From 3ac866a907a6998896aed4281ff925ae45dac300 Mon Sep 17 00:00:00 2001 From: penguin Date: Sat, 13 Dec 2025 22:29:23 -0600 Subject: [PATCH 1/6] scripts: add fuzzer helper script --- scripts/fuzz.sh | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100755 scripts/fuzz.sh diff --git a/scripts/fuzz.sh b/scripts/fuzz.sh new file mode 100755 index 0000000..e6550c3 --- /dev/null +++ b/scripts/fuzz.sh @@ -0,0 +1,22 @@ +#!/bin/bash +CWD="$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")" +PROJECT_DIR=$(realpath "${CWD}/../") + +in=$(mktemp -u) || exit $? +out=$(mktemp -u) || exit $? + +mkfifo ${in} ${out} || exit $? + +if [[ -z "$FUZZER_TIMEOUT_S" ]]; then + FUZZER_TIMEOUT_S=600 +fi + + +${PROJECT_DIR}/scripts/atom.py <${in} >${out} \ + | ${PROJECT_DIR}/build/fuzz/atom/parser/fuzzer -max_total_time=$FUZZER_TIMEOUT_S >${in} <${out} \ + ${PROJECT_DIR}/build/atom_parser_fuzzer_corpus \ + -only_ascii=1 \ + -timeout=2 \ + -max_total_time=$FUZZER_TIMEOUT_S \ + -timeout_exitcode=0 \ + "$@" From 4c1f1bcb0ebd06bbbf920a9657dcd59f39f6cdde Mon Sep 17 00:00:00 2001 From: penguin Date: Sat, 13 Dec 2025 22:29:36 -0600 Subject: [PATCH 2/6] ci: add fuzz job ci: fuzz: add timeout ci: fuzz: add fuzzer timeout ci: fuzz: fix portage venv --- .gitea/workflows/gentoo-utils.yml | 32 +++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/.gitea/workflows/gentoo-utils.yml b/.gitea/workflows/gentoo-utils.yml index 836c150..0cc5ca2 100644 --- a/.gitea/workflows/gentoo-utils.yml +++ b/.gitea/workflows/gentoo-utils.yml @@ -125,6 +125,37 @@ jobs: meson compile -C build ninja test -C build + fuzz: + runs-on: brutalisk + env: + CC: 'clang' + CXX: 'clang++' + FUZZER_TIMEOUT_S: 300 + needs: [build-oci-image, build] + container: + image: ${{ vars.REGISTRY_URL }}/${{ gitea.repository }}:${{ needs.build-oci-image.outputs.image_tag }} + steps: + - name: Checkout repo + uses: actions/checkout@v5 + + # FIXME: Get rid of this step when portage has fixes merged? + # needed because portage has fixes upstream we need that arent stable yet + - name: Checkout tip of portage + run: | + git clone https://github.com/gentoo/portage.git + cd portage + python -m venv .venv && ./.venv/bin/pip install -e . + source ./.venv/bin/activate + which emerge + + - name: build and fuzz + run: | + source ./portage/.venv/bin/activate + which emerge + meson setup -Dfuzz=enabled -Dtests=enabled -Dbuildtype=debugoptimized build + meson compile atom_parser_fuzzer:alias -C build + timeout 10m ./scripts/fuzz.sh + check-format: runs-on: brutalisk needs: [build-oci-image] @@ -164,5 +195,6 @@ jobs: uses: actions/checkout@v5 - name: grep for patterns + # negate git grep ret code because 1 means no findings run: | git grep -E 'todo!|dbg!' -- '*.rs' && exit 1 || exit 0 From eac300343d0b0a9400b774e8e583df0e23662b4d Mon Sep 17 00:00:00 2001 From: penguin Date: Sat, 13 Dec 2025 20:29:13 -0600 Subject: [PATCH 3/6] ci: build: remove debugging echos ci: build: remove redundant source --- .gitea/workflows/gentoo-utils.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.gitea/workflows/gentoo-utils.yml b/.gitea/workflows/gentoo-utils.yml index 0cc5ca2..056daa6 100644 --- a/.gitea/workflows/gentoo-utils.yml +++ b/.gitea/workflows/gentoo-utils.yml @@ -98,10 +98,6 @@ jobs: - name: build and check run: | - echo $USER - echo "CC=$CC" - echo "CXX=$CXX" - source /etc/profile meson setup -Dfuzz=enabled -Dtests=enabled -Dbuildtype=debugoptimized -Ddocs=enabled build meson compile -C build From f7f17514a66d52a4acdf0ec9454cfa32a9587dbc Mon Sep 17 00:00:00 2001 From: penguin Date: Sun, 14 Dec 2025 21:36:55 -0600 Subject: [PATCH 4/6] ci: fix some instances of failing commands not failing jobs ci: fix some rare instances of commands failing because TERM wasnt set --- .gitea/workflows/gentoo-utils.