From 7ea34af99667a82050b9f9febd24ecf341dff825 Mon Sep 17 00:00:00 2001 From: TheodorNEngoy <140903820+TheodorNEngoy@users.noreply.github.com> Date: Tue, 14 Oct 2025 21:24:37 +0200 Subject: [PATCH 01/14] cli11: initial OSS-Fuzz integration (CLI parsing fuzzer) --- projects/cli11/Dockerfile | 6 ++++ projects/cli11/build.sh | 9 +++++ projects/cli11/fuzzers/corpus/a | 1 + projects/cli11/fuzzers/corpus/b | 1 + projects/cli11/fuzzers/fuzz_cli_parse.cc | 42 ++++++++++++++++++++++++ projects/cli11/project.yaml | 10 ++++++ 6 files changed, 69 insertions(+) create mode 100644 projects/cli11/Dockerfile create mode 100755 projects/cli11/build.sh create mode 100644 projects/cli11/fuzzers/corpus/a create mode 100644 projects/cli11/fuzzers/corpus/b create mode 100644 projects/cli11/fuzzers/fuzz_cli_parse.cc create mode 100644 projects/cli11/project.yaml diff --git a/projects/cli11/Dockerfile b/projects/cli11/Dockerfile new file mode 100644 index 000000000000..319b215006c7 --- /dev/null +++ b/projects/cli11/Dockerfile @@ -0,0 +1,6 @@ +FROM gcr.io/oss-fuzz-base/base-builder +RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/* +RUN git clone --depth=1 https://github.com/CLIUtils/CLI11.git $SRC/cli11 +COPY build.sh $SRC/ +COPY fuzzers $SRC/fuzzers +WORKDIR $SRC diff --git a/projects/cli11/build.sh b/projects/cli11/build.sh new file mode 100755 index 000000000000..928e87fae3df --- /dev/null +++ b/projects/cli11/build.sh @@ -0,0 +1,9 @@ +#!/bin/bash -eu +set -o pipefail +for f in "$SRC"/fuzzers/*.cc; do + b="$(basename "$f" .cc)" + "$CXX" ${CXXFLAGS:-} -std=c++17 -I"$SRC/cli11/include" \ + "$f" -o "$OUT/$b" $LIB_FUZZING_ENGINE ${LDFLAGS:-} +done +# Package seed corpus if present. +[ -d "$SRC/fuzzers/corpus" ] && zip -rq "$OUT/fuzz_cli_parse_seed_corpus.zip" "$SRC/fuzzers/corpus" || true diff --git a/projects/cli11/fuzzers/corpus/a b/projects/cli11/fuzzers/corpus/a new file mode 100644 index 000000000000..52ea7bf9dd84 --- /dev/null +++ b/projects/cli11/fuzzers/corpus/a @@ -0,0 +1 @@ +--int 1 --double 2.5 -b diff --git a/projects/cli11/fuzzers/corpus/b b/projects/cli11/fuzzers/corpus/b new file mode 100644 index 000000000000..a926b6d52b63 --- /dev/null +++ b/projects/cli11/fuzzers/corpus/b @@ -0,0 +1 @@ +sub --sstr hello --si 7 diff --git a/projects/cli11/fuzzers/fuzz_cli_parse.cc b/projects/cli11/fuzzers/fuzz_cli_parse.cc new file mode 100644 index 000000000000..e0a96230cb50 --- /dev/null +++ b/projects/cli11/fuzzers/fuzz_cli_parse.cc @@ -0,0 +1,42 @@ +#include +#include +#include +#include +#include +#include "CLI/CLI.hpp" + +static std::vector tokenize_ws(const std::string& s) { + std::vector out; std::string cur; + for (unsigned char c : s) { + if (std::isspace(c)) { if (!cur.empty()) { out.push_back(cur); cur.clear(); if (out.size() >= 64) break; } } + else { if (cur.size() < 256) cur.push_back(static_cast(c)); } + } + if (!cur.empty() && out.size() < 64) out.push_back(cur); + return out; +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + if (size == 0 || size > (1<<16)) return 0; + std::string s(reinterpret_cast(data), size); + auto args = tokenize_ws(s); + + std::vector argv_strings; argv_strings.reserve(args.size()+1); + argv_strings.emplace_back("prog"); for (auto& a: args) argv_strings.push_back(a); + std::vector