diff options
| author | Jörg Frings-Fürst <debian@jff-webhsoting.net> | 2026-05-08 11:54:15 +0200 |
|---|---|---|
| committer | Jörg Frings-Fürst <debian@jff-webhsoting.net> | 2026-05-08 11:54:15 +0200 |
| commit | 9d62028a6e8eced2ae6fabedd2b6317e9519b00d (patch) | |
| tree | 1d8458cb6627ccfc673f791c5f0db45f9c06f7e0 /.github/workflows/fuzzing.yml | |
| parent | a1dac799b819ba356a2faff3a98d7f5f076c24b6 (diff) | |
| parent | 5177d88bf591522d1b934e24221e16e02cd1592b (diff) | |
Merge branch 'feature/upstream' into develop
Diffstat (limited to '.github/workflows/fuzzing.yml')
| -rw-r--r-- | .github/workflows/fuzzing.yml | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/.github/workflows/fuzzing.yml b/.github/workflows/fuzzing.yml new file mode 100644 index 0000000..5b83389 --- /dev/null +++ b/.github/workflows/fuzzing.yml @@ -0,0 +1,105 @@ +# Copyright (C) 2025 Sebastian Pipping <sebastian@pipping.org> +# Licensed under the MIT license + +name: Run fuzzing regression tests + +on: + pull_request: + push: + schedule: + - cron: '0 2 * * 5' # Every Friday at 2am + workflow_dispatch: + +permissions: + contents: read + +jobs: + run_fuzzers: + name: ${{ matrix.fuzzer_name }} + strategy: + fail-fast: false + matrix: + fuzzer_name: + - uri_dissect_query_malloc_fuzzer + - uri_dissect_query_mallocw_fuzzer + - uri_free_fuzzer + - uri_freew_fuzzer + - uri_parse_fuzzer + - uri_parsew_fuzzer + runs-on: ubuntu-24.04 + env: + fuzzer_name: ${{ matrix.fuzzer_name }} + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: Install Clang 21 + run: |- + set -x + source /etc/os-release + wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add - + sudo add-apt-repository "deb https://apt.llvm.org/${UBUNTU_CODENAME}/ llvm-toolchain-${UBUNTU_CODENAME}-21 main" + sudo apt-get update # due to new repository + sudo apt-get install --yes --no-install-recommends -V \ + clang-21 \ + libclang-rt-21-dev \ + llvm-21 + echo /usr/lib/llvm-21/bin >>"${GITHUB_PATH}" + + - name: Build uriparser fuzzers + run: | + args=( + # Build nothing but fuzzers + -DURIPARSER_BUILD_DOCS=OFF + -DURIPARSER_BUILD_FUZZERS=ON + -DURIPARSER_BUILD_TOOLS=OFF + -DURIPARSER_ENABLE_INSTALL=OFF + -DURIPARSER_OSSFUZZ_BUILD=OFF + + # Tune compilation of fuzzers to use Clang with ASan and UBSan + -DCMAKE_C_COMPILER=clang-21 + -DCMAKE_CXX_COMPILER=clang++-21 + -DCMAKE_{C,CXX}_FLAGS='-Wall -Wextra -pedantic -O1 -g -fsanitize=address,undefined -fno-sanitize-recover=all -fno-omit-frame-pointer -fno-common' + -DCMAKE_{EXE,MODULE,SHARED}_LINKER_FLAGS='-g -fsanitize=address,undefined' + -DURIPARSER_WARNINGS_AS_ERRORS=ON + ) + set -x -o pipefail + cmake "${args[@]}" -S . -B build + make -C build VERBOSE=1 -j$(nproc) + + - name: Download and extract uriparser fuzzing corpora + run: |- + set -x -o pipefail + cd build/ + wget -q "https://storage.googleapis.com/uriparser-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/uriparser_${fuzzer_name}/public.zip" + unzip -q -d "corpus_${fuzzer_name}" public.zip + rm public.zip + + - name: Run fuzzing regression tests + run: | + fuzz_args=( + -jobs=$(nproc) + -print_final_stats=1 + -rss_limit_mb=2560 # from OSS-Fuzz + -timeout=25 # from OSS-Fuzz + ) + + set -x -o pipefail + cd "build/corpus_${fuzzer_name}/" + + # Configure UBSan to show (non-default) stack traces for runtime errors + # NOTE: "halt_on_error=1" we don't need to add because of the + # -fno-sanitize-recover=all for CFLAGS further up. + # NOTE: "abort_on_error=1" we don't need here because to CI, + # a non-zero exit code is all that matters. + export UBSAN_OPTIONS='print_stacktrace=1' + + find . -type f | sort | xargs -n 1000 "../fuzz/${fuzzer_name}" "${fuzz_args[@]}" + find . -type f | wc -l + + - name: Store fuzzing logs of last batch + if: always() + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 + with: + name: uriparser_fuzzing_logs_last_${{ github.sha }}_${{ matrix.fuzzer_name }} + path: build/*/fuzz-*.log + if-no-files-found: error |