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/gentoo-utils.yml b/.gitea/workflows/gentoo-utils.yml index 056daa6..1fc4911 100644 --- a/.gitea/workflows/gentoo-utils.yml +++ b/.gitea/workflows/gentoo-utils.yml @@ -4,7 +4,11 @@ on: [push] defaults: run: - shell: bash -l {0} + shell: bash -el -o pipefail {0} + +# fixes rare instances of git commands failing because TERM isnt set +env: + TERM: xterm jobs: build-oci-image: From 7947af8de2b03b0eb4149fbc90375d508fdb77ed Mon Sep 17 00:00:00 2001 From: penguin Date: Sun, 14 Dec 2025 21:44:31 -0600 Subject: [PATCH 5/6] ci: fuzz: dont fail the pipeline --- .gitea/workflows/gentoo-utils.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitea/workflows/gentoo-utils.yml b/.gitea/workflows/gentoo-utils.yml index 1fc4911..cd150c3 100644 --- a/.gitea/workflows/gentoo-utils.yml +++ b/.gitea/workflows/gentoo-utils.yml @@ -155,6 +155,7 @@ jobs: meson setup -Dfuzz=enabled -Dtests=enabled -Dbuildtype=debugoptimized build meson compile atom_parser_fuzzer:alias -C build timeout 10m ./scripts/fuzz.sh + continue-on-error: true check-format: runs-on: brutalisk From 250a6e7b6f03ec10ddf3d75c307f373357dd622f Mon Sep 17 00:00:00 2001 From: John Turner Date: Tue, 16 Dec 2025 00:33:47 +0000 Subject: [PATCH 6/6] ci: fuzz: clean up fuzzer script a bit --- .gitea/workflows/gentoo-utils.yml | 2 +- scripts/atom_parser_fuzz.sh | 15 +++++++++++++++ scripts/fuzz.sh | 22 ---------------------- 3 files changed, 16 insertions(+), 23 deletions(-) create mode 100755 scripts/atom_parser_fuzz.sh delete mode 100755 scripts/fuzz.sh diff --git a/.gitea/workflows/gentoo-utils.yml b/.gitea/workflows/gentoo-utils.yml index cd150c3..968bac4 100644 --- a/.gitea/workflows/gentoo-utils.yml +++ b/.gitea/workflows/gentoo-utils.yml @@ -154,7 +154,7 @@ jobs: which emerge meson setup -Dfuzz=enabled -Dtests=enabled -Dbuildtype=debugoptimized build meson compile atom_parser_fuzzer:alias -C build - timeout 10m ./scripts/fuzz.sh + timeout 10m ./scripts/atom_parser_fuzz.sh continue-on-error: true check-format: diff --git a/scripts/atom_parser_fuzz.sh b/scripts/atom_parser_fuzz.sh new file mode 100755 index 0000000..3222a51 --- /dev/null +++ b/scripts/atom_parser_fuzz.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +in=$(mktemp -u) || exit $? +out=$(mktemp -u) || exit $? + +mkfifo ${in} ${out} || exit $? + +./scripts/atom.py <${in} >${out} \ + | ./build/fuzz/atom/parser/fuzzer >${in} <${out} \ + ./build/atom_parser_fuzzer_corpus \ + -max_total_time=${FUZZER_TIMEOUT_S:-600} \ + -only_ascii=1 \ + -timeout=2 \ + -timeout_exitcode=0 \ + "$@" diff --git a/scripts/fuzz.sh b/scripts/fuzz.sh deleted file mode 100755 index e6550c3..0000000 --- a/scripts/fuzz.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash -CWD="$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")" -PROJECT_DIR=$(realpath "${CWD}/../") - -in=$(mktemp -u) || exit $? -out=$(mktemp -u) || exit $? - -mkfifo ${in} ${out} || exit $? - -if [[ -z "$FUZZER_TIMEOUT_S" ]]; then - FUZZER_TIMEOUT_S=600 -fi - - -${PROJECT_DIR}/scripts/atom.py <${in} >${out} \ - | ${PROJECT_DIR}/build/fuzz/atom/parser/fuzzer -max_total_time=$FUZZER_TIMEOUT_S >${in} <${out} \ - ${PROJECT_DIR}/build/atom_parser_fuzzer_corpus \ - -only_ascii=1 \ - -timeout=2 \ - -max_total_time=$FUZZER_TIMEOUT_S \ - -timeout_exitcode=0 \ - "$@"