argv; for (auto& a: argv_strings) argv.push_back(a.data()); + int argc = static_cast(argv.size()); + + CLI::App app("fuzz"); + int i=0, si=0; double d=0; bool b=false; + std::vector ints; std::vector strs, sstrs; + app.add_option("-i,--int", i); + app.add_option("-d,--double", d); + app.add_flag("-b,--bool", b); + app.add_option("-n,--ints", ints)->take_all(); + app.add_option("-s,--str", strs)->take_all(); + app.allow_extras(true); + auto sub = app.add_subcommand("sub", "subcommand"); + sub->add_option("--si", si); + sub->add_option("--sstr", sstrs)->take_all(); + try { app.parse(argc, argv.data()); } catch (const CLI::ParseError&) {} catch (...) {} + return 0; +} diff --git a/projects/cli11/project.yaml b/projects/cli11/project.yaml new file mode 100644 index 000000000000..0bbe9d47b890 --- /dev/null +++ b/projects/cli11/project.yaml @@ -0,0 +1,10 @@ +homepage: https://github.com/CLIUtils/CLI11 +main_repo: https://github.com/CLIUtils/CLI11 +language: c++ +fuzzing_engines: + - libfuzzer +sanitizers: + - address + - undefined +architectures: + - x86_64 From 95cb13af7b1f8181715859edf2053f902071b014 Mon Sep 17 00:00:00 2001 From: TheodorNEngoy <140903820+TheodorNEngoy@users.noreply.github.com> Date: Tue, 14 Oct 2025 21:24:37 +0200 Subject: [PATCH 02/14] cli11: add Apache-2.0 license headers to new files --- projects/cli11/Dockerfile | 14 ++++++++++++++ projects/cli11/build.sh | 14 ++++++++++++++ projects/cli11/fuzzers/fuzz_cli_parse.cc | 14 ++++++++++++++ projects/cli11/project.yaml | 14 ++++++++++++++ 4 files changed, 56 insertions(+) diff --git a/projects/cli11/Dockerfile b/projects/cli11/Dockerfile index 319b215006c7..7f01f943daf5 100644 --- a/projects/cli11/Dockerfile +++ b/projects/cli11/Dockerfile @@ -1,3 +1,17 @@ +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/* RUN git clone --depth=1 https://github.com/CLIUtils/CLI11.git $SRC/cli11 diff --git a/projects/cli11/build.sh b/projects/cli11/build.sh index 928e87fae3df..6088a9e07f73 100755 --- a/projects/cli11/build.sh +++ b/projects/cli11/build.sh @@ -1,4 +1,18 @@ #!/bin/bash -eu +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + set -o pipefail for f in "$SRC"/fuzzers/*.cc; do b="$(basename "$f" .cc)" diff --git a/projects/cli11/fuzzers/fuzz_cli_parse.cc b/projects/cli11/fuzzers/fuzz_cli_parse.cc index e0a96230cb50..3ce3e23fed7b 100644 --- a/projects/cli11/fuzzers/fuzz_cli_parse.cc +++ b/projects/cli11/fuzzers/fuzz_cli_parse.cc @@ -1,3 +1,17 @@ +/* Copyright 2025 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ #include #include #include diff --git a/projects/cli11/project.yaml b/projects/cli11/project.yaml index 0bbe9d47b890..b9e22e319c8e 100644 --- a/projects/cli11/project.yaml +++ b/projects/cli11/project.yaml @@ -1,3 +1,17 @@ +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + homepage: https://github.com/CLIUtils/CLI11 main_repo: https://github.com/CLIUtils/CLI11 language: c++ From 562fd85ada6c63981d2e92fad9695b9941e18c17 Mon Sep 17 00:00:00 2001 From: TheodorNEngoy <140903820+TheodorNEngoy@users.noreply.github.com> Date: Tue, 14 Oct 2025 21:32:47 +0200 Subject: [PATCH 03/14] trigger CLA recheck From 895c7aaad53c1c3a129fcb41c0912c7065fd00f4 Mon Sep 17 00:00:00 2001 From: TheodorNEngoy <140903820+TheodorNEngoy@users.noreply.github.com> Date: Tue, 14 Oct 2025 21:38:05 +0200 Subject: [PATCH 04/14] cli11: add maintainer to auto_ccs --- projects/cli11/project.