projects: Add GStreamer #905
Conversation
This is an initial fuzzer which goes over ogg/theora/vorbis files using the discoverer process
|
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please visit https://cla.developers.google.com/ to sign. Once you've signed, please reply here (e.g.
|
|
I signed it! |
|
CLAs look good, thanks! |
projects/gstreamer/Dockerfile
Outdated
| @@ -0,0 +1,38 @@ | |||
| # Copyright 2016 Google Inc. | |||
There was a problem hiding this comment.
2017 here and in other files
projects/gstreamer/build.sh
Outdated
| ################################################################################ | ||
|
|
||
| # build project | ||
| # e.g. |
There was a problem hiding this comment.
can you remove these comments please (lines 18 - 28)?
projects/gstreamer/build.sh
Outdated
| # $CXX $CXXFLAGS -std=c++11 -Iinclude \ | ||
| # /path/to/name_of_fuzzer.cc -o /out/name_of_fuzzer \ | ||
| # -lFuzzingEngine /path/to/library.a | ||
| BASEFLAGS="-Wno-constant-conversion -Wno-header-guard -Wno-mismatched-tags -O2" |
There was a problem hiding this comment.
I think it would be better to remove -O2. We are using -O1 for fuzzing builds, as it seems to have a better balance between speed and number of branches.
projects/gstreamer/build.sh
Outdated
| mkdir -p $PREFIX | ||
| cd $WORK | ||
|
|
||
| env |
|
Thanks for the review. There was indeed some cruft/comments that I removed. |
|
Thanks for the cleanup Edward! One more question: can you move fuzz target to the GStreamer repo? This is what we expect projects to do as a part of "ideal integration". Plus, it's much more convenient when you (or anyone else) need to make some changes in the fuzz target itself. |
projects/gstreamer/build.sh
Outdated
| echo | ||
|
|
||
| cd $OUT | ||
| wget -nd https://people.freedesktop.org/~bilboed/gst-discoverer_seed_corpus.zip |
There was a problem hiding this comment.
this is better be done in Dockerfile
There was a problem hiding this comment.
Downloading the corpus ? Or putting it in $OUT/ ?
There was a problem hiding this comment.
projects/gstreamer/build.sh
Outdated
| cd $OUT | ||
| wget -nd https://people.freedesktop.org/~bilboed/gst-discoverer_seed_corpus.zip | ||
|
|
||
| cp $LIB_FUZZING_ENGINE /work/ |
There was a problem hiding this comment.
whoops, leftover testing, will remove
projects/gstreamer/gst-discoverer.c
Outdated
| @@ -0,0 +1,505 @@ | |||
| /* GStreamer | |||
There was a problem hiding this comment.
Yea, we encourage to have the fuzz target in the project's repository, not here.
https://github.com/google/oss-fuzz/blob/master/docs/ideal_integration.md
There was a problem hiding this comment.
Also check the license.
We don't want files with such license in this repository.
projects/gstreamer/project.yaml
Outdated
| - address | ||
| - memory | ||
| - undefined | ||
|
|
There was a problem hiding this comment.
Just in case, make sure there is a new line at EOF
projects/gstreamer/project.yaml
Outdated
| primary_contact: "bilboed@bilboed.com" | ||
| sanitizers: | ||
| - address | ||
| - memory |
There was a problem hiding this comment.
Assuming you've verified that msan works and doesn't give false positives right away.
There was a problem hiding this comment.
Should I just leave the default then ? (i.e. nothing)
projects/gstreamer/gst-discoverer.c
Outdated
| g_signal_connect (dc, "source-setup", (GCallback) appsrc_configuration, NULL); | ||
|
|
||
| info = gst_discoverer_discover_uri (dc, "appsrc://", &err); | ||
| print_info (info, err); |
There was a problem hiding this comment.
If you print something while executing every input, fuzzing will be very inefficient (will spend all the time printing)
There was a problem hiding this comment.
Is one/two lines ok for debugging purposes ?
There was a problem hiding this comment.
I think you may have it under some debug switch, in case you are going to debug things locally, but for fuzzing build we need to avoid any output.
There was a problem hiding this comment.
