_fuzzer_6e1848/Dockerfile rename to benchmarks/libaom_av1_dec_fuzzer_5a4757/Dockerfile diff --git a/benchmarks/libaom_av1_dec_fuzzer_6e1848/README.md b/benchmarks/libaom_av1_dec_fuzzer_5a4757/README.md similarity index 100% rename from benchmarks/libaom_av1_dec_fuzzer_6e1848/README.md rename to benchmarks/libaom_av1_dec_fuzzer_5a4757/README.md diff --git a/benchmarks/libaom_av1_dec_fuzzer_6e1848/benchmark.yaml b/benchmarks/libaom_av1_dec_fuzzer_5a4757/benchmark.yaml similarity index 59% rename from benchmarks/libaom_av1_dec_fuzzer_6e1848/benchmark.yaml rename to benchmarks/libaom_av1_dec_fuzzer_5a4757/benchmark.yaml index ccab9d1e1..913749bd3 100644 --- a/benchmarks/libaom_av1_dec_fuzzer_6e1848/benchmark.yaml +++ b/benchmarks/libaom_av1_dec_fuzzer_5a4757/benchmark.yaml @@ -1,5 +1,5 @@ # 4601636403675136 -commit: 6E184898310E49E33231B508618D6FDE8B84AB90 +commit: 5a47573f59c041e9faaf38b8e21f15affa6bcccb fuzz_target: av1_dec_fuzzer project: libaom type: bug diff --git a/benchmarks/libaom_av1_dec_fuzzer_6e1848/build.sh b/benchmarks/libaom_av1_dec_fuzzer_5a4757/build.sh similarity index 100% rename from benchmarks/libaom_av1_dec_fuzzer_6e1848/build.sh rename to benchmarks/libaom_av1_dec_fuzzer_5a4757/build.sh diff --git a/benchmarks/libaom_av1_dec_fuzzer_cbbc5c/Dockerfile b/benchmarks/libaom_av1_dec_fuzzer_cbbc5c/Dockerfile new file mode 100644 index 000000000..17658fab1 --- /dev/null +++ b/benchmarks/libaom_av1_dec_fuzzer_cbbc5c/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN apt-get update && apt-get install -y cmake yasm wget +RUN git clone https://aomedia.googlesource.com/aom +ADD https://storage.googleapis.com/aom-test-data/fuzzer/dec_fuzzer_seed_corpus.zip $SRC/ +COPY build.sh $SRC/ +WORKDIR aom diff --git a/benchmarks/libaom_av1_dec_fuzzer_cbbc5c/README.md b/benchmarks/libaom_av1_dec_fuzzer_cbbc5c/README.md new file mode 100644 index 000000000..5d90b688c --- /dev/null +++ b/benchmarks/libaom_av1_dec_fuzzer_cbbc5c/README.md @@ -0,0 +1,52 @@ +# Submit a Patch to oss-fuzz repo + +## One-time Setup + +1. Create github account if needed (with @google.com email address, preferably) + and log in. +1. To allow “git push” to work, you’ll have to add an SSH key: + https://help.github.com/articles/connecting-to-github-with-ssh/ +1. Go to https://github.com/google/oss-fuzz and click on “Fork”. +1. Go to your own fork of the repo, which will be at + https://github.com/\/oss-fuzz +1. Click on “clone or download” and pick “Clone with SSH” method (I found that + easier to use for “git push”). Then copy that URL and run “git clone \” + in terminal. Now you have a local repo, and **your fork** of the remote repo + will be called “**origin**” in your git config. +1. Configure a remote repo pointing to the **upstream repo** + (https://github.com/google/oss-fuzz) so that it’s called “**upstream**”: + * cd \/oss-fuzz + * git remote add upstream git@github.com:google/oss-fuzz.git + * git remote -v + +NOTE: For trivial changes it's possible to edit the files in the web UI on the +main project and create a commit + pull request from that. + +## Workflow for a Pull Request (Patch) + +1. Go to your repo: + * cd \/oss-fuzz +1. Create a new branch: + * git checkout master + * git checkout -b new_feature_xyz +1. Make your changes and commit them locally with “git commit” +1. Push your changes to your fork on github + * git push -u origin HEAD + * (This will create a branch of the same name “new_feature_xyz” on your + fork “origin”). +1. Open your fork in browser and click on “Compare & pull request” and follow + the prompts. +1. If changes are requested to the patch: + * make changes to the same local branch + * commit them locally with “git commit” (but DO NOT amend!) + * git push -u origin HEAD +1. Once pull request is closed: + * Delete “new_feature_xyz” branch on your fork using the “Delete branch” + button on the pull request + * Delete local “new_feature_xyz” branch locally with “git checkout master + && git branch -D new_feature_xyz” + * Sync your local repo and your fork with upstream repo: + * git checkout master + * git fetch upstream + * git merge upstream/master + * git push origin master diff --git a/benchmarks/libaom_av1_dec_fuzzer_cbbc5c/benchmark.yaml b/benchmarks/libaom_av1_dec_fuzzer_cbbc5c/benchmark.yaml new file mode 100644 index 000000000..44d6c9632 --- /dev/null +++ b/benchmarks/libaom_av1_dec_fuzzer_cbbc5c/benchmark.yaml @@ -0,0 +1,5 @@ +# 4601636403675136 +commit: cbbc5cc3ab19003937bd97ebcea811961eb42736 +fuzz_target: av1_dec_fuzzer +project: libaom +type: bug diff --git a/benchmarks/libaom_av1_dec_fuzzer_cbbc5c/build.sh b/benchmarks/libaom_av1_dec_fuzzer_cbbc5c/build.sh new file mode 100755 index 000000000..53c87ebfc --- /dev/null +++ b/benchmarks/libaom_av1_dec_fuzzer_cbbc5c/build.sh @@ -0,0 +1,69 @@ +#!/bin/bash -eu +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Build libaom +build_dir=$WORK/build +mkdir -p ${build_dir} +pushd ${build_dir} +# Remove files generated by the previous build. +rm -rf ./* + +# oss-fuzz has 2 GB total memory allocation limit. So, we limit per-allocation +# limit in libaom to 1 GB to avoid OOM errors. A smaller per-allocation is +# needed for MemorySanitizer (see bug oss-fuzz:9497 and bug oss-fuzz:9499). +if [[ $CFLAGS = *sanitize=memory* ]]; then + extra_c_flags='-DAOM_MAX_ALLOCABLE_MEMORY=536870912' +else + extra_c_flags='-DAOM_MAX_ALLOCABLE_MEMORY=1073741824' +fi +# Also, enable DO_RANGE_CHECK_CLAMP to suppress the noise of integer overflows +# in the transform functions. +extra_c_flags+=' -DDO_RANGE_CHECK_CLAMP=1' + +extra_cmake_flags= +# MemorySanitizer requires that all program code is instrumented. Therefore we +# need to replace all inline assembly code that writes to memory with pure C +# code. Disable all assembly code for MemorySanitizer. +if [[ $CFLAGS = *sanitize=memory* ]]; then + extra_cmake_flags+="-DAOM_TARGET_CPU=generic" +fi + +cmake $SRC/aom -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_FLAGS_RELEASE='-O3 -g' \ + -DCMAKE_CXX_FLAGS_RELEASE='-O3 -g' -DCONFIG_PIC=1 -DCONFIG_LOWBITDEPTH=1 \ + -DCONFIG_AV1_ENCODER=0 -DENABLE_EXAMPLES=0 -DENABLE_DOCS=0 -DENABLE_TESTS=0 \ + -DCONFIG_SIZE_LIMIT=1 -DDECODE_HEIGHT_LIMIT=12288 -DDECODE_WIDTH_LIMIT=12288 \ + -DAOM_EXTRA_C_FLAGS="${extra_c_flags}" -DENABLE_TOOLS=0 \ + -DAOM_EXTRA_CXX_FLAGS="${extra_c_flags}" ${extra_cmake_flags} +make -j$(nproc) +popd + +# build fuzzers +fuzzer_src_name=av1_dec_fuzzer +fuzzer_name=${fuzzer_src_name} + +$CXX $CXXFLAGS -std=c++11 \ + -I$SRC/aom \ + -I${build_dir} \ + -Wl,--start-group \ + $LIB_FUZZING_ENGINE \ + $SRC/aom/examples/${fuzzer_src_name}.cc -o $OUT/${fuzzer_name} \ + ${build_dir}/libaom.a -Wl,--end-group + +# copy seed corpus. +cp $SRC/dec_fuzzer_seed_corpus.zip $OUT/${fuzzer_name}_seed_corpus.zip +cp $SRC/aom/examples/av1_dec_fuzzer.dict $OUT/${fuzzer_name}.dict + diff --git a/benchmarks/libpcap_fuzz_filter_bc594f/Dockerfile b/benchmarks/libpcap_fuzz_filter_bc594f/Dockerfile new file mode 100644 index 000000000..338edfedd --- /dev/null +++ b/benchmarks/libpcap_fuzz_filter_bc594f/Dockerfile @@ -0,0 +1,29 @@ +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd +RUN apt-get update && \ + apt-get install -y make cmake flex bison + +RUN git clone https://github.com/the-tcpdump-group/libpcap.git libpcap + +# For corpus as wireshark. +RUN git clone https://github.com/the-tcpdump-group/tcpdump.git tcpdump && \ + git -C tcpdump checkout 032e4923e5202ea4d5a6d1cead83ed1927135874 + +WORKDIR $SRC +COPY build.sh $SRC/ + diff --git a/benchmarks/libpcap_fuzz_filter_bc594f/benchmark.yaml b/benchmarks/libpcap_fuzz_filter_bc594f/benchmark.yaml new file mode 100644 index 000000000..d63b93b8b --- /dev/null +++ b/benchmarks/libpcap_fuzz_filter_bc594f/benchmark.yaml @@ -0,0 +1,35 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# 4503656338161664 +commit: bc594f185299d9d4e3b39ba94e91a5b9ca8a938d +commit_date: 2023-02-25T22:56:01+0000 +fuzz_target: fuzz_filter +project: libpcap +type: bug +unsupported_fuzzers: + - klee + - symcc_afl + - symcc_afl_single + - symcc_aflplusplus + - symcc_aflplusplus_single + - aflplusplus_cmplog_double + - eclipser_aflplusplus + - aflplusplus_qemu_double + - fuzzolic_aflplusplus_z3 + - symqemu_aflplusplus + - fuzzolic_aflplusplus_fuzzy + - fuzzolic_aflplusplus_z3dict + - afldd + - aflpp_vs_dd diff --git a/benchmarks/libpcap_fuzz_filter_bc594f/build.sh b/benchmarks/libpcap_fuzz_filter_bc594f/build.sh new file mode 100644 index 000000000..f99be06e5 --- /dev/null +++ b/benchmarks/libpcap_fuzz_filter_bc594f/build.sh @@ -0,0 +1,40 @@ +#!/bin/bash -eu +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +cd libpcap +# build project +mkdir build +cd build +cmake -DDISABLE_DBUS=1 .. +make + +# build fuzz targets +$CC $CFLAGS -I.. -c ../testprogs/fuzz/fuzz_filter.c -o fuzz_filter.o +$CXX $CXXFLAGS fuzz_filter.o -o $OUT/fuzz_filter libpcap.a $LIB_FUZZING_ENGINE + +# export other associated stuff +cd .. +cp testprogs/fuzz/fuzz_*.options $OUT/ +# builds corpus +cd $SRC/tcpdump/ +zip -r fuzz_pcap_seed_corpus.zip tests/ +cp fuzz_pcap_seed_corpus.zip $OUT/ +cd $SRC/libpcap/testprogs/BPF +mkdir corpus +ls *.txt | while read i; do tail -1 $i > corpus/$i; done +zip -r fuzz_filter_seed_corpus.zip corpus/ +cp fuzz_filter_seed_corpus.zip $OUT/ diff --git a/benchmarks/systemd_fuzz-network-parser_288baf/Dockerfile b/benchmarks/systemd_fuzz-network-parser_46c3b1/Dockerfile similarity index 100% rename from benchmarks/systemd_fuzz-network-parser_288baf/Dockerfile rename to benchmarks/systemd_fuzz-network-parser_46c3b1/Dockerfile diff --git a/benchmarks/systemd_fuzz-network-parser_288baf/benchmark.yaml b/benchmarks/systemd_fuzz-network-parser_46c3b1/benchmark.yaml similarity index 77% rename from benchmarks/systemd_fuzz-network-parser_288baf/benchmark.yaml rename to benchmarks/systemd_fuzz-network-parser_46c3b1/benchmark.yaml index 7f469f86f..45501513b 100644 --- a/benchmarks/systemd_fuzz-network-parser_288baf/benchmark.yaml +++ b/benchmarks/systemd_fuzz-network-parser_46c3b1/benchmark.yaml @@ -1,5 +1,5 @@ # 6326353730863104 -commit: 288BAFA952B1D515E10BDF8C8F0ADDE3ACBBE4BE +commit: 46c3b1ff887e096f89cb1eae9b2567c5dd4272d3 commit_date: 2022-06-10T20:01:24+0000 fuzz_target: fuzz-network-parser project: systemd diff --git a/benchmarks/systemd_fuzz-network-parser_82d7a1/Dockerfile b/benchmarks/systemd_fuzz-network-parser_82d7a1/Dockerfile new file mode 100644 index 000000000..10d6e1887 --- /dev/null +++ b/benchmarks/systemd_fuzz-network-parser_82d7a1/Dockerfile @@ -0,0 +1,30 @@ +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN apt-get update && \ + apt-get install -y libcap-dev + +RUN git clone \ + --depth 1 \ + --branch v252 \ + https://github.com/systemd/systemd && \ + cp $SRC/systemd/tools/oss-fuzz.sh $SRC/build.sh && \ + # Move shared libraries and tweak rpath for all $ARCHITECTURE. + sed -i '119d;126d' $SRC/build.sh + +WORKDIR systemd diff --git a/benchmarks/systemd_fuzz-network-parser_82d7a1/benchmark.yaml b/benchmarks/systemd_fuzz-network-parser_82d7a1/benchmark.yaml new file mode 100644 index 000000000..403e03099 --- /dev/null +++ b/benchmarks/systemd_fuzz-network-parser_82d7a1/benchmark.yaml @@ -0,0 +1,9 @@ +# 6326353730863104 +commit: 82d7a151db3f504fee705bcd0ded2fa0d64eafb2 +commit_date: 2022-06-10T20:01:24+0000 +fuzz_target: fuzz-network-parser +project: systemd +type: bug +unsupported_fuzzers: + - centipede + - wingfuzz diff --git a/fuzzers/CIDfuzz/builder.Dockerfile b/fuzzers/CIDfuzz/builder.Dockerfile new file mode 100644 index 000000000..fe5995a77 --- /dev/null +++ b/fuzzers/CIDfuzz/builder.Dockerfile @@ -0,0 +1,30 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +# Download and compile AFL v2.56b. +# Set AFL_NO_X86 to skip flaky tests. +RUN git clone https://github.com/Radon10043/CIDFuzz /afl && \ + cd /afl && \ + AFL_NO_X86=1 make + +# Use afl_driver.cpp from LLVM as our fuzzing library. +RUN apt-get update && \ + apt-get install wget -y && \ + wget https://raw.githubusercontent.com/llvm/llvm-project/5feb80e748924606531ba28c97fe65145c65372e/compiler-rt/lib/fuzzer/afl/afl_driver.cpp -O /afl/afl_driver.cpp && \ + clang -Wno-pointer-sign -c /afl/llvm_mode/afl-llvm-rt.o.c -I/afl && \ + clang++ -stdlib=libc++ -std=c++11 -O2 -c /afl/afl_driver.cpp && \ + ar r /libAFL.a *.o diff --git a/fuzzers/CIDfuzz/fuzzer.py b/fuzzers/CIDfuzz/fuzzer.py new file mode 100755 index 000000000..386898e21 --- /dev/null +++ b/fuzzers/CIDfuzz/fuzzer.py @@ -0,0 +1,139 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Integration code for AFL fuzzer.""" + +import json +import os +import shutil +import subprocess + +from fuzzers import utils + + +def prepare_build_environment(): + """Set environment variables used to build targets for AFL-based + fuzzers.""" + + cflags = ['-fsanitize-coverage=trace-pc-guard'] + utils.append_flags('CFLAGS', cflags) + utils.append_flags('CXXFLAGS', cflags) + + os.environ['CC'] = 'clang' + os.environ['CXX'] = 'clang++' + os.environ['FUZZER_LIB'] = '/libAFL.a' + + +def build(): + """Build benchmark.""" + prepare_build_environment() + + utils.build_benchmark() + + print('[post_build] Copying afl-fuzz to $OUT directory') + # Copy out the afl-fuzz binary as a build artifact. + shutil.copy('/afl/afl-fuzz', os.environ['OUT']) + + +def get_stats(output_corpus, fuzzer_log): # pylint: disable=unused-argument + """Gets fuzzer stats for AFL.""" + # Get a dictionary containing the stats AFL reports. + stats_file = os.path.join(output_corpus, 'fuzzer_stats') + with open(stats_file, encoding='utf-8') as file_handle: + stats_file_lines = file_handle.read().splitlines() + stats_file_dict = {} + for stats_line in stats_file_lines: + key, value = stats_line.split(': ') + stats_file_dict[key.strip()] = value.strip() + + # Report to FuzzBench the stats it accepts. + stats = {'execs_per_sec': float(stats_file_dict['execs_per_sec'])} + return json.dumps(stats) + + +def prepare_fuzz_environment(input_corpus): + """Prepare to fuzz with AFL or another AFL-based fuzzer.""" + # Tell AFL to not use its terminal UI so we get usable logs. + os.environ['AFL_NO_UI'] = '1' + # Skip AFL's CPU frequency check (fails on Docker). + os.environ['AFL_SKIP_CPUFREQ'] = '1' + # No need to bind affinity to one core, Docker enforces 1 core usage. + os.environ['AFL_NO_AFFINITY'] = '1' + # AFL will abort on startup if the core pattern sends notifications to + # external programs. We don't care about this. + os.environ['AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES'] = '1' + # Don't exit when crashes are found. This can happen when corpus from + # OSS-Fuzz is used. + os.environ['AFL_SKIP_CRASHES'] = '1' + # Shuffle the queue + os.environ['AFL_SHUFFLE_QUEUE'] = '1' + + # AFL needs at least one non-empty seed to start. + utils.create_seed_file_for_empty_corpus(input_corpus) + + +def check_skip_det_compatible(additional_flags): + """ Checks if additional flags are compatible with '-d' option""" + # AFL