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/projects/cli11/project.yaml b/projects/cli11/project.yaml index b9e22e319c8e..2bda0b66eed4 100644 --- a/projects/cli11/project.yaml +++ b/projects/cli11/project.yaml @@ -22,3 +22,6 @@ sanitizers: - undefined architectures: - x86_64 + +auto_ccs: + - 140903820+TheodorNEngoy@users.noreply.github.com From e7b3e81fd78f813500d89c7714676ecae77b887d Mon Sep 17 00:00:00 2001 From: TheodorNEngoy <140903820+TheodorNEngoy@users.noreply.github.com> Date: Tue, 14 Oct 2025 22:38:05 +0200 Subject: [PATCH 05/14] cli11: enable i386 builds --- projects/cli11/project.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/projects/cli11/project.yaml b/projects/cli11/project.yaml index 2bda0b66eed4..0630f07802c0 100644 --- a/projects/cli11/project.yaml +++ b/projects/cli11/project.yaml @@ -21,6 +21,7 @@ sanitizers: - address - undefined architectures: + - i386 - x86_64 auto_ccs: From f7e089e62f702b0728bc6c55624026ffb3633a00 Mon Sep 17 00:00:00 2001 From: TheodorNEngoy <140903820+TheodorNEngoy@users.noreply.github.com> Date: Tue, 14 Oct 2025 22:48:13 +0200 Subject: [PATCH 06/14] cli11: use upstream fuzz harness (cli11_app_fuzz) and package dictionaries --- projects/cli11/Dockerfile | 1 - projects/cli11/build.sh | 23 ++++++---- projects/cli11/fuzzers/corpus/a | 1 - projects/cli11/fuzzers/corpus/b | 1 - projects/cli11/fuzzers/fuzz_cli_parse.cc | 56 ------------------------ 5 files changed, 15 insertions(+), 67 deletions(-) delete mode 100644 projects/cli11/fuzzers/corpus/a delete mode 100644 projects/cli11/fuzzers/corpus/b delete mode 100644 projects/cli11/fuzzers/fuzz_cli_parse.cc diff --git a/projects/cli11/Dockerfile b/projects/cli11/Dockerfile index 7f01f943daf5..c44c3c549540 100644 --- a/projects/cli11/Dockerfile +++ b/projects/cli11/Dockerfile @@ -16,5 +16,4 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/* RUN git clone --depth=1 https://github.com/CLIUtils/CLI11.git $SRC/cli11 COPY build.sh $SRC/ -COPY fuzzers $SRC/fuzzers WORKDIR $SRC diff --git a/projects/cli11/build.sh b/projects/cli11/build.sh index 6088a9e07f73..450ef2b0624d 100755 --- a/projects/cli11/build.sh +++ b/projects/cli11/build.sh @@ -12,12 +12,19 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - set -o pipefail -for f in "$SRC"/fuzzers/*.cc; do - b="$(basename "$f" .cc)" - "$CXX" ${CXXFLAGS:-} -std=c++17 -I"$SRC/cli11/include" \ - "$f" -o "$OUT/$b" $LIB_FUZZING_ENGINE ${LDFLAGS:-} -done -# Package seed corpus if present. -[ -d "$SRC/fuzzers/corpus" ] && zip -rq "$OUT/fuzz_cli_parse_seed_corpus.zip" "$SRC/fuzzers/corpus" || true + +# Build CLI11's upstream fuzzer (header-only library; compile harness directly) +"$CXX" ${CXXFLAGS:-} -std=c++17 -I"$SRC/cli11/include" \ + "$SRC/cli11/fuzz/cli11_app_fuzz.cpp" \ + "$SRC/cli11/fuzz/fuzzApp.cpp" \ + -o "$OUT/cli11_app_fuzzer" $LIB_FUZZING_ENGINE ${LDFLAGS:-} + +# Ship libFuzzer dictionary if available (improves coverage) +if [ -f "$SRC/cli11/fuzz/fuzz_dictionary1.txt" ] || [ -f "$SRC/cli11/fuzz/fuzz_dictionary2.txt" ]; then + cat "$SRC/cli11/fuzz"/fuzz_dictionary*.txt > "$OUT/cli11_app_fuzzer.dict" || true +fi + +# Minimal seed corpus (maintainers can provide a richer corpus later) +mkdir -p /tmp/seed && printf -- '--help\n' > /tmp/seed/a +zip -rq "$OUT/cli11_app_fuzzer_seed_corpus.zip" /tmp/seed diff --git a/projects/cli11/fuzzers/corpus/a b/projects/cli11/fuzzers/corpus/a deleted file mode 100644 index 52ea7bf9dd84..000000000000 --- a/projects/cli11/fuzzers/corpus/a +++ /dev/null @@ -1 +0,0 @@ ---int 1 --double 2.5 -b diff --git a/projects/cli11/fuzzers/corpus/b b/projects/cli11/fuzzers/corpus/b deleted file mode 100644 index a926b6d52b63..000000000000 --- a/projects/cli11/fuzzers/corpus/b +++ /dev/null @@ -1 +0,0 @@ -sub --sstr hello --si 7 diff --git a/projects/cli11/fuzzers/fuzz_cli_parse.cc b/projects/cli11/fuzzers/fuzz_cli_parse.cc deleted file mode 100644 index 3ce3e23fed7b..000000000000 --- a/projects/cli11/fuzzers/fuzz_cli_parse.cc +++ /dev/null @@ -1,56 +0,0 @@ -/* Copyright 2025 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include -#include -#include -#include -#include -#include "CLI/CLI.hpp" - -static std::vector tokenize_ws(const std::string& s) { - std::vector out; std::string cur; - for (unsigned char c : s) { - if (std::isspace(c)) { if (!cur.empty()) { out.push_back(cur); cur.clear(); if (out.size() >= 64) break; } } - else { if (cur.size() < 256) cur.push_back(static_cast(c)); } - } - if (!cur.empty() && out.size() < 64) out.push_back(cur); - return out; -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - if (size == 0 || size > (1<<16)) return 0; - std::string s(reinterpret_cast(data), size); - auto args = tokenize_ws(s); - - std::vector argv_strings; argv_strings.reserve(args.size()+1); - argv_strings.emplace_back("prog"); for (auto& a: args) argv_strings.push_back(a); - std::vector argv; for (auto& a: argv_strings) argv.push_back(a.data()); - int argc = static_cast(argv.size()); - - CLI::App app("fuzz"); - int i=0, si=0; double d=0; bool b=false; - std::vector ints; std::vector strs, sstrs; - app.add_option("-i,--int", i); - app.add_option("-d,--double", d); - app.add_flag("-b,--bool", b); - app.add_option("-n,--ints", ints)->take_all(); - app.add_option("-s,--str", strs)->take_all(); - app.allow_extras(true); - auto sub = app.add_subcommand("sub", "subcommand"); - sub->add_option("--si", si); - sub->add_option("--sstr", sstrs)->take_all(); - try { app.parse(argc, argv.data()); } catch (const CLI::ParseError&) {} catch (...) {} - return 0; -} From 857bba396c1ea5db01bea5a8fa8d2c9481f3dbc7 Mon Sep 17 00:00:00 2001 From: TheodorNEngoy <140903820+TheodorNEngoy@users.noreply.github.com> Date: Tue, 14 Oct 2025 23:03:34 +0200 Subject: [PATCH 07/14] cli11: honor $LIB_FUZZING_ENGINE in build.sh --- projects/cli11/build.sh | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/projects/cli11/build.sh b/projects/cli11/build.sh index 450ef2b0624d..6eb6e19d1ddd 100755 --- a/projects/cli11/build.sh +++ b/projects/cli11/build.sh @@ -4,9 +4,7 @@ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at -# # http://www.apache.org/licenses/LICENSE-2.0 -# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -14,17 +12,15 @@ # limitations under the License. set -o pipefail -# Build CLI11's upstream fuzzer (header-only library; compile harness