Merge branch 'master' into make_centipede_default_engine

.github/workflows/project_tests.yml

@@ -45,6 +45,9 @@ jobs:
           - engine: centipede
             sanitizer: address
             architecture: x86_64
+          - engine: centipede
+            sanitizer: none
+            architecture: x86_64
     env:
       ENGINE: ${{ matrix.engine }}
       SANITIZER: ${{ matrix.sanitizer }}

infra/base-images/base-runner/bad_build_check

@@ -122,6 +122,8 @@ function check_engine {
     # binaries if they are from trial build and production build.
     # TODO(Dongge): Support run test with sanitized binaries for trial and
     # production build.
+    CENTIPEDE_WORKDIR=/tmp/centipede-workdir
+    mkdir -p $CENTIPEDE_WORKDIR
     SKIP_SEED_CORPUS=1 timeout --preserve-status -s INT 20s run_fuzzer $FUZZER_NAME &>$FUZZER_OUTPUT
     CHECK_PASSED=$(egrep "\[0] begin-fuzz: ft: 0 cov: 0" -c $FUZZER_OUTPUT)
     if (( $CHECK_PASSED == 0 )); then

infra/base-images/base-runner/run_fuzzer

@@ -173,7 +173,7 @@ elif [[ "$FUZZING_ENGINE" = honggfuzz ]]; then
 elif [[ "$FUZZING_ENGINE" = centipede ]]; then
 
   # Create the work and corpus directory for Centipede.
-  mkdir -p "$OUT/workdir"
+  CENTIPEDE_WORKDIR="${CENTIPEDE_WORKDIR:-$OUT}"
 
   # Centipede only saves crashes to crashes/ in workdir.
   rm -rf $FUZZER_OUT
@@ -190,7 +190,7 @@ elif [[ "$FUZZING_ENGINE" = centipede ]]; then
   # --address_space_limit_mb=0: No address space limit.
   # --binary: The target binary under test without sanitizer.
   # --extra_binary: The target binaries under test with sanitizers.
-  CMD_LINE="$OUT/centipede --workdir=\"$OUT/workdir\" --corpus_dir=\"$CORPUS_DIR\" --fork_server=1 --exit_on_crash=1 --timeout=1200 --rss_limit_mb=4096 --address_space_limit_mb=5120 $(get_dictionary) --binary=\"$OUT/${FUZZER}\" $(get_extra_binaries) $*"
+  CMD_LINE="$OUT/centipede --workdir=$CENTIPEDE_WORKDIR --corpus_dir=\"$CORPUS_DIR\" --fork_server=1 --exit_on_crash=1 --timeout=1200 --rss_limit_mb=4096 --address_space_limit_mb=5120 $(get_dictionary) --binary=\"$OUT/${FUZZER}\" $(get_extra_binaries) $*"
 else
 
   CMD_LINE="$OUT/$FUZZER $FUZZER_ARGS $*"

infra/base-images/base-runner/test_all.py

@@ -105,8 +105,6 @@ def do_bad_build_check(fuzz_target):
   if centipede_needs_auxiliaries():
     print('INFO: Finding Centipede\'s auxiliary for target', fuzz_target)
     auxiliary_path = find_centipede_auxiliary(fuzz_target)
-    if not auxiliary_path:
-      return False
     print('INFO: Using auxiliary binary:', auxiliary_path)
     auxiliary = [auxiliary_path]
   else:
@@ -212,14 +210,20 @@ def find_centipede_auxiliary(main_fuzz_target_path):
   return None
 
 
-def test_all(out, allowed_broken_targets_percentage):
+def test_all(out, allowed_broken_targets_percentage):  # pylint: disable=too-many-return-statements
   """Do bad_build_check on all fuzz targets."""
   # TODO(metzman): Refactor so that we can convert test_one to python.
   fuzz_targets = find_fuzz_targets(out)
   if not fuzz_targets:
     print('ERROR: No fuzz targets found.')
     return False
 
+  if centipede_needs_auxiliaries():
+    for fuzz_target in fuzz_targets:
+      if not find_centipede_auxiliary(fuzz_target):
+        print(f'ERROR: Couldn\'t find auxiliary for {fuzz_target}.')
+        return False
+
   pool = multiprocessing.Pool()
   bad_build_results = pool.map(do_bad_build_check, fuzz_targets)
   pool.close()

projects/apache-httpd/build.sh

@@ -16,6 +16,7 @@
 ################################################################################
 
 unset CPP
+INITIAL_CXX=$CXX
 unset CXX
 export LDFLAGS="-l:libbsd.a"
 