Fair enough, I'll fix that.
projects/gstreamer/build.sh
Outdated
| $SRC/gst-discoverer.o \ | ||
| $PLUGINS \ | ||
| $BUILD_LDFLAGS \ | ||
| $LIB_FUZZING_ENGINE \ |
There was a problem hiding this comment.
I'm confused. Why do you link $OUT/gst-discoverer here and gst-discoverer above?
There was a problem hiding this comment.
This is the linking phase. The phase above is the compilation phase (C compilation vs C++ linking)
projects/gstreamer/build.sh
Outdated
| # | ||
| ################################################################################ | ||
|
|
||
| BASEFLAGS="-Wno-constant-conversion -Wno-header-guard -Wno-mismatched-tags" |
There was a problem hiding this comment.
Will try recompiling without
projects/gstreamer/Dockerfile
Outdated
|
|
||
| WORKDIR gstreamer | ||
| COPY build.sh $SRC/ | ||
| COPY gst-discoverer.c $SRC/ |
There was a problem hiding this comment.
Just in case, add a new line at EOF
Use the security mailing list as the primary contact Remove explicit sanitizer listing
Removed almost all outputting I am the original author of the code this is taken for, relicensing an ultra-simplified version of my original code to Apache.
Data provided by the fuzzer shouldn't be freed (but the wrapping GstBuffer should). Avoid logging by default
And extract in build.sh
projects/gstreamer/build.sh
Outdated
|
|
||
| echo "CFLAGS" $CFLAGS | ||
| echo "CXXFLAGS" $CXXFLAGS | ||
| export LDFLAGS="$SANITIZER_FLAGS $COVERAGE_FLAGS" |
There was a problem hiding this comment.
I don't think COVERAGE_FLAGS is a part of our interface.
There was a problem hiding this comment.
There was a problem hiding this comment.
My bad, looked at the wrong section: https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-builder/README.md#compiler-flags
There was a problem hiding this comment.
So which is it ? Good or not good ? :)
There was a problem hiding this comment.
Not good :)
Just use LDFLAGS="$CXXFLAGS"
There was a problem hiding this comment.
We actually didn't need a custom LDFLAGS. Removed it altogether
projects/gstreamer/gst-discoverer.c
Outdated
| @@ -0,0 +1,152 @@ | |||
| /* | |||
There was a problem hiding this comment.
So, any chance to have this file upstream?
https://github.com/google/oss-fuzz/blob/master/docs/ideal_integration.md#tldr
There was a problem hiding this comment.
I was going to setup a new repository for GStreamer for all our CI/QA stuff (still located on freedesktop/gstreamer). I'll migrate the code over there and rebase all previous commits. Thanks for your patience/review :)
There was a problem hiding this comment.
Done, now upstream : https://cgit.freedesktop.org/gstreamer/gst-ci/tree/fuzzing/gst-discoverer.c
Remove custom LDFLAGS (not needed) Use fuzzing target code from upstream repository
|
Do you want me to squash everything into one commit before upstreaming ? Instead of several fix-this, fix-this, fix-this ? |
|
@bilboed, that's fine, github allows us to squash the commits altogether via single click :) |
|
I think most comments have been addressed (thanks!) I'm going to go ahead and merge this. |
* projects: Add GStreamer This is an initial fuzzer which goes over ogg/theora/vorbis files using the discoverer process * gstreamer/build.sh: Cleanup file * gstreamer/Dockerfile: Update copyright date * gstreamer: Update project.yaml Use the security mailing list as the primary contact Remove explicit sanitizer listing * gstreamer: Simplify base fuzzer Removed almost all outputting I am the original author of the code this is taken for, relicensing an ultra-simplified version of my original code to Apache. * gstreamer: Cleanup of build file and dockerfile * gstreamer: Code minimization and avoid leaks Data provided by the fuzzer shouldn't be freed (but the wrapping GstBuffer should). Avoid logging by default * gstreamer: Download corpus in Dockerfile And extract in build.sh * gstreamer: Move code to repository and more cleanups Remove custom LDFLAGS (not needed) Use fuzzing target code from upstream repository
This is an initial fuzzer which goes over ogg/theora/vorbis files
using the discoverer process