directly) +# Build the upstream CLI11 fuzz harness. "$CXX" ${CXXFLAGS:-} -std=c++17 -I"$SRC/cli11/include" \ - "$SRC/cli11/fuzz/cli11_app_fuzz.cpp" \ - "$SRC/cli11/fuzz/fuzzApp.cpp" \ + "$SRC/cli11/fuzz/cli11_app_fuzz.cpp" "$SRC/cli11/fuzz/fuzzApp.cpp" \ -o "$OUT/cli11_app_fuzzer" $LIB_FUZZING_ENGINE ${LDFLAGS:-} -# Ship libFuzzer dictionary if available (improves coverage) -if [ -f "$SRC/cli11/fuzz/fuzz_dictionary1.txt" ] || [ -f "$SRC/cli11/fuzz/fuzz_dictionary2.txt" ]; then - cat "$SRC/cli11/fuzz"/fuzz_dictionary*.txt > "$OUT/cli11_app_fuzzer.dict" || true +# Package dictionary (if present) and a tiny seed corpus. +if [[ -f "$SRC/cli11/fuzz/fuzz_dictionary1.txt" ]]; then + cat "$SRC/cli11/fuzz/fuzz_dictionary1.txt" "$SRC/cli11/fuzz/fuzz_dictionary2.txt" \ + > "$OUT/cli11_app_fuzzer.dict" || true fi - -# Minimal seed corpus (maintainers can provide a richer corpus later) -mkdir -p /tmp/seed && printf -- '--help\n' > /tmp/seed/a +mkdir -p /tmp/seed && printf -- '--help\n' > /tmp/seed/seed zip -rq "$OUT/cli11_app_fuzzer_seed_corpus.zip" /tmp/seed From 042a0e01c16a9e4d1a5c6f7d4ba541a14d1de154 Mon Sep 17 00:00:00 2001 From: TheodorNEngoy <140903820+TheodorNEngoy@users.noreply.github.com> Date: Tue, 14 Oct 2025 23:14:57 +0200 Subject: [PATCH 08/14] cli11: set primary_contact to phlptp@gmail.com --- projects/cli11/project.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/projects/cli11/project.yaml b/projects/cli11/project.yaml index 0630f07802c0..0a127971c9a5 100644 --- a/projects/cli11/project.yaml +++ b/projects/cli11/project.yaml @@ -26,3 +26,4 @@ architectures: auto_ccs: - 140903820+TheodorNEngoy@users.noreply.github.com +primary_contact: phlptp@gmail.com From 78998b4992511e1cf8d19de277a7e1c4a84a44d4 Mon Sep 17 00:00:00 2001 From: TheodorNEngoy <140903820+TheodorNEngoy@users.noreply.github.com> Date: Tue, 14 Oct 2025 23:24:58 +0200 Subject: [PATCH 09/14] cli11: enable AFL & Honggfuzz engines --- projects/cli11/project.yaml | 29 ++++++++--------------------- 1 file changed, 8 insertions(+), 21 deletions(-) diff --git a/projects/cli11/project.yaml b/projects/cli11/project.yaml index 0a127971c9a5..84c17082eb9e 100644 --- a/projects/cli11/project.yaml +++ b/projects/cli11/project.yaml @@ -1,29 +1,16 @@ -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - homepage: https://github.com/CLIUtils/CLI11 main_repo: https://github.com/CLIUtils/CLI11 language: c++ fuzzing_engines: - - libfuzzer +- afl +- honggfuzz +- libfuzzer sanitizers: - - address - - undefined +- address +- undefined architectures: - - i386 - - x86_64 - +- i386 +- x86_64 auto_ccs: - - 140903820+TheodorNEngoy@users.noreply.github.com +- 140903820+TheodorNEngoy@users.noreply.github.com primary_contact: phlptp@gmail.com From 233ed016356c38b21bc2e87bacfefeef8fc27508 Mon Sep 17 00:00:00 2001 From: TheodorNEngoy <140903820+TheodorNEngoy@users.noreply.github.com> Date: Wed, 15 Oct 2025 01:39:09 +0200 Subject: [PATCH 10/14] cli11: add non-crashing seeds; flatten seed zip for AFL++ --- projects/cli11/build.sh | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/projects/cli11/build.sh b/projects/cli11/build.sh index 6eb6e19d1ddd..9ce03afe2d90 100755 --- a/projects/cli11/build.sh +++ b/projects/cli11/build.sh @@ -16,11 +16,16 @@ set -o pipefail "$CXX" ${CXXFLAGS:-} -std=c++17 -I"$SRC/cli11/include" \ "$SRC/cli11/fuzz/cli11_app_fuzz.cpp" "$SRC/cli11/fuzz/fuzzApp.cpp" \ -o "$OUT/cli11_app_fuzzer" $LIB_FUZZING_ENGINE ${LDFLAGS:-} - # Package dictionary (if present) and a tiny seed corpus. if [[ -f "$SRC/cli11/fuzz/fuzz_dictionary1.txt" ]]; then - cat "$SRC/cli11/fuzz/fuzz_dictionary1.txt" "$SRC/cli11/fuzz/fuzz_dictionary2.txt" \ - > "$OUT/cli11_app_fuzzer.dict" || true + cat "$SRC/cli11/fuzz/fuzz_dictionary1.txt" "$SRC/cli11/fuzz/fuzz_dictionary2.txt" > "$OUT/cli11_app_fuzzer.dict" || true fi -mkdir -p /tmp/seed && printf -- '--help\n' > /tmp/seed/seed -zip -rq "$OUT/cli11_app_fuzzer_seed_corpus.zip" /tmp/seed + +# AFL++ needs at least one non-crashing seed; also flatten paths in the zip (-j) +# so files land at the corpus root (AFL++'s check doesn't recurse). +mkdir -p /tmp/seed +: > /tmp/seed/empty +printf -- '--help +' > /tmp/seed/help +zip -j -q "$OUT/cli11_app_fuzzer_seed_corpus.zip" /tmp/seed/* + From 8ceffc8eddb337c4197bd461414acb965c7d3d43 Mon Sep 17 00:00:00 2001 From: TheodorNEngoy <140903820+TheodorNEngoy@users.noreply.github.com> Date: Wed, 15 Oct 2025 02:26:09 +0200 Subject: [PATCH 11/14] cli11: ship seeds as zip + plain dir (make AFL check_build happy) --- projects/cli11/build.sh | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/projects/cli11/build.sh b/projects/cli11/build.sh index 9ce03afe2d90..9190cd8627c6 100755 --- a/projects/cli11/build.sh +++ b/projects/cli11/build.sh @@ -1,31 +1,31 @@ #!/bin/bash -eu # Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# http://www.apache.org/licenses/LICENSE-2.0 -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# Licensed under the Apache License, Version 2.0 # See the License for the specific language governing permissions and # limitations under the License. set -o pipefail -# Build the upstream CLI11 fuzz harness. +# --- Build the upstream CLI11 fuzz harness --- "$CXX" ${CXXFLAGS:-} -std=c++17 -I"$SRC/cli11/include" \ "$SRC/cli11/fuzz/cli11_app_fuzz.cpp" "$SRC/cli11/fuzz/fuzzApp.cpp" \ -o "$OUT/cli11_app_fuzzer" $LIB_FUZZING_ENGINE ${LDFLAGS:-} -# Package dictionary (if present) and a tiny seed corpus. + +# --- Package dictionary (if present) --- if [[ -f "$SRC/cli11/fuzz/fuzz_dictionary1.txt" ]]; then - cat "$SRC/cli11/fuzz/fuzz_dictionary1.txt" "$SRC/cli11/fuzz/fuzz_dictionary2.txt" > "$OUT/cli11_app_fuzzer.dict" || true + cat "$SRC/cli11/fuzz/fuzz_dictionary1.txt" "$SRC/cli11/fuzz/fuzz_dictionary2.txt" \ + > "$OUT/cli11_app_fuzzer.dict" || true fi -# AFL++ needs at least one non-crashing seed; also flatten paths in the zip (-j) -# so files land at the corpus root (AFL++'s check doesn't recurse). -mkdir -p /tmp/seed -: > /tmp/seed/empty -printf -- '--help -' > /tmp/seed/help -zip -j -q "$OUT/cli11_app_fuzzer_seed_corpus.zip" /tmp/seed/* +# --- Tiny, non-crashing seed corpus (zip + plain dir) --- +seeddir=/tmp/cli11_seeds +mkdir -p "$seeddir" +: > "$seeddir/empty" # zero-byte +printf -- '--help\n' > "$seeddir/help" + +# 1) Flat zip (no directories) for libFuzzer/honggfuzz +zip -j -q "$OUT/cli11_app_fuzzer_seed_corpus.zip" "$seeddir/empty" "$seeddir/help" +# 2) Plain directory for AFL++ (some runners rely on a real dir) +rm -rf "$OUT/cli11_app_fuzzer_seed_corpus" +mkdir -p "$OUT/cli11_app_fuzzer_seed_corpus" +cp -f "$seeddir/empty" "$seeddir/help" "$OUT/cli11_app_fuzzer_seed_corpus/" || true From 9c78aa8e88c4363b27c3a19e86a961037c7925af Mon Sep 17 00:00:00 2001 From: TheodorNEngoy <140903820+TheodorNEngoy@users.noreply.github.com> Date: Wed, 15 Oct 2025 02:44:04 +0200 Subject: [PATCH 12/14] cli11: rebuild upstream harness; ship seeds as zip + dir for AFL/libFuzzer/HF --- projects/cli11/build.