refuses to take in '-d' with '-M' or '-S' options for parallel mode. + # (cf. https://github.com/google/AFL/blob/8da80951/afl-fuzz.c#L7477) + if '-M' in additional_flags or '-S' in additional_flags: + return False + return True + + +def run_afl_fuzz(input_corpus, + output_corpus, + target_binary, + additional_flags=None, + hide_output=False): + """Run afl-fuzz.""" + # Spawn the afl fuzzing process. + print('[run_afl_fuzz] Running target with afl-fuzz') + command = [ + './afl-fuzz', + '-i', + input_corpus, + '-o', + output_corpus, + # Use no memory limit as ASAN doesn't play nicely with one. + '-m', + 'none', + '-t', + '1000+', # Use same default 1 sec timeout, but add '+' to skip hangs. + ] + # Use '-d' to skip deterministic mode, as long as it it compatible with + # additional flags. + if not additional_flags or check_skip_det_compatible(additional_flags): + command.append('-d') + if additional_flags: + command.extend(additional_flags) + dictionary_path = utils.get_dictionary_path(target_binary) + if dictionary_path: + command.extend(['-x', dictionary_path]) + command += [ + '--', + target_binary, + # Pass INT_MAX to afl the maximize the number of persistent loops it + # performs. + '2147483647' + ] + print('[run_afl_fuzz] Running command: ' + ' '.join(command)) + output_stream = subprocess.DEVNULL if hide_output else None + subprocess.check_call(command, stdout=output_stream, stderr=output_stream) + + +def fuzz(input_corpus, output_corpus, target_binary): + """Run afl-fuzz on target.""" + prepare_fuzz_environment(input_corpus) + + run_afl_fuzz(input_corpus, output_corpus, target_binary) diff --git a/fuzzers/CIDfuzz/runner.Dockerfile b/fuzzers/CIDfuzz/runner.Dockerfile new file mode 100644 index 000000000..0d6cf004e --- /dev/null +++ b/fuzzers/CIDfuzz/runner.Dockerfile @@ -0,0 +1,15 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/fuzzbench/base-image diff --git a/fuzzers/aflchurnplusplus/builder.Dockerfile b/fuzzers/aflchurnplusplus/builder.Dockerfile new file mode 100644 index 000000000..b67704575 --- /dev/null +++ b/fuzzers/aflchurnplusplus/builder.Dockerfile @@ -0,0 +1,47 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +RUN apt-get update && \ + apt-get install -y \ + build-essential \ + python3-dev \ + python3-setuptools \ + automake \ + cmake \ + git \ + flex \ + bison \ + libglib2.0-dev \ + libpixman-1-dev \ + cargo \ + libgtk-3-dev \ + # for QEMU mode + ninja-build \ + gcc-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-plugin-dev \ + libstdc++-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-dev + +# Download afl++. +RUN git clone https://github.com/Dammo3/AFLChurnPlusPlus /afl && \ + cd /afl + +# Build without Python support as we don't need it. +# Set AFL_NO_X86 to skip flaky tests. +RUN cd /afl && \ + unset CFLAGS CXXFLAGS && \ + export CC=clang AFL_NO_X86=1 && \ + PYTHON_INCLUDE=/ make && \ + cp utils/aflpp_driver/libAFLDriver.a / \ No newline at end of file diff --git a/fuzzers/aflchurnplusplus/fuzzer.py b/fuzzers/aflchurnplusplus/fuzzer.py new file mode 100644 index 000000000..dfe411e4a --- /dev/null +++ b/fuzzers/aflchurnplusplus/fuzzer.py @@ -0,0 +1,282 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +"""Integration code for AFLplusplus fuzzer.""" + +import os +import shutil + +from fuzzers.afl import fuzzer as afl_fuzzer +from fuzzers import utils + + +def get_cmplog_build_directory(target_directory): + """Return path to CmpLog target directory.""" + return os.path.join(target_directory, 'cmplog') + + +def get_uninstrumented_build_directory(target_directory): + """Return path to CmpLog target directory.""" + return os.path.join(target_directory, 'uninstrumented') + + +def build(*args): # pylint: