[libbpf] initial integration #6608
Conversation
it somehow helps to get around google#6524
to make it easier to roll back to the last known working version should something go wrong
to avoid running into unpredictable build failures that can't be controlled by the libbpf project itself. In the future libelf should probably be built using the latest stable release at https://sourceware.org/elfutils/ftp/elfutils-latest.tar.bz2
to hoppefully make it easier to make sense of the build script in the foreseeable future
to make it easier to build the fuzz target locally: ``` cd projects/libbpf git clone https://github.com/libbpf/libbpf ./build.sh unzip -d CORPUS ./out/bpf-object-fuzzer_seed_corpus.zip ./out/bpf-object-fuzzer CORPUS/ ```
It should help to prevent OSS-Fuzz from reporting issues that have already been fixed
|
@anakryiko I added your email address to the "primary_contact" field. If there are any other email addresses the notifications should be sent to just let me know so that I could add them as well. |
anakryiko
left a comment
anakryiko
left a comment
There was a problem hiding this comment.
LGTM. Seems like we can trigger fuzzer runs in Github Actions on each PR. It's pretty cool, I'll try to get this added to our CI. Once this PR gets merged, all the found issues will be found at https://bugs.chromium.org/p/oss-fuzz/issues/list?q=libbpf&can=2, is that right? If not, is there a dashboard of sorts?
Yes, that's correct. Though the OSS-Fuzz project follows Google's standard disclosure policy so people who don't have access to projects can see only a subset of bug reports that have been opened to the public. Personally I think for the most part bugs.chromium.org is helpful when it's necessary to refer to bug reports in commit messages or emails. In terms of keeping track of fuzz targets, performance, coverage, crashes and so on I think dashboards available at https://oss-fuzz.com are much more useful. |
|
@jonathanmetzman @inferno-chromium @oliverchang could you take a look? I'm not sure if it helps but I should have probably mentioned that the library is used by prominent projects like https://github.com/systemd/systemd and https://github.com/iovisor/bcc and its "criticality score" is 0.67216 (which I think is high enough for the project to be included). Thanks! |
3 participants
No description provided.