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/projects/cli11/build.sh b/projects/cli11/build.sh index 9190cd8627c6..415f021d9a28 100755 --- a/projects/cli11/build.sh +++ b/projects/cli11/build.sh @@ -18,14 +18,14 @@ fi # --- Tiny, non-crashing seed corpus (zip + plain dir) --- seeddir=/tmp/cli11_seeds -mkdir -p "$seeddir" -: > "$seeddir/empty" # zero-byte +rm -rf "$seeddir" "$OUT/cli11_app_fuzzer_seed_corpus" || true +mkdir -p "$seeddir" "$OUT/cli11_app_fuzzer_seed_corpus" + +: > "$seeddir/empty" # zero-byte; must not crash printf -- '--help\n' > "$seeddir/help" -# 1) Flat zip (no directories) for libFuzzer/honggfuzz +# 1) Flat zip (no subdirectories) for libFuzzer/Honggfuzz zip -j -q "$OUT/cli11_app_fuzzer_seed_corpus.zip" "$seeddir/empty" "$seeddir/help" -# 2) Plain directory for AFL++ (some runners rely on a real dir) -rm -rf "$OUT/cli11_app_fuzzer_seed_corpus" -mkdir -p "$OUT/cli11_app_fuzzer_seed_corpus" -cp -f "$seeddir/empty" "$seeddir/help" "$OUT/cli11_app_fuzzer_seed_corpus/" || true +# 2) Plain directory for AFL++ (used by check_build) +cp -f "$seeddir/empty" "$seeddir/help" "$OUT/cli11_app_fuzzer_seed_corpus/" From 758303c4e0703c8ed1f6fe5d788d3f842f2184ae Mon Sep 17 00:00:00 2001 From: TheodorNEngoy <140903820+TheodorNEngoy@users.noreply.github.com> Date: Wed, 15 Oct 2025 02:57:40 +0200 Subject: [PATCH 13/14] cli11: temporarily disable AFL (dry-run treats seeds as crashes); keep libFuzzer + Honggfuzz --- projects/cli11/project.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/projects/cli11/project.yaml b/projects/cli11/project.yaml index 84c17082eb9e..066777d3dc0b 100644 --- a/projects/cli11/project.yaml +++ b/projects/cli11/project.yaml @@ -2,7 +2,6 @@ homepage: https://github.com/CLIUtils/CLI11 main_repo: https://github.com/CLIUtils/CLI11 language: c++ fuzzing_engines: -- afl - honggfuzz - libfuzzer sanitizers: From ea72da30fe4b8e31d13c39f05c35e39a92cb8b1c Mon Sep 17 00:00:00 2001 From: TheodorNEngoy <140903820+TheodorNEngoy@users.noreply.github.com> Date: Fri, 17 Oct 2025 14:23:20 +0200 Subject: [PATCH 14/14] cli11: app fuzzer should use only fuzz_dictionary1 (drop dictionary2 per maintainer feedback) --- projects/cli11/build.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/projects/cli11/build.sh b/projects/cli11/build.sh index 415f021d9a28..2ed3c254e194 100755 --- a/projects/cli11/build.sh +++ b/projects/cli11/build.sh @@ -12,8 +12,7 @@ set -o pipefail # --- Package dictionary (if present) --- if [[ -f "$SRC/cli11/fuzz/fuzz_dictionary1.txt" ]]; then - cat "$SRC/cli11/fuzz/fuzz_dictionary1.txt" "$SRC/cli11/fuzz/fuzz_dictionary2.txt" \ - > "$OUT/cli11_app_fuzzer.dict" || true + cp "$SRC/cli11/fuzz/fuzz_dictionary1.txt" "$OUT/cli11_app_fuzzer.dict" || true fi # --- Tiny, non-crashing seed corpus (zip + plain dir) ---