disable=too-many-branches,too-many-statements + """Build benchmark.""" + # BUILD_MODES is not already supported by fuzzbench, meanwhile we provide + # a default configuration. + + build_modes = list(args) + if 'BUILD_MODES' in os.environ: + build_modes = os.environ['BUILD_MODES'].split(',') + + # Placeholder comment. + build_directory = os.environ['OUT'] + + # If nothing was set this is the default: + if not build_modes: + build_modes = ['tracepc', 'cmplog', 'dict2file'] + + # For bug type benchmarks we have to instrument via native clang pcguard :( + build_flags = os.environ['CFLAGS'] + + if build_flags.find( + 'array-bounds' + ) != -1 and 'qemu' not in build_modes and 'classic' not in build_modes: + if 'gcc' not in build_modes: + build_modes[0] = 'native' + + # Instrumentation coverage modes: + if 'lto' in build_modes: + os.environ['CC'] = '/afl/afl-clang-lto' + os.environ['CXX'] = '/afl/afl-clang-lto++' + edge_file = build_directory + '/aflpp_edges.txt' + os.environ['AFL_LLVM_DOCUMENT_IDS'] = edge_file + if os.path.isfile('/usr/local/bin/llvm-ranlib-13'): + os.environ['RANLIB'] = 'llvm-ranlib-13' + os.environ['AR'] = 'llvm-ar-13' + os.environ['AS'] = 'llvm-as-13' + elif os.path.isfile('/usr/local/bin/llvm-ranlib-12'): + os.environ['RANLIB'] = 'llvm-ranlib-12' + os.environ['AR'] = 'llvm-ar-12' + os.environ['AS'] = 'llvm-as-12' + else: + os.environ['RANLIB'] = 'llvm-ranlib' + os.environ['AR'] = 'llvm-ar' + os.environ['AS'] = 'llvm-as' + elif 'qemu' in build_modes: + os.environ['CC'] = 'clang' + os.environ['CXX'] = 'clang++' + elif 'gcc' in build_modes: + os.environ['CC'] = 'afl-gcc-fast' + os.environ['CXX'] = 'afl-g++-fast' + if build_flags.find('array-bounds') != -1: + os.environ['CFLAGS'] = '-fsanitize=address -O1' + os.environ['CXXFLAGS'] = '-fsanitize=address -O1' + else: + os.environ['CFLAGS'] = '' + os.environ['CXXFLAGS'] = '' + os.environ['CPPFLAGS'] = '' + else: + os.environ['CC'] = '/afl/afl-clang-fast' + os.environ['CXX'] = '/afl/afl-clang-fast++' + + print('AFL++ build: ') + print(build_modes) + + if 'qemu' in build_modes or 'symcc' in build_modes: + os.environ['CFLAGS'] = ' '.join(utils.NO_SANITIZER_COMPAT_CFLAGS) + cxxflags = [utils.LIBCPLUSPLUS_FLAG] + utils.NO_SANITIZER_COMPAT_CFLAGS + os.environ['CXXFLAGS'] = ' '.join(cxxflags) + + if 'tracepc' in build_modes or 'pcguard' in build_modes: + os.environ['AFL_LLVM_USE_TRACE_PC'] = '1' + elif 'classic' in build_modes: + os.environ['AFL_LLVM_INSTRUMENT'] = 'CLASSIC' + elif 'native' in build_modes: + os.environ['AFL_LLVM_INSTRUMENT'] = 'LLVMNATIVE' + + # Instrumentation coverage options: + # Do not use a fixed map location (LTO only) + if 'dynamic' in build_modes: + os.environ['AFL_LLVM_MAP_DYNAMIC'] = '1' + # Use a fixed map location (LTO only) + if 'fixed' in build_modes: + os.environ['AFL_LLVM_MAP_ADDR'] = '0x10000' + # Generate an extra dictionary. + if 'dict2file' in build_modes or 'native' in build_modes: + os.environ['AFL_LLVM_DICT2FILE'] = build_directory + '/afl++.dict' + os.environ['AFL_LLVM_DICT2FILE_NO_MAIN'] = '1' + # Enable context sentitivity for LLVM mode (non LTO only) + if 'ctx' in build_modes: + os.environ['AFL_LLVM_CTX'] = '1' + # Enable N-gram coverage for LLVM mode (non LTO only) + if 'ngram2' in build_modes: + os.environ['AFL_LLVM_NGRAM_SIZE'] = '2' + elif 'ngram3' in build_modes: + os.environ['AFL_LLVM_NGRAM_SIZE'] = '3' + elif 'ngram4' in build_modes: + os.environ['AFL_LLVM_NGRAM_SIZE'] = '4' + elif 'ngram5' in build_modes: + os.environ['AFL_LLVM_NGRAM_SIZE'] = '5' + elif 'ngram6' in build_modes: + os.environ['AFL_LLVM_NGRAM_SIZE'] = '6' + elif 'ngram7' in build_modes: + os.environ['AFL_LLVM_NGRAM_SIZE'] = '7' + elif 'ngram8' in build_modes: + os.environ['AFL_LLVM_NGRAM_SIZE'] = '8' + elif 