Merge branch 'master' into fix-openssh-build

Author: arthurscchan

infra/cifuzz/cifuzz-base/Dockerfile

@@ -17,10 +17,13 @@
 FROM gcr.io/oss-fuzz-base/base-runner
 
 RUN apt-get update && \
-    apt-get install -y systemd && \
-    wget https://download.docker.com/linux/ubuntu/dists/focal/pool/stable/amd64/docker-ce-cli_20.10.8~3-0~ubuntu-focal_amd64.deb -O /tmp/docker-ce.deb && \
-    dpkg -i /tmp/docker-ce.deb && \
-    rm /tmp/docker-ce.deb
+    apt-get install -y systemd wget gnupg && \
+    install -m 0755 -d /etc/apt/keyrings && \
+    wget -qO- https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
+    chmod a+r /etc/apt/keyrings/docker.gpg && \
+    echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu focal stable" > /etc/apt/sources.list.d/docker.list && \
+    apt-get update && \
+    apt-get install -y docker-ce-cli
 
 ENV PATH=/opt/gcloud/google-cloud-sdk/bin/:$PATH
 ENV OSS_FUZZ_ROOT=/opt/oss-fuzz

infra/cifuzz/cifuzz-base/ubuntu-24-04.Dockerfile

@@ -17,10 +17,13 @@
 FROM gcr.io/oss-fuzz-base/base-runner:ubuntu-24-04
 
 RUN apt-get update && \
-    apt-get install -y systemd && \
-    wget https://download.docker.com/linux/ubuntu/dists/noble/pool/stable/amd64/docker-ce-cli_26.0.0-1~ubuntu.24.04~noble_amd64.deb -O /tmp/docker-ce.deb && \
-    dpkg -i /tmp/docker-ce.deb && \
-    rm /tmp/docker-ce.deb
+    apt-get install -y systemd wget gnupg && \
+    install -m 0755 -d /etc/apt/keyrings && \
+    wget -qO- https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
+    chmod a+r /etc/apt/keyrings/docker.gpg && \
+    echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu noble stable" > /etc/apt/sources.list.d/docker.list && \
+    apt-get update && \
+    apt-get install -y docker-ce-cli
 
 ENV PATH=/opt/gcloud/google-cloud-sdk/bin/:$PATH
 ENV OSS_FUZZ_ROOT=/opt/oss-fuzz

projects/apache-commons-collections/Dockerfile

@@ -16,11 +16,11 @@
 
 FROM gcr.io/oss-fuzz-base/base-builder-jvm
 
-RUN curl -L https://archive.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.zip -o maven.zip && \
+RUN curl -L https://archive.apache.org/dist/maven/maven-3/3.9.9/binaries/apache-maven-3.9.9-bin.zip -o maven.zip && \
 unzip maven.zip -d $SRC/maven && \
 rm -rf maven.zip
 
-ENV MVN $SRC/maven/apache-maven-3.6.3/bin/mvn
+ENV MVN $SRC/maven/apache-maven-3.9.9/bin/mvn
 
 RUN git clone https://github.com/apache/commons-collections
 

projects/apache-poi/src/main/java/org/apache/poi/POIFileHandlerFuzzer.java

@@ -16,6 +16,7 @@
 
 package org.apache.poi;
 
+import java.awt.AWTError;
 import java.awt.geom.IllegalPathStateException;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
@@ -50,6 +51,7 @@
 import org.apache.poi.stress.XWPFFileHandler;
 import org.apache.poi.util.DocumentFormatException;
 import org.apache.poi.util.RecordFormatException;
+import org.apache.poi.xssf.binary.XSSFBParseException;
 import org.apache.xmlbeans.XmlException;
 import org.junit.platform.commons.util.ExceptionUtils;
 import org.opentest4j.AssertionFailedError;
@@ -99,13 +101,18 @@ public static void fuzzerTestOneInput(byte[] input) throws Exception {
 					 IllegalArgumentException | IllegalStateException | IndexOutOfBoundsException | NoSuchElementException |
 					 UnsupportedOperationException | NegativeArraySizeException | BufferUnderflowException |
 					 ChunkNotFoundException | RecordInputStream.LeftoverDataException | RecordFormatException |
-					 OpenXML4JException | OpenXML4JRuntimeException | DocumentFormatException |
+					 OpenXML4JException | OpenXML4JRuntimeException | DocumentFormatException | XSSFBParseException |
 					 // some FileHandlers perform checks via assertions, so we expect this type of exception as well
 					 AssertionFailedError | TestAbortedException |
 					 NotImplementedException | FormulaParseException | IllegalPathStateException
 					e) {
 				// expected here
-			} catch (java.lang.InternalError e) {
+			} catch (AWTError e) {
+				// POI cannot fix it if there is no DISPLAY
+				if (!ExceptionUtils.readStackTrace(e).contains("Can't connect to X11 window server")) {
+					throw e;
+				}
+			} catch (InternalError e) {
 				// POI cannot fix it if the font-system is not fully installed, so let's ignore
 				// this for fuzzing
 				if (!ExceptionUtils.readStackTrace(e).contains("Fontconfig head is null")) {

projects/apache-poi/src/main/java/org/apache/poi/POIHSLFFuzzer.java

@@ -43,7 +43,8 @@ public static void fuzzerTestOneInput(byte[] input) {
 			slides.write(NullOutputStream.INSTANCE);
 		} catch (IOException | IllegalArgumentException | RecordFormatException |
 				 IllegalStateException | HSLFException | IndexOutOfBoundsException |
-				 BufferUnderflowException | POIXMLException | NoSuchElementException e) {
+				 BufferUnderflowException | POIXMLException | NoSuchElementException |
+				NegativeArraySizeException e) {
 			// expected here
 		}
 

projects/binutils/fuzz_addr2line.c

@@ -21,6 +21,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
 int
 LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
+  if (size > 16384)
+    return 0;
   char filename[256];
   sprintf(filename, "/tmp/libfuzzer.%d", getpid());
   FILE *fp = fopen(filename, "wb");

projects/binutils/fuzz_as.c

@@ -32,6 +32,8 @@ xatexit (void (*fn) (void) ATTRIBUTE_UNUSED)
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  if (size > 1024)
+    return 0;
   char filename[256];
   sprintf(filename, "/tmp/libfuzzer-%d.s", getpid());
   FILE *fp = fopen(filename, "wb");

projects/binutils/fuzz_bfd.c

@@ -39,6 +39,8 @@ static int bufferToFile(char * name, const uint8_t *Data, size_t Size) {
 char *target = NULL;
 
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (Size > 16384)
+    return 0;
     char tmpfilename[32];
 
     if (bfd_init() != BFD_INIT_MAGIC)

projects/binutils/fuzz_bfd_ext.c

@@ -42,6 +42,8 @@ static int bufferToFile(char *name, const uint8_t *Data, size_t Size) {
 }
 
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (Size > 16384)
+    return 0;
   char tmpfilename[32];
 
   if (bfd_init() != BFD_INIT_MAGIC)

projects/binutils/fuzz_dlltool.c

@@ -60,9 +60,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
 int
 LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
-  if (size < 512) {
+  if (size < 512 || size > 16384)
     return 0;
-  }
 
   /* def file */
   char filename[256];