blob: 5b833896a86b6e78181c6c216d3ed0a0bae2c69e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
# Copyright (C) 2025 Sebastian Pipping <sebastian@pipping.org>
# Licensed under the MIT license
name: Run fuzzing regression tests
on:
pull_request:
push:
schedule:
- cron: '0 2 * * 5' # Every Friday at 2am
workflow_dispatch:
permissions:
contents: read
jobs:
run_fuzzers:
name: ${{ matrix.fuzzer_name }}
strategy:
fail-fast: false
matrix:
fuzzer_name:
- uri_dissect_query_malloc_fuzzer
- uri_dissect_query_mallocw_fuzzer
- uri_free_fuzzer
- uri_freew_fuzzer
- uri_parse_fuzzer
- uri_parsew_fuzzer
runs-on: ubuntu-24.04
env:
fuzzer_name: ${{ matrix.fuzzer_name }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Install Clang 21
run: |-
set -x
source /etc/os-release
wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -
sudo add-apt-repository "deb https://apt.llvm.org/${UBUNTU_CODENAME}/ llvm-toolchain-${UBUNTU_CODENAME}-21 main"
sudo apt-get update # due to new repository
sudo apt-get install --yes --no-install-recommends -V \
clang-21 \
libclang-rt-21-dev \
llvm-21
echo /usr/lib/llvm-21/bin >>"${GITHUB_PATH}"
- name: Build uriparser fuzzers
run: |
args=(
# Build nothing but fuzzers
-DURIPARSER_BUILD_DOCS=OFF
-DURIPARSER_BUILD_FUZZERS=ON
-DURIPARSER_BUILD_TOOLS=OFF
-DURIPARSER_ENABLE_INSTALL=OFF
-DURIPARSER_OSSFUZZ_BUILD=OFF
# Tune compilation of fuzzers to use Clang with ASan and UBSan
-DCMAKE_C_COMPILER=clang-21
-DCMAKE_CXX_COMPILER=clang++-21
-DCMAKE_{C,CXX}_FLAGS='-Wall -Wextra -pedantic -O1 -g -fsanitize=address,undefined -fno-sanitize-recover=all -fno-omit-frame-pointer -fno-common'
-DCMAKE_{EXE,MODULE,SHARED}_LINKER_FLAGS='-g -fsanitize=address,undefined'
-DURIPARSER_WARNINGS_AS_ERRORS=ON
)
set -x -o pipefail
cmake "${args[@]}" -S . -B build
make -C build VERBOSE=1 -j$(nproc)
- name: Download and extract uriparser fuzzing corpora
run: |-
set -x -o pipefail
cd build/
wget -q "https://storage.googleapis.com/uriparser-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/uriparser_${fuzzer_name}/public.zip"
unzip -q -d "corpus_${fuzzer_name}" public.zip
rm public.zip
- name: Run fuzzing regression tests
run: |
fuzz_args=(
-jobs=$(nproc)
-print_final_stats=1
-rss_limit_mb=2560 # from OSS-Fuzz
-timeout=25 # from OSS-Fuzz
)
set -x -o pipefail
cd "build/corpus_${fuzzer_name}/"
# Configure UBSan to show (non-default) stack traces for runtime errors
# NOTE: "halt_on_error=1" we don't need to add because of the
# -fno-sanitize-recover=all for CFLAGS further up.
# NOTE: "abort_on_error=1" we don't need here because to CI,
# a non-zero exit code is all that matters.
export UBSAN_OPTIONS='print_stacktrace=1'
find . -type f | sort | xargs -n 1000 "../fuzz/${fuzzer_name}" "${fuzz_args[@]}"
find . -type f | wc -l
- name: Store fuzzing logs of last batch
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: uriparser_fuzzing_logs_last_${{ github.sha }}_${{ matrix.fuzzer_name }}
path: build/*/fuzz-*.log
if-no-files-found: error
|
