Comments (6)
Related: #11420 (comment)
from oss-fuzz.
If it is only freetype, then you can run as a final step after all other installations are done:
sed --in-place 's/focal/noble/g' /etc/apt/sources.list && apt update && apt install libfreetype-dev --reinstall --yes
However, that didn't work with boost, last time I checked.
from oss-fuzz.
Yes, this is something we've been wanting to do, but as OSS-Fuzz has grown to the size it has over the years, it's also become a lot harder to do in the way we typically do this (I.e. upgrade every single project ourselves).
One thing we're considering is to just pin all existing project images to the current Ubuntu 20.04, provide images based on newer Ubuntu, and let projects that do want to upgrade do the upgrade themselves.
from oss-fuzz.
I know that this issue is kind of re-occurring since the release of Ubuntu 22. I was discussing this with a colleague and while the situation for the OSS-fuzz project is quite challenging (need to upgrade most/all projects to the new base images), it seems way more approachable for ClusterFuzzLite.
Especially for ClusterFuzzLite you typically fuzz projects that don't have a stable release cycle like e.g. OpenSSL. So it is quite a challenge to expect ClusterFuzzLite users to support Ubuntu 20. Most of the users are projects that don't quality for OSS-fuzz. And there is really no reason why CFL users shouldn't use a base image based off any Ubuntu version.
So our idea was to design a "channel" feature. As a CFL user you can define which channel/release of Ubuntu you want to target. Fundamentally this could also work with oss-fuzz in general but I don't have the full picture there.
EDIT: In case of Rust this seems like a problem which could become a real blocker. I found out that the upgrade from LLVM 17 to 18 in Rust is breaking the coverage generation.
So the current CFL rust container image is stuck to one specific Rust nightly version. And if more and more crates become incompatible with it, more and more workarounds need to be created (https://github.com/dalek-cryptography/curve25519-dalek currently is).
from oss-fuzz.
EDIT: In case of Rust this seems like a problem which could become a real blocker. I found out that the upgrade from LLVM 17 to 18 in Rust is breaking the coverage generation.
This is unrelated to the Ubuntu version, as the compilers are self-compiled by oss-fuzz. Moving to a current rust nightly (or similarly, moving to a recent llvm in the coverage container that can understand the raw coverage profile generated from a current rust nightly) can be done as soon as most projects are un-pinned again. (If you want to help, they can be found via git grep '@sha256:' ./projects/
)
from oss-fuzz.
This is unrelated to the Ubuntu version, as the compilers are self-compiled by oss-fuzz. Moving to a current rust nightly can be done as soon as most projects are un-pinned again. (If you want to help, they can be found via
git grep '@sha256:' ./projects/
)
Sadly not exactly. From Rust 1.77 top 1.78 (as far as I remember) they switched from LLVM 17 to 18 which makes coverage generated incompatible with the LLVM version used in the coverage container image.
So you get an error like raw profile version mismatch: Profile uses raw profile format version = 9; expected version = 8
if you use the latest Rust nightly. Maybe I missed something, though
I agree though this is more related to the LLVM version and not the Ubuntu version.
from oss-fuzz.
Related Issues (20)
- [google/oss-fuzz/tree/master/projects] is there a way to split the too long list (truncated to 1000 entries)? HOT 8
- [xz] Remove JiaT75 as a contact, determine correct contacts HOT 29
- Introspector Builds failing for ujson HOT 4
- Clean up clang roll https://github.com/google/oss-fuzz/pull/11714 HOT 1
- Find heap buffer overflow by running fuzz test HOT 4
- oss-fuzz does not cover the code after if - else in C code HOT 7
- Coverage build failure for ImageMagick: No space left on device HOT 7
- [lua] LeakSanitizer breaks building on ARM64 HOT 1
- Issue 61714: hsqldb: Fuzzing build failure
- Problems in libyaml fuzzer programs HOT 1
- Add a CITATION.ctf HOT 3
- ESP-IDF 5.2.1 issue with installed FMT in VSC (Window 11), it generate missing CPP/G++ header error, unable to complies HOT 4
- Timeout issue was incorrectly closed HOT 2
- Regression range should include OSS-Fuzz infrastructure changes HOT 4
- jcc: panic in CorrectMissingHeaders(), trying to copy a file that does not exist
- Fuzz targets seem to have started failing under MSan on CIFuzz HOT 16
- Improve OSS-Fuzz build status page HOT 2
- jcc: remove C-specific `-std=` flags when trying to compile as C++.
- Squash MSAN false positives HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oss-fuzz.