@@ -31,10 +32,12 @@ static_pcre=($(find /src/pcre2 -name "libpcre2-8.a"))
 
 # Build the fuzzers
 for fuzzname in utils parse tokenize addr_parse uri request preq; do
-  $CC $CFLAGS $LIB_FUZZING_ENGINE \
+  $CC $CFLAGS -c \
     -I$SRC/fuzz-headers/lang/c -I./include -I./os/unix \
     -I./srclib/apr/include -I./srclib/apr-util/include/ \
-    $SRC/fuzz_${fuzzname}.c -o $OUT/fuzz_${fuzzname} \
+    $SRC/fuzz_${fuzzname}.c
+
+  $INITIAL_CXX $CXXFLAGS $LIB_FUZZING_ENGINE fuzz_${fuzzname}.o -o $OUT/fuzz_${fuzzname} \
     ./modules.o buildmark.o \
     -Wl,--start-group ./server/.libs/libmain.a \
                       ./modules/core/.libs/libmod_so.a \

projects/bluez/build.sh

@@ -23,22 +23,26 @@ make
 INCLUDES="-I. -I./src -I./lib -I./gobex -I/usr/local/include/glib-2.0/ -I/src/glib/_build/glib/"
 STATIC_LIBS="./src/.libs/libshared-glib.a ./lib/.libs/libbluetooth-internal.a  -l:libical.a -l:libicalss.a -l:libicalvcal.a -l:libdbus-1.a /src/glib/_build/glib/libglib-2.0.a"
 
-$CC $CFLAGS $LIB_FUZZING_ENGINE $INCLUDES \
- $SRC/fuzz_xml.c ./src/bluetoothd-sdp-xml.o -o $OUT/fuzz_xml \
- $STATIC_LIBS -ldl -lpthread
+$CC $CFLAGS $INCLUDES $SRC/fuzz_xml.c -c
+$CC $CFLAGS $INCLUDES $SRC/fuzz_sdp.c -c
+$CC $CFLAGS $INCLUDES $SRC/fuzz_textfile.c -c
+$CC $CFLAGS $INCLUDES $SRC/fuzz_gobex.c -c
+$CC $CFLAGS $INCLUDES $SRC/fuzz_hci.c -c
 
-$CC $CFLAGS $LIB_FUZZING_ENGINE $INCLUDES \
- $SRC/fuzz_sdp.c -o $OUT/fuzz_sdp \
+$CXX $CXXFLAGS $LIB_FUZZING_ENGINE \
+ ./src/bluetoothd-sdp-xml.o fuzz_xml.o -o $OUT/fuzz_xml \
  $STATIC_LIBS -ldl -lpthread
 
-$CC $CFLAGS $LIB_FUZZING_ENGINE $INCLUDES \
- $SRC/fuzz_textfile.c -o $OUT/fuzz_textfile \
- $STATIC_LIBS -ldl -lpthread src/textfile.o
+$CXX $CXXFLAGS $LIB_FUZZING_ENGINE \
+ fuzz_sdp.o -o $OUT/fuzz_sdp $STATIC_LIBS -ldl -lpthread
+
+$CXX $CXXFLAGS $LIB_FUZZING_ENGINE fuzz_textfile.o -o $OUT/fuzz_textfile \
+  $STATIC_LIBS -ldl -lpthread src/textfile.o
 
-$CC $CFLAGS $LIB_FUZZING_ENGINE $INCLUDES \
- $SRC/fuzz_gobex.c ./gobex/gobex*.o -o $OUT/fuzz_gobex \
+$CXX $CXXFLAGS $LIB_FUZZING_ENGINE \
+  fuzz_gobex.o ./gobex/gobex*.o -o $OUT/fuzz_gobex \
  $STATIC_LIBS -ldl -lpthread
 
