openjpeg/tests/fuzzers
Max Moroz b63a433ba1 tests/fuzzers: link fuzz binaries using $LIB_FUZZING_ENGINE. (#1230)
This was changed some time ago (https://google.github.io/oss-fuzz/getting-started/new-project-guide/) but the build didn't fail as there is a fallback mechanism. The main advantage of the new approach is that for libFuzzer this produces more performant binaries (as `$LIB_FUZZING_ENGINE` expands into `-fsanitize=fuzzer`, which links libFuzzer from the compiler-rt, allowing better optimization tricks).

I'm also experimenting with dataflow (https://github.com/google/oss-fuzz/issues/1632) on your project, and the dataflow config doesn't have a fallback (as it's a new configuration), therefore I'm proposing a change to migrate from `-lFuzzingEngine` to `$LIB_FUZZING_ENGINE`.
2020-01-13 18:07:54 +01:00
..
GNUmakefile tests/fuzzers: link fuzz binaries using $LIB_FUZZING_ENGINE. (#1230) 2020-01-13 18:07:54 +01:00
README.TXT Add tests/fuzzers for OSS Fuzz (#965) 2017-07-03 15:42:35 +02:00
build_google_oss_fuzzers.sh tests/fuzzers: link fuzz binaries using $LIB_FUZZING_ENGINE. (#1230) 2020-01-13 18:07:54 +01:00
build_seed_corpus.sh Add tests/fuzzers for OSS Fuzz (#965) 2017-07-03 15:42:35 +02:00
fuzzingengine.c Add tests/fuzzers for OSS Fuzz (#965) 2017-07-03 15:42:35 +02:00
opj_decompress_fuzzer.cpp opj_decompress_fuzzer: remove checks regarding input dimensions (fixes #1079) 2019-06-15 09:55:16 +02:00

README.TXT

This directory contain fuzzer main functions and scripts for the
Google OSS Fuzz project: https://github.com/google/oss-fuzz/

The main build scripts are in:
https://github.com/google/oss-fuzz/tree/master/projects/openjpeg
and call scripts in this directory.

The list of issues is in:
https://bugs.chromium.org/p/oss-fuzz/issues/list?q=openjpeg


- Simulate the build of (dummy) fuzzers like OSS Fuzz does:

   Preliminary steps:
    $ cd ${ROOT_OF_OPENJPEG}
    $ git clone --depth 1 https://github.com/uclouvain/openjpeg-data data
    $ mkdir build
    $ cd build
    $ cmake ..
    $ make
    $ cd ..

   Actual building of fuzzer and seed corpus:
    $ cd tests/fuzzers
    $ make

  They are created in /tmp/*_fuzzer as well as with the
  /tmp/*_fuzzer_seed_corpus.zip files

  Run one:
    $ /tmp/opj_decompress_fuzzer a_file_name

- Run locally OSS Fuzz:
    $ git clone https://github.com/google/oss-fuzz.git
    $ cd oss-fuzz
    $ python infra/helper.py build_image openjpeg

  Build fuzzers with the address sanitizer (could use undefined, etc...)
    $ python infra/helper.py build_fuzzers --sanitizer address openjpeg

  Test a particular fuzzer (replace opj_decompress_fuzzer by other fuzzers
  like the ones generated in /tmp by "make dummyfuzzers")
    $ python infra/helper.py run_fuzzer openjpeg opj_decompress_fuzzer


How to deal with issues reported in https://bugs.chromium.org/p/oss-fuzz/issues/list?q=openjpeg ?

    1. Leave a comment in (chromium database) bug entry to indicate that you work on it
    2. Work
    3. Commit a bug fix with log including "Credit to OSS-Fuzz" and a link to the bugs.chromium.org ticket
    4. Add in the bugs.chromium.org ticket a link to the github commit implementing the fix.
    5. Check chromium closed the bug (after one or two days typically)