'ngram16' in build_modes: + os.environ['AFL_LLVM_NGRAM_SIZE'] = '16' + if 'ctx1' in build_modes: + os.environ['AFL_LLVM_CTX_K'] = '1' + elif 'ctx2' in build_modes: + os.environ['AFL_LLVM_CTX_K'] = '2' + elif 'ctx3' in build_modes: + os.environ['AFL_LLVM_CTX_K'] = '3' + elif 'ctx4' in build_modes: + os.environ['AFL_LLVM_CTX_K'] = '4' + + # Only one of the following OR cmplog + # enable laf-intel compare splitting + if 'laf' in build_modes: + os.environ['AFL_LLVM_LAF_SPLIT_SWITCHES'] = '1' + os.environ['AFL_LLVM_LAF_SPLIT_COMPARES'] = '1' + os.environ['AFL_LLVM_LAF_SPLIT_FLOATS'] = '1' + if 'autodict' not in build_modes: + os.environ['AFL_LLVM_LAF_TRANSFORM_COMPARES'] = '1' + + if 'eclipser' in build_modes: + os.environ['FUZZER_LIB'] = '/libStandaloneFuzzTarget.a' + else: + os.environ['FUZZER_LIB'] = '/libAFLDriver.a' + + # Some benchmarks like lcms. (see: + # https://github.com/mm2/Little-CMS/commit/ab1093539b4287c233aca6a3cf53b234faceb792#diff-f0e6d05e72548974e852e8e55dffc4ccR212) + # fail to compile if the compiler outputs things to stderr in unexpected + # cases. Prevent these failures by using AFL_QUIET to stop afl-clang-fast + # from writing AFL specific messages to stderr. + os.environ['AFL_QUIET'] = '1' + os.environ['AFL_MAP_SIZE'] = '2621440' + + src = os.getenv('SRC') + work = os.getenv('WORK') + + with utils.restore_directory(src), utils.restore_directory(work): + # Restore SRC to its initial state so we can build again without any + # trouble. For some OSS-Fuzz projects, build_benchmark cannot be run + # twice in the same directory without this. + utils.build_benchmark() + + if 'cmplog' in build_modes and 'qemu' not in build_modes: + + # CmpLog requires an build with different instrumentation. + new_env = os.environ.copy() + new_env['AFL_LLVM_CMPLOG'] = '1' + + # For CmpLog build, set the OUT and FUZZ_TARGET environment + # variable to point to the new CmpLog build directory. + cmplog_build_directory = get_cmplog_build_directory(build_directory) + os.mkdir(cmplog_build_directory) + new_env['OUT'] = cmplog_build_directory + fuzz_target = os.getenv('FUZZ_TARGET') + if fuzz_target: + new_env['FUZZ_TARGET'] = os.path.join(cmplog_build_directory, + os.path.basename(fuzz_target)) + + print('Re-building benchmark for CmpLog fuzzing target') + utils.build_benchmark(env=new_env) + + if 'symcc' in build_modes: + + symcc_build_directory = get_uninstrumented_build_directory( + build_directory) + os.mkdir(symcc_build_directory) + + # symcc requires an build with different instrumentation. + new_env = os.environ.copy() + new_env['CC'] = '/symcc/build/symcc' + new_env['CXX'] = '/symcc/build/sym++' + new_env['SYMCC_OUTPUT_DIR'] = '/tmp' + new_env['CXXFLAGS'] = new_env['CXXFLAGS'].replace('-stlib=libc++', '') + new_env['FUZZER_LIB'] = '/libfuzzer-harness.o' + new_env['OUT'] = symcc_build_directory + new_env['SYMCC_LIBCXX_PATH'] = '/libcxx_native_build' + new_env['SYMCC_NO_SYMBOLIC_INPUT'] = '1' + new_env['SYMCC_SILENT'] = '1' + + # For symcc build, set the OUT and FUZZ_TARGET environment + # variable to point to the new symcc build directory. + new_env['OUT'] = symcc_build_directory + fuzz_target = os.getenv('FUZZ_TARGET') + if fuzz_target: + new_env['FUZZ_TARGET'] = os.path.join(symcc_build_directory, + os.path.basename(fuzz_target)) + + print('Re-building benchmark for symcc fuzzing target') + utils.build_benchmark(env=new_env) + + shutil.copy('/afl/afl-fuzz', build_directory) + if os.path.exists('/afl/afl-qemu-trace'): + shutil.copy('/afl/afl-qemu-trace', build_directory) + if os.path.exists('/aflpp_qemu_driver_hook.so'): + shutil.copy('/aflpp_qemu_driver_hook.so', build_directory) + if