Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libarchive: fix harness and improve build setup #12052

Merged
merged 2 commits into from
Jul 1, 2024
Merged

libarchive: fix harness and improve build setup #12052

merged 2 commits into from
Jul 1, 2024

Conversation

Mrmaxmeier
Copy link
Contributor

@Mrmaxmeier Mrmaxmeier commented Jun 12, 2024
edited
Loading

This fixes a major harness issue in the libarchive fuzzer and resolves a fuzzing roadblock issue related to the build setup.
All calls after archive_read_add_passphrase currently exit early because the decoder state is marked as invalid due to incorrect API usage.

When combined with libarchive/libarchive#2229, this should improve coverage from ~15% to >45%.
While the harness issue regressed at some point, it seems like the CRC build flag issue was always present in oss-fuzz's libarchive setup.

Thanks!

@Mrmaxmeier
libarchive_fuzzer: resolve "invalid state" issue
b1a7cb2 
This fixes an API misuse issue in the libarchive harness. Calling
`archive_read_add_passphrase` is only allowed before
`archive_read_open_memory` and thus made all of the following code exit
early via `archive_check_magic` calls.
@Mrmaxmeier
libarchive: improve build script
2db5753 
Note that `-DDONT_FAIL_ON_CRC_ERROR` requires upstream  changes in order
to work. (i.e. this failed with "CMake doesn't know about this option"
previously)
@github-actions GitHub Actions
Copy link

Mrmaxmeier is a new contributor to projects/libarchive. The PR must be approved by known contributors before it can be merged. The past contributors are: DonggeLiu, jvoisin, devtty1er, Dor1s, mmatuska (unverified), inferno-chromium (unverified), ssbr (unverified)

@Mrmaxmeier
Copy link
Contributor Author

Mrmaxmeier is a new contributor to projects/libarchive. The PR must be approved by known contributors before it can be merged. The past contributors are: DonggeLiu, jvoisin, devtty1er, Dor1s, mmatuska (unverified), inferno-chromium (unverified), ssbr (unverified)

cc @DonggeLiu

@DonggeLiu
Copy link
Contributor

@DavidKorczynski could you please double-check this?

@Mrmaxmeier
Copy link
Contributor Author

Friendly bump :)

@DavidKorczynski DavidKorczynski merged commit d5b74d5 into google:master Jul 1, 2024
16 checks passed
@Mrmaxmeier Mrmaxmeier deleted the libarchive-fix-harness branch July 1, 2024 15:35
@Mrmaxmeier
Copy link
Contributor Author

📈
image

@DavidKorczynski
Copy link
Collaborator

Libarchive used to be quite high -- and indeed it was in 2021: https://storage.googleapis.com/oss-fuzz-coverage/libarchive/reports/20210204/linux/report.html

It looks like the regressions happened around October 2021 where there was a lot of activity on the project

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DavidKorczynski DavidKorczynski DavidKorczynski approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Mrmaxmeier @DonggeLiu @DavidKorczynski