Comments (4)
I don't think this is an OSS-Fuzz issue as such because it seems specific to the upx-project integration (i.e. the build.sh
is considered to be owned by the upstream project from an OSS-Fuzz perspective). It seems as a consequence of the integration being carried out by a 3rd party security researcher, similarly to described here: #11537 (comment)
Is there any chance you will be able to maintain the logic in https://github.com/google/oss-fuzz/tree/master/projects/upx @jreiser ? We could e.g. move as much logic as possible to upstream UPX so that you have direct access to adjusting the build/fuzz logic.
from oss-fuzz.
from oss-fuzz.
Sorry this has been getting slow replies.
You can just submit a pull request to change https://github.com/google/oss-fuzz/blob/master/projects/upx/build.sh and we will merge it. If that seems too bureaucratic for you, you can change the dockerfile to use a build.sh from the upx repo.
from oss-fuzz.
from oss-fuzz.
Related Issues (20)
- Timeout issue was incorrectly closed HOT 2
- Regression range should include OSS-Fuzz infrastructure changes HOT 4
- jcc: panic in CorrectMissingHeaders(), trying to copy a file that does not exist
- Fuzz targets seem to have started failing under MSan on CIFuzz HOT 16
- Improve OSS-Fuzz build status page HOT 2
- jcc: remove C-specific `-std=` flags when trying to compile as C++.
- Squash MSAN false positives HOT 9
- Project owners need some way to mark bugs as false positives HOT 3
- Understanding inconsistent coverage reports HOT 5
- Project owners need some way to adjust severity of OSS-Fuzz reports
- Better pre-commit monitoring for MSan false positives
- Minimizing timeout test cases HOT 2
- mpv: Runners seems to be stuck HOT 4
- Centipede not enabled by default on ClusterFuzz HOT 1
- Include total line information in summary.json for JVM HOT 2
- [RFC] Introducing Ruby Support to OSS-Fuzz via Ruzzy HOT 1
- Suggestion to add a note in documentation about LLVMFuzzerTestOneInput return value support by Honggfuzz.
- Suricata fixed bug does not get closed
- abseil/absl missing from Docker image when trying to use FUZZ_TEST icw autotools HOT 2
- Is OSS-fuzz wasting its time? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oss-fuzz.