-$CC $CFLAGS $LIB_FUZZING_ENGINE $INCLUDES \
- $SRC/fuzz_hci.c ./gobex/gobex*.o -o $OUT/fuzz_hci \
+$CXX $CXXFLAGS $LIB_FUZZING_ENGINE \
+ fuzz_hci.o ./gobex/gobex*.o -o $OUT/fuzz_hci \
  $STATIC_LIBS -ldl -lpthread

projects/clib/build.sh

@@ -24,13 +24,14 @@ sed 's/int main(int argc/int main2(int argc/g' -i ./src/clib-configure.c
 find . -name "*.o" -exec ar rcs fuzz_lib.a {} \;
 
 $CC $CFLAGS -Wno-unused-function -U__STRICT_ANSI__  \
-	-DHAVE_PTHREADS=1 -pthread -o fuzz_manifest.o \
-	-c test/fuzzing/fuzz_manifest.c -I./asprintf -I./deps/ \
+	-DHAVE_PTHREADS=1 -pthread \
+	-c src/common/clib-cache.c src/clib-configure.c \
+        src/common/clib-settings.c src/common/clib-package.c \
+        test/fuzzing/fuzz_manifest.c -I./asprintf -I./deps/ \
 	-I./deps/asprintf
 
-$CC $CFLAGS $LIB_FUZZING_ENGINE fuzz_manifest.o \
-	-o $OUT/fuzz_manifest src/common/clib-settings.c src/common/clib-package.c \
-	src/common/clib-cache.c src/clib-configure.c \
+$CXX $CXXFLAGS $LIB_FUZZING_ENGINE fuzz_manifest.o \
+	-o $OUT/fuzz_manifest  clib-cache.o clib-configure.o clib-settings.o clib-package.o \
 	-I./deps/asprintf -I./deps -I./asprintf \
 	fuzz_lib.a -L/usr/lib/x86_64-linux-gnu -lcurl
 

projects/croaring/build.sh

@@ -17,13 +17,12 @@
 
 mkdir build-dir && cd build-dir
 cmake -DENABLE_ROARING_TESTS=OFF ..
-
 make -j$(nproc)
 
 $CC $CFLAGS  \
      -I$SRC/croaring/include \
      -c $SRC/croaring_fuzzer.c -o fuzzer.o
-$CC $CFLAGS $LIB_FUZZING_ENGINE fuzzer.o   \
+$CXX $CXXFLAGS $LIB_FUZZING_ENGINE fuzzer.o   \
      -o $OUT/croaring_fuzzer $SRC/croaring/build-dir/src/libroaring.a
 
 zip $OUT/croaring_fuzzer_seed_corpus.zip $SRC/croaring/tests/testdata/*bin

projects/gpac/build.sh

@@ -20,6 +20,7 @@ cd gpac
 make
 
 cp $SRC/testsuite/oss-fuzzers/fuzz_parse.c .
-$CC $CFLAGS $LIB_FUZZING_ENGINE fuzz_parse.c -o $OUT/fuzz_parse \
-    -I./include -I./ ./bin/gcc/libgpac_static.a \
-    -lm -lz -lpthread -lssl -lcrypto -DGPAC_HAVE_CONFIG_H 
+$CC $CFLAGS -I./include -I./ -DGPAC_HAVE_CONFIG_H -c fuzz_parse.c
+$CXX $CXXFLAGS $LIB_FUZZING_ENGINE fuzz_parse.o -o $OUT/fuzz_parse \
+  ./bin/gcc/libgpac_static.a \
+  -lm -lz -lpthread -lssl -lcrypto -DGPAC_HAVE_CONFIG_H

projects/h3/build.sh

@@ -34,7 +34,7 @@ for fuzzer in $(find $H3_BASE/src/apps/fuzzers -name '*.c'); do
     -o $fuzzer_basename.o \
     -c $fuzzer
 
-  $CC $CFLAGS $LIB_FUZZING_ENGINE -rdynamic \
+  $CXX $CXXFLAGS $LIB_FUZZING_ENGINE -rdynamic \
     $fuzzer_basename.o \
     -o $OUT/$fuzzer_basename \
     lib/libh3.a

projects/hdf5/build.sh

@@ -36,6 +36,8 @@ cmake -G "Unix Makefiles" \
 cmake --build . --verbose --config Release -j$(nproc)
 cd $SRC/hdf5
 