os.path.exists('/get_frida_entry.sh'): + shutil.copy('/afl/afl-frida-trace.so', build_directory) + shutil.copy('/get_frida_entry.sh', build_directory) + + +# pylint: disable=too-many-arguments +def fuzz(input_corpus, + output_corpus, + target_binary, + flags=tuple(), + skip=False, + no_cmplog=False): # pylint: disable=too-many-arguments + """Run fuzzer.""" + # Calculate CmpLog binary path from the instrumented target binary. + target_binary_directory = os.path.dirname(target_binary) + cmplog_target_binary_directory = ( + get_cmplog_build_directory(target_binary_directory)) + target_binary_name = os.path.basename(target_binary) + cmplog_target_binary = os.path.join(cmplog_target_binary_directory, + target_binary_name) + + afl_fuzzer.prepare_fuzz_environment(input_corpus) + # decomment this to enable libdislocator. + # os.environ['AFL_ALIGNED_ALLOC'] = '1' # align malloc to max_align_t + # os.environ['AFL_PRELOAD'] = '/afl/libdislocator.so' + + flags = list(flags) + + if os.path.exists('./afl++.dict'): + flags += ['-x', './afl++.dict'] + + # Move the following to skip for upcoming _double tests: + if os.path.exists(cmplog_target_binary) and no_cmplog is False: + flags += ['-c', cmplog_target_binary] + + #os.environ['AFL_IGNORE_TIMEOUTS'] = '1' + os.environ['AFL_IGNORE_UNKNOWN_ENVS'] = '1' + os.environ['AFL_FAST_CAL'] = '1' + os.environ['AFL_NO_WARN_INSTABILITY'] = '1' + + if not skip: + os.environ['AFL_DISABLE_TRIM'] = '1' + os.environ['AFL_CMPLOG_ONLY_NEW'] = '1' + if 'ADDITIONAL_ARGS' in os.environ: + flags += os.environ['ADDITIONAL_ARGS'].split(' ') + + afl_fuzzer.run_afl_fuzz(input_corpus, + output_corpus, + target_binary, + additional_flags=flags) \ No newline at end of file diff --git a/fuzzers/aflchurnplusplus/runner.Dockerfile b/fuzzers/aflchurnplusplus/runner.Dockerfile new file mode 100644 index 000000000..78b9c3893 --- /dev/null +++ b/fuzzers/aflchurnplusplus/runner.Dockerfile @@ -0,0 +1,24 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/fuzzbench/base-image + +# This makes interactive docker runs painless: +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" +#ENV AFL_MAP_SIZE=2621440 +ENV PATH="$PATH:/out" +ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 +ENV AFL_TESTCACHE_SIZE=2 +# RUN apt-get update && apt-get upgrade && apt install -y unzip git gdb joe \ No newline at end of file diff --git a/fuzzers/aflplusplus/builder.Dockerfile b/fuzzers/aflplusplus/builder.Dockerfile index ff54ef780..12f57cb0c 100644 --- a/fuzzers/aflplusplus/builder.Dockerfile +++ b/fuzzers/aflplusplus/builder.Dockerfile @@ -37,7 +37,7 @@ RUN apt-get update && \ # Download afl++. RUN git clone -b dev https://github.com/AFLplusplus/AFLplusplus /afl && \ cd /afl && \ - git checkout 6f4b5ae0832774389b12c5a8cd3fb95821b438e5 || \ + git checkout 56d5aa3101945e81519a3fac8783d0d8fad82779 || \ true # Build without Python support as we don't need it. diff --git a/service/experiment-config.yaml b/service/experiment-config.yaml index b9acb09f8..53885721b 100644 --- a/service/experiment-config.yaml +++ b/service/experiment-config.yaml @@ -15,7 +15,7 @@ preemptible_runners: true # This experiment should generate a report that is combined with other public # "production" experiments. -merge_with_nonprivate: true +merge_with_nonprivate: false # This experiment should be merged with other reports in later experiments. private: false diff --git a/service/gcbrun_experiment.py b/service/gcbrun_experiment.py index 339972cfa..d8ac9b940 100644 --- a/service/gcbrun_experiment.py +++ b/service/gcbrun_experiment.py @@ -16,6 +16,7 @@ """Entrypoint for gcbrun into run_experiment. This script will get the command from the last PR comment containing "/gcbrun" and pass it to run_experiment.py which will run an experiment.""" +# a dummy comment! import logging import os