GraphicsMagick: Move to Ubuntu 24.04. Disable memory fuzzer since it no longer works.

[bobfriesenhahn]

Move to Ubuntu 24.04. Use --stream with hg pull for much better performance. Disable the memory fuzzer since it no longer works.

[github-actions]

bobfriesenhahn is either the primary contact or is in the CCs list of projects/graphicsmagick.
bobfriesenhahn has previously contributed to projects/graphicsmagick. The previous PR was #14807

[bobfriesenhahn]

FYI, with the new oss-fuzz Ubuntu 24.04 baseline, and the "memory" fuzzer enabled, any automatically allocated (on stack) buffer which is not fully memset to zero produces a diagnostic, even if the part which was accessed was initialized. Is there a way to solve this problem?

Curl may be the only C/C++ project on the new Ubuntu 24.04 baseline which has "memory" fuzzing enabled, but I looked at the code and it appears that it may have a policy to explicitly fully initialize all stack data immediately.

[bobfriesenhahn]

When I build GraphicsMagick for "memory" sanitizing it seems that there are still some shared libraries linked to by the executables. I see this:

ldd /out/enhance_fuzzer

    linux-vdso.so.1 (0x00007fc4392a5000)
    libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007fc439285000)
    libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007fc439257000)
    libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007fc42bf17000)
    libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fc42bd05000)
    /lib64/ld-linux-x86-64.so.2 (0x00007fc4392a7000)

Are these libraries provided by oss-fuzz for "memory" fuzzing or are they libraries not prepared for "memory" fuzzing?

[bobfriesenhahn]

A working memory sanitizer seems essential. Very few C/C++ projects have successfully migrated to use "base_os_version: ubuntu-24-04". Something is seriously wrong!

I am closing this merge request until a solution is found.