-$CC $CXXFLAGS $LIB_FUZZING_ENGINE -std=c99 \
-    -I/src/hdf5/src -I/src/hdf5/build-dir/src -I./src/H5FDsubfiling/ \
-    $SRC/h5_read_fuzzer.c ./build-dir/bin/libhdf5.a  -lz -o $OUT/h5_read_fuzzer
+$CC $CFLAGS  -std=c99 -c \
+  -I/src/hdf5/src -I/src/hdf5/build-dir/src -I./src/H5FDsubfiling/ \
+  $SRC/h5_read_fuzzer.c
+
+$CXX $CXXFLAGS $LIB_FUZZING_ENGINE h5_read_fuzzer.o ./build-dir/bin/libhdf5.a -lz -o $OUT/h5_read_fuzzer

projects/hermes/Dockerfile

@@ -16,15 +16,18 @@
 
 FROM gcr.io/oss-fuzz-base/base-builder
 RUN apt-get update && \
-    apt-get install -y make autoconf automake libtool wget \
-    python3 zip libreadline-dev libatomic-ops-dev
+    apt-get install -yqq make autoconf automake libtool wget \
+    python3 zip libreadline-dev libatomic-ops-dev npm
 
 # Building ninja requires PEP 517.
 RUN pip3 install "pip>=22.3.1"
 
 RUN pip3 install meson ninja
 RUN ln -s /usr/local/bin/ninja /usr/bin/ninja
 
+# Install NPM to strip comments
+RUN npm install -g @prasadrajandran/strip-comments-cli
+
 # Add JS dictionaries
 RUN git clone --depth 1 https://github.com/chromium/chromium && \
     cat chromium/testing/libfuzzer/fuzzers/dicts/javascript_parser_proto.dict > $SRC/hermes.dict && \
@@ -35,21 +38,26 @@ RUN wget https://github.com/unicode-org/icu/archive/refs/tags/cldr/2021-08-25.ta
     mv ./icu-cldr-2021-08-25/icu4c $SRC/icu
 
 RUN git clone https://github.com/facebook/hermes.git
+RUN git clone --depth 1 https://github.com/tc39/test262
+RUN git clone --depth 1 https://github.com/Zon8Research/v8-vulnerabilities
 
-# Add tests from project directory as seed corpus.
-RUN find hermes/test -iname '*.js' | zip -@ -q $SRC/hermes_seed_corpus.zip
-
-# Add tests from test262 as seed corpus
-RUN git clone --depth 1 https://github.com/tc39/test262 && \
-    find test262/test -iname '*.js' | zip -@ -q $SRC/hermes_seed_corpus.zip
+# Strip comments from corpus.
+RUN find hermes/test -iname '*.js' -exec stripcomments --write --confirm-overwrite '{}' \+
+RUN find test262/test -iname '*.js' -exec stripcomments --write --confirm-overwrite '{}' \+
+RUN find v8-vulnerabilities/pocs -iname '*.js' -exec stripcomments --write --confirm-overwrite '{}' \+
 
-# Add V8 PoCs as seed corpus.
+# Process corpora
 COPY filter-corpus.py $SRC/
-RUN git clone --depth 1 https://github.com/Zon8Research/v8-vulnerabilities && \
-    python filter-corpus.py && \
-    find v8-vulnerabilities/pocs -iname '*.js' | zip -@ -q $SRC/hermes_seed_corpus.zip
+RUN python filter-corpus.py
 RUN rm $SRC/filter-corpus.py
 
+# Add unit tests from project directory as seed corpus.
+RUN find hermes/test -iname '*.js' | zip -@ -q $SRC/hermes_seed_corpus.zip
+# Add tests from test262 as seed corpus.
+RUN find test262/test -iname '*.js' | zip -@ -q $SRC/hermes_seed_corpus.zip
+# Add V8 PoCs as seed corpus.
+RUN find v8-vulnerabilities/pocs -iname '*.js' | zip -@ -q $SRC/hermes_seed_corpus.zip
+
 WORKDIR $SRC
 COPY build.sh $SRC/
 # This is to fix Fuzz Introspector build by using LLVM old pass manager

projects/hiredis/build.sh

@@ -21,5 +21,5 @@ mv fuzzing/format_command_fuzzer.c .
 $CC $CFLAGS -std=c99 -pedantic -c -O3 -fPIC \
 	format_command_fuzzer.c -o format_command_fuzzer.o
 
