* fuzz/main.c: Use --suppressions and --gen-suppressions
* fuzz/valgrind-suppressions: New suppression file
Some library's memory can't be freed. So we suppress what is needed
to let the CIs survive.
* fuzz/Makefile.am: Do not include corpora in tarball
* fuzz/main.c: SKIP if corpora directory isn't found (make check)
The fuzz corpora are thousands of files, not needed for a standard build
from a distribution tarball. The reproducers of former issues are being
included for regression testing.
* Makefile.am: Fix make target 'fuzz-coverage'
* configure.ac: Enable building static library by default,
add option --enable-fuzzing
* fuzz/Makefile.am: Add wget_options_fuzzer,
check for FUZZING (set with --enable-fuzzing)
* fuzz/README.md: Amend the text
* fuzz/main.c: Use printf() instead of wget_info_printf()
* fuzz/run-clang.sh: Use fuzzer binaries built by 'make'
* fuzz/wget_options_fuzzer.c: New fuzzer
* fuzz/wget_options_fuzzer.dict: New fuzzer dictionary
* fuzz/wget_options_fuzzer.in/*: Initial fuzz corpora
* libwget/net.c: Skip IP address resolution when fuzzing
* src/log.c: Don't create files when fuzzing,
don't print to console when fuzzing
* src/options.c: Add set_exit_status() and get_exit_status(),
don't print --help / --version to console when fuzzing,
do not call exit() - return error instead,
fix recursion level in _read_config(),
don't create files when fuzzing,
fix memory leaks in deinit()
* src/stats.c: Don't create files when fuzzing
* src/wget.c: Remove set_exit_status()
* src/wget_main.h: Remove exit_status_t
* src/wget_options.h: Add exit_status_t
* tests/test-plugin.c: Fix expected exit codes from 1 to 2
This is for application fuzzing (namely code from src/).
The code in src/ had to be prepared in certain ways, but it
doesn't add significant overhead, even makes the code cleaner
in some ways. Several of these changes have already been committed
into the master branch.
* examples/*.c: Use 0 instead of NULL as terminating param
* fuzz/main.c: Likewise
* include/wget/wget.h: Remove G_GNUC_WGET_NULL_TERMINATED from
wget_global_init() and wget_http_get().
* configure.ac: Remove AC_PROG_CXX
* fuzz/Makefile.am: Amend *_SOURCES for .c fuzzer targets,
Remove non-portable EXTRA_DIST wildcards,
Add dist-hook to include fuzzer target files,
Add oss-fuzz make target.
* fuzz/fuzzer.h: New file
* fuzz/*cc: Rename to C, include fuzzer.h
* fuzz/main.c: Include fuzzer.h
* fuzz/run-clang.sh: Build and run fuzzer targets made with clang/libFuzzer
* cfg.mk: Exclude *.repro/* from syntax-check
* fuzz/Makefile.am: Add *.repro/* to EXTRA_DIST
* fuzz/libwget_metalink_parse_fuzzer.repro/clusterfuzz-testcase-minimized-5103826937839616:
Reproducer for OSS-Fuzz issue #1915
* fuzz/libwget_xml_parse_buffer_fuzzer.repro/clusterfuzz-testcase-minimized-4704516446355456:
Reproducer for OSS-Fuzz issue #2041
* fuzz/main.c: Scan and test all files from *.repro/
* Makefile.am: Add 'fuzz' directory to SUBDIRS,
tune 'fuzz-coverage' make target,
print info on how to view coverage report.
* configure.ac: Add AC_PROG_CXX for C++ code in fuzz/
* fuzz/Makefile: Removed
* fuzz/Makefile.am: New file
* fuzz/libwget_bar_fuzzer.cc: Fix memleak
* fuzz/main.c: Add code for unit testing
The OSS-Fuzz targets will now be taken for unit testing as well.
That is, they will be tested by 'make check' including our sanitizer
and valgrind checks. The fuzz tests will be run once with each test
corpus from the corresponding '.in' directory.
A 'make fuzz-coverage' generates a coverage report for running all
fuzz targets against their corpora.
* Makefile.am: Add target 'fuzz-coverage' to generate a coverage
report for fuzz targets.
* fuzz/Makefile: Add target 'fuzz-coverage'
* fuzz/coverage.sh: New script to call a fuzz target with each corpus.
* fuzz/libwget_metalink_parse_fuzzer.cc: Add check for max input length.
* fuzz/libwget_xml_parse_buffer_fuzzer.cc: Likewise
* fuzz/libwget_robots_parse_fuzzer.cc: Add comment
* fuzz/libwget_robots_parse_fuzzer.in/user_agent2: Amend for max coverage
* fuzz/main.c: selfmade __AFL_LOOP() returns 0 after first invocation.
* fuzz/libwget_memtohex.in: Rename to fuzz/libwget_memtohex_fuzzer.in
* fuzz/libwget_metalink_parse.in: Rename to fuzz/libwget_metalink_parse_fuzzer.in
* fuzz/libwget_robots_parse.in: Rename to fuzz/libwget_robots_parse_fuzzer.in
* fuzz/libwget_xml_parse_buffer.in: Rename to fuzz/libwget_xml_parse_buffer_fuzzer.in
* fuzz/libwget_xml_parse_buffer.options: Removed
* fuzz/libwget_metalink_parse_fuzzer.options: Removed
* fuzz/*_fuzzer.cc: Use malloc() instead of stack memory to help
sanitizers.
* fuzz/libwget_robots_parse.in/user_agent1: Increase code coverage.
* fuzz/main.c: define __AFL_LOOP() is not already defined.
* fuzz/*: New files
README.md contains instructions how to build and run single fuzzers.
Currently we have fuzzers and corpora for
- wget_memtohex()
- wget_metalink_parse()
- wget_robots_parse()
- wget_xml_parse_buffer()
* fuzz/libwget_bar.in/123456: New file
