Improve thrift fuzzing support

projects/thrift-c_glib/Dockerfile

@@ -0,0 +1,19 @@
+FROM gcr.io/oss-fuzz-base/base-builder
+
+RUN apt-get update && apt-get install -y libssl-dev pkg-config autoconf automake libtool bison flex wget make zip cmake libglib2.0-dev patchelf
+
+#Install Boost from source
+RUN wget https://archives.boost.io/release/1.87.0/source/boost_1_87_0.tar.gz && \
+    tar xzf boost_1_87_0.tar.gz && \
+    cd boost_1_87_0 && \
+    ./bootstrap.sh --with-toolset=clang && \
+    ./b2 clean && \
+    ./b2 toolset=clang -j$(nproc) install && \
+    cd .. && \
+    rm -rf boost_1_87_0
+
+COPY build.sh default.options $SRC/
+
+RUN git clone --depth 1 https://github.com/apache/thrift.git
+
+WORKDIR $SRC/thrift 

projects/thrift-c_glib/build.sh

@@ -0,0 +1,40 @@
+#!/bin/bash -eu
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+export ASAN_OPTIONS=detect_leaks=0
+
+# Build and install the compiler (disable other languages to save time)
+./bootstrap.sh
+./configure --enable-static --disable-shared --with-cpp=no --with-c_glib=yes --with-python=no --with-py3=no --with-go=no --with-rs=no --with-java=no --with-nodejs=no --with-dotnet=no --with-kotlin=no
+make -j$(nproc)
+make install
+
+# Build c_glib library and fuzzers
+pushd lib/c_glib/test/fuzz
+make check
+for i in $(find . -maxdepth 1 -type f -executable -printf "%f\n"); do
+    cp $i $OUT/$i
+    cp $SRC/default.options $OUT/"$i".options; 
+    # Set rpath so fuzzers can find libraries
+    patchelf --set-rpath '$ORIGIN/lib' $OUT/$i
+done
+popd
+
+# Copy libraries over for the c_glib fuzzers
+mkdir -p $OUT/lib
+cp /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 $OUT/lib/
+cp /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0 $OUT/lib/ 

projects/thrift-c_glib/default.options

@@ -0,0 +1,2 @@
+[libfuzzer]
+detect_leaks=0

projects/thrift-c_glib/project.yaml

@@ -0,0 +1,17 @@
+homepage: "https://thrift.apache.org/"
+language: c
+primary_contact: "[email protected]"
+auto_ccs:
+- "[email protected]"
+- "[email protected]"
+
+fuzzing_engines:
+  - libfuzzer
+  - afl
+  - honggfuzz
+  - centipede
+sanitizers:
+  - address
+  - undefined
+
+main_repo: 'https://github.com/apache/thrift' 

projects/thrift-cpp/Dockerfile

@@ -0,0 +1,19 @@
+FROM gcr.io/oss-fuzz-base/base-builder
+
+RUN apt-get update && apt-get install -y libssl-dev pkg-config autoconf automake libtool bison flex wget make zip cmake
+
+# Install Boost from source
+RUN wget https://archives.boost.io/release/1.87.0/source/boost_1_87_0.tar.gz && \
+    tar xzf boost_1_87_0.tar.gz && \
+    cd boost_1_87_0 && \
+    ./bootstrap.sh --with-toolset=clang && \
+    ./b2 clean && \
+    ./b2 toolset=clang -j$(nproc) install && \
+    cd .. && \
+    rm -rf boost_1_87_0
+
+COPY build.sh $SRC/
+
+RUN git clone --depth 1 https://github.com/apache/thrift.git
+
+WORKDIR $SRC/thrift 

projects/thrift/build.sh → projects/thrift-cpp/build.sh

@@ -1,5 +1,5 @@
-#!/bin/bash -eux
-# Copyright 2021 Google LLC
+#!/bin/bash -eu
+# Copyright 2025 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,20 +15,18 @@
 #
 ################################################################################
 
-# build project
 export ASAN_OPTIONS=detect_leaks=0
 
-if [ "$SANITIZER" = "coverage" ]
-then
-    cp /usr/bin/ld.gold /usr/bin/ld
-fi
+# Build and install the compiler (disable other languages to save time)
 ./bootstrap.sh
-# rust fails compilation with clippy warnings
-./configure --with-rs=no
+./configure --enable-static --disable-shared --with-cpp=yes --with-c_glib=no --with-python=no --with-py3=no --with-go=no --with-rs=no --with-java=no --with-nodejs=no --with-dotnet=no --with-kotlin=no
 make -j$(nproc)
 make install
 
