Move OSS-Fuzz target file under tests

[mschwager]

Hi again!

I'm back working on fuzzing and trying to learn more about OSS-Fuzz. After my initial research into this project, I'm now hoping to promote it to OSS-Fuzz's "initial integration" tier. This requires: "Fuzz targets need to be checked into their upstream repository and integrated into the build system with sanitizer support."

I think this also helps with project developers who'd like to run the fuzz tests, but not necessarily install all the OSS-Fuzz infrastructure. loads_fuzzer.py can be run locally with the following commands...

First, install the fuzz dependencies:

python -m pip install -e .[fuzz]

Next, run the fuzz tests:

python tests/fuzzers/loads_fuzzer.py

This should produce output like the following:

INFO: Using preloaded libfuzzer
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 2252594525
INFO: Loaded 1 modules   (4545 inline 8-bit counters): 4545 [0xffffb9d38c20, 0xffffb9d39de1), 
INFO: Loaded 1 PC tables (4545 PCs): 4545 [0xffffb9d39de8,0xffffb9d4b9f8), 
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
INFO: A corpus is not provided, starting from an empty corpus
#2	INITED cov: 123 ft: 124 corp: 1/1b exec/s: 0 rss: 61Mb
	NEW_FUNC[1/1]: 0xffffb9cdb030 in decode_bytestring /app/cbor2/source/decoder.c:686
#5	NEW    cov: 132 ft: 141 corp: 2/2b lim: 4 exec/s: 0 rss: 62Mb L: 1/1 MS: 3 CrossOver-CopyPart-ChangeBit-
	NEW_FUNC[1/1]: 0xffffb9ce0ce8 in string_namespace_add /app/cbor2/source/decoder.c:512
...

Let me know if you'd like loads_fuzzer.py to live in a different location in the repository.

[coveralls]

coverage: 94.58%. remained the same
when pulling cf2790d on mschwager:mschwager-fuzz-target
into b3525b4 on agronholm:master.

[coveralls]

coverage: 93.542%. remained the same
when pulling 88e4b90 on mschwager:mschwager-fuzz-target
into e1b65f2 on agronholm:master.

[agronholm]

Sorry it took me this long to review. I noticed I had a pending review which I never submitted. I had gotten rid of CIFuzz as it was constantly complaining and I had no idea how to fix it. Would this do the trick?

[agronholm]

I don't know how this works, but I assume the fuzzing tests should start working once I re-enable them, yes?

[mschwager]

Hmm, I will have to dig into this again, it's been a while.

Once this PR is merged I can remove this file from the oss-fuzz repository and instead reference the harness included in this PR. Looking at the project profile page in OSS-Fuzz it looks like this project may not have been being regularly fuzzed. I can't really tell from that view. I will look into this again and make sure it's running in OSS-Fuzz.

As for CIFuzz, that's not necessary for the OSS-Fuzz "initial" integration, only the next level ("ideal"). So we don't have to worry about that. The difference is that a CIFuzz job will run in your CI pipelines whereas the OSS-Fuzz jobs run in Google's infra somewhere.

[mschwager]

Okay, I just tested this out running the oss-fuzz project locally with the following commands:

• python3 infra/helper.py pull_images
• python3 infra/helper.py build_fuzzers cbor2
• python3 infra/helper.py run_fuzzer cbor2 loads_fuzzer

This now runs the fuzzing harness from this repository instead of the one hardcoded in the OSS-Fuzz repo. This is advantageous because if any APIs change in this repo, then the same changes are more likely to be made to fuzz harnesses also in this repo than ones in a far away file in the OSS-Fuzz repo. So changes are more likely to stay in sync.

So once this PR is merged I'll open a PR to the OSS-Fuzz repo that deletes the harness there and references the one here. And the project will continue to be fuzzed by OSS-Fuzz as expected 👍

[mschwager]

Upstream change here: google/oss-fuzz#14749