libarchive: fix harness and improve build setup

google / oss-fuzz

OSS-Fuzz - continuous fuzzing for open source software.

https://google.github.io/oss-fuzz

Apache License 2.0

10.13k stars 2.15k forks source link

libarchive: fix harness and improve build setup #12052

Closed Mrmaxmeier closed 2 days ago

Mrmaxmeier commented 3 weeks ago

This fixes a major harness issue in the libarchive fuzzer and resolves a fuzzing roadblock issue related to the build setup. All calls after archive_read_add_passphrase currently exit early because the decoder state is marked as invalid due to incorrect API usage.

When combined with https://github.com/libarchive/libarchive/pull/2229, this should improve coverage from ~15% to >45%. While the harness issue regressed at some point, it seems like the CRC build flag issue was always present in oss-fuzz's libarchive setup.

Thanks!

github-actions[bot] commented 3 weeks ago

Mrmaxmeier is a new contributor to projects/libarchive. The PR must be approved by known contributors before it can be merged. The past contributors are: DonggeLiu, jvoisin, devtty1er, Dor1s, mmatuska (unverified), inferno-chromium (unverified), ssbr (unverified)

Mrmaxmeier commented 2 weeks ago

Mrmaxmeier is a new contributor to projects/libarchive. The PR must be approved by known contributors before it can be merged. The past contributors are: DonggeLiu, jvoisin, devtty1er, Dor1s, mmatuska (unverified), inferno-chromium (unverified), ssbr (unverified)

cc @DonggeLiu

DonggeLiu commented 2 weeks ago

@DavidKorczynski could you please double-check this?

Mrmaxmeier commented 2 days ago

Friendly bump :)