-cd lib/go/test/fuzz
-thrift -r --gen go:package_prefix=github.com/apache/thrift/lib/go/test/fuzz/gen-go/ ../../../../tutorial/tutorial.thrift
-go mod tidy || true
-compile_go_fuzzer . Fuzz fuzz_go_tutorial
+# Build C++ library and fuzzers
+pushd lib/cpp/test/fuzz
+make check
+for i in $(find . -maxdepth 1 -type f -executable -printf "%f\n"); do
+    cp $i $OUT/$i
+done
+popd 

projects/thrift-cpp/project.yaml

@@ -0,0 +1,17 @@
+homepage: "https://thrift.apache.org/"
+language: c++
+primary_contact: "[email protected]"
+auto_ccs:
+- "[email protected]"
+- "[email protected]"
+
+fuzzing_engines:
+  - libfuzzer
+  - afl
+  - honggfuzz
+  - centipede
+sanitizers:
+  - address
+  - undefined
+
+main_repo: 'https://github.com/apache/thrift' 

projects/thrift-go/Dockerfile

@@ -0,0 +1,35 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder-go
+
+RUN apt-get update && apt-get install -y libssl-dev pkg-config autoconf automake libtool bison flex wget make
+
+# Install Boost from source
+RUN wget https://archives.boost.io/release/1.87.0/source/boost_1_87_0.tar.gz && \
+    tar xzf boost_1_87_0.tar.gz && \
+    cd boost_1_87_0 && \
+    ./bootstrap.sh --with-toolset=clang && \
+    ./b2 clean && \
+    ./b2 toolset=clang -j$(nproc) install && \
+    cd .. && \
+    rm -rf boost_1_87_0
+
+COPY build.sh $SRC/
+
+RUN git clone --depth 1 https://github.com/apache/thrift.git
+
+WORKDIR $SRC/thrift 

projects/thrift-go/build.sh

@@ -0,0 +1,43 @@
+#!/bin/bash -eu
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+export ASAN_OPTIONS=detect_leaks=0
+
+if [[ ! -z "${CXX:-}" ]]; then
+  export CXX="${CXX//-lresolv/}"
+fi
+
+# Build and install the compiler...
+# Disable other languages to save on compile time
+./bootstrap.sh
+# ... this forces go to be downloaded/installed, otherwise the configure script chokes when running go version
+go version
+./configure --enable-static --disable-shared --with-cpp=no --with-c_glib=no --with-python=no --with-py3=no --with-go=yes --with-rs=no --with-java=no --with-nodejs=no --with-dotnet=no --with-kotlin=no
+make -j$(nproc)
+
+pushd lib/go/test/fuzz
+
+make gopathfuzz
+compile_go_fuzzer . FuzzTutorial fuzz_tutorial
+compile_go_fuzzer . FuzzParseBinary fuzz_parse_binary
+compile_go_fuzzer . FuzzParseCompact fuzz_parse_compact
+compile_go_fuzzer . FuzzParseJson fuzz_parse_json
+compile_go_fuzzer . FuzzRoundtripBinary fuzz_roundtrip_binary
+compile_go_fuzzer . FuzzRoundtripCompact fuzz_roundtrip_compact
+compile_go_fuzzer . FuzzRoundtripJson fuzz_roundtrip_json
+
+popd

projects/thrift-go/project.yaml

@@ -0,0 +1,14 @@
+homepage: "https://thrift.apache.org/"
+language: go
+primary_contact: "[email protected]"
+auto_ccs:
+- "[email protected]"
+- "[email protected]"
+- "[email protected]"
+
+fuzzing_engines:
+  - libfuzzer
+sanitizers:
+  - address
+
+main_repo: 'https://github.com/apache/thrift' 

projects/thrift-java/Dockerfile

@@ -0,0 +1,28 @@
+FROM gcr.io/oss-fuzz-base/base-builder-jvm
+
+RUN apt-get update && apt-get install -y libssl-dev pkg-config autoconf automake libtool bison flex wget make ant zip curl
+
+# Install Boost from source
+RUN wget https://archives.boost.io/release/1.87.0/source/boost_1_87_0.tar.gz && \
+    tar xzf boost_1_87_0.tar.gz && \
+    cd boost_1_87_0 && \
+    ./bootstrap.sh --with-toolset=clang && \
+    ./b2 clean && \
+    ./b2 toolset=clang -j$(nproc) install && \
+    cd .. && \
+    rm -rf boost_1_87_0
+
+# Download and install Gradle
+RUN cd /usr/local && \
+    curl -L https://services.gradle.org/distributions/gradle-8.13-bin.zip -o gradle-8.13-bin.zip && \
+    unzip gradle-8.13-bin.zip && \
+    rm gradle-8.13-bin.zip
+
+ENV GRADLE_HOME=/usr/local/gradle-8.13
+ENV PATH=$PATH:$GRADLE_HOME/bin
+
+COPY build.sh $SRC/
+
+RUN git clone --depth 1 https://github.com/apache/thrift.git
+
+WORKDIR $SRC/thrift 

projects/thrift-java/build.sh

@@ -0,0 +1,71 @@
+#!/bin/bash -eu
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+export ASAN_OPTIONS=detect_leaks=0
+
+# Build and install the compiler (disable other languages to save time)
+./bootstrap.sh
+./configure --enable-static --disable-shared --with-cpp=no --with-c_glib=no --with-python=no --with-py3=no --with-go=no --with-rs=no --with-java=yes --with-nodejs=no --with-dotnet=no --with-kotlin=no
+make -j$(nproc)
+make install
+
+# Build Java library and fuzzers
+pushd lib/java
+make check
+cp build/libs/*.jar $OUT/
+
+# Dynamically find the built jar files to be version-agnostic
+MAIN_JAR=$(find build/libs -name "libthrift-*.jar" -not -name "*-test.jar" -not -name "*-sources.jar" -not -name "*-javadoc.jar" | head -n1 | xargs basename)
+TEST_JAR=$(find build/libs -name "libthrift-*-test.jar" | head -n1 | xargs basename)
+
+# Verify jars were found
+if [[ -z "$MAIN_JAR" || -z "$TEST_JAR" ]]; then
+  echo "Error: Could not find required jar files"
+  echo "Main jar: $MAIN_JAR"
+  echo "Test jar: $TEST_JAR"
+  echo "Available jars:"
+  find build/libs -name "*.jar"
+  exit 1
+fi
+
+PROJECT_JARS="$MAIN_JAR $TEST_JAR"
+echo "Using jars: $PROJECT_JARS"
+
+RUNTIME_CLASSPATH=$(echo $PROJECT_JARS | xargs printf -- "$OUT/%s:"):$JAZZER_API_PATH
+
+# Package each fuzzer
+for fuzzer in $(find $SRC -name '*Fuzzer.java'); do
+  fuzzer_basename=$(basename -s .java $fuzzer)
+  echo "#!/bin/bash
+# LLVMFuzzerTestOneInput for fuzzer detection.
+this_dir=\$(dirname \"\$0\")
+if [[ \"$@\" =~ (^| )-runs=[0-9]+($| ) ]]; then
+  mem_settings='-Xmx1900m:-Xss900k'
+else
+  mem_settings='-Xmx2048m:-Xss1024k'
+fi
+export JVM_LD_LIBRARY_PATH=$JAVA_HOME/lib/server
+export PATH=$JAVA_HOME/bin:$PATH
+LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\":\$this_dir \
+\$this_dir/jazzer_driver --agent_path=\$this_dir/jazzer_agent_deploy.jar \
+--cp=$RUNTIME_CLASSPATH \
+--target_class=org.apache.thrift.test.fuzz.$fuzzer_basename \
+--jvm_args=\"\$mem_settings:-Djava.awt.headless=true\" \
+\$@" > $OUT/$fuzzer_basename
+  chmod +x $OUT/$fuzzer_basename
+done
+popd 

projects/thrift-java/project.yaml

@@ -0,0 +1,13 @@
+homepage: "https://thrift.apache.org/"
+language: jvm
+primary_contact: "[email protected]"
+auto_ccs:
+- "[email protected]"
+- "[email protected]"
+
+fuzzing_engines:
+  - libfuzzer
+sanitizers:
+  - address
+
+main_repo: 'https://github.com/apache/thrift'