-$CC $CFLAGS -O3 -fPIC $LIB_FUZZING_ENGINE format_command_fuzzer.o \
+$CXX $CXXFLAGS -O3 -fPIC $LIB_FUZZING_ENGINE format_command_fuzzer.o \
 	-o $OUT/format_command_fuzzer libhiredis.a

projects/jwt-verify-lib/Dockerfile

@@ -14,9 +14,9 @@
 #
 ################################################################################
 
-# TODO: workaround https://github.com/google/oss-fuzz/issues/8915
-FROM gcr.io/oss-fuzz-base/base-builder@sha256:a723398a016b23d0e2b29f5c0203a6734900e404d09fdd44a555c1514ca513fa
+FROM gcr.io/oss-fuzz-base/base-builder
 
-RUN git clone https://github.com/google/jwt_verify_lib.git
+RUN apt-get update && apt-get install python3 -y
+RUN git clone --depth 1 https://github.com/google/jwt_verify_lib.git
 WORKDIR $SRC/jwt_verify_lib/
 COPY build.sh $SRC/

projects/kamailio/build.sh

@@ -28,10 +28,19 @@ cd src
 mkdir objects && find . -name "*.o" -exec cp {} ./objects/ \;
 ar -r libkamilio.a ./objects/*.o
 cd ../
-$CC $CFLAGS $LIB_FUZZING_ENGINE ./misc/fuzz/fuzz_uri.c -o $OUT/fuzz_uri \
+$CC $CFLAGS -c ./misc/fuzz/fuzz_uri.c \
     -DFAST_LOCK -D__CPU_i386 ./src/libkamilio.a \
     -I./src/ -I./src/core/parser -ldl -lresolv -lm
 
-$CC $CFLAGS $LIB_FUZZING_ENGINE ./misc/fuzz/fuzz_parse_msg.c -o $OUT/fuzz_parse_msg \
+$CXX $CXXFLAGS $LIB_FUZZING_ENGINE fuzz_uri.o -o $OUT/fuzz_uri \
     -DFAST_LOCK -D__CPU_i386 ./src/libkamilio.a \
     -I./src/ -I./src/core/parser -ldl -lresolv -lm
+
+$CC $CFLAGS  ./misc/fuzz/fuzz_parse_msg.c -c \
+    -DFAST_LOCK -D__CPU_i386 ./src/libkamilio.a \
+    -I./src/ -I./src/core/parser -ldl -lresolv -lm
+
+$CXX $CXXFLAGS $LIB_FUZZING_ENGINE fuzz_parse_msg.o -o $OUT/fuzz_parse_msg \
+    -DFAST_LOCK -D__CPU_i386 ./src/libkamilio.a \
+    -I./src/ -I./src/core/parser -ldl -lresolv -lm
+

projects/libdwarf/build.sh

@@ -34,6 +34,7 @@ zip -r -j $OUT/fuzz_init_path_seed_corpus.zip $SRC/corp
 cp $OUT/fuzz_init_path_seed_corpus.zip $OUT/fuzz_init_binary_seed_corpus.zip
 
 for fuzzName in init_path init_binary; do
-  $CC $CFLAGS $LIB_FUZZING_ENGINE -I../src/lib/libdwarf/ \
-    $SRC/fuzz_${fuzzName}.c -o $OUT/fuzz_${fuzzName} ./src/lib/libdwarf/libdwarf.a -lz
+  $CC $CFLAGS -I../src/lib/libdwarf/ $SRC/fuzz_${fuzzName}.c -c
+  $CXX $CXXFLAGS $LIB_FUZZING_ENGINE -o $OUT/fuzz_${fuzzName} fuzz_${fuzzName}.o \
+    ./src/lib/libdwarf/libdwarf.a -lz
 done

projects/libiec61850/build.sh

@@ -20,9 +20,12 @@ mkdir build && cd build
 cmake ../
 make
 
-$CC $CFLAGS $LIB_FUZZING_ENGINE ../fuzz/fuzz_mms_decode.c -o $OUT/fuzz_mms_decode ./src/libiec61850.a \
+$CC $CFLAGS $LIB_FUZZING_ENGINE ../fuzz/fuzz_mms_decode.c -c \
 	-I../src/iec61850/inc -I../src/mms/inc -I../src/common/inc \
-	-I../hal/inc -I../src/logging ./hal/libhal.a
+	-I../hal/inc -I../src/logging
+
+
+$CXX $CXXFLAGS -fuse-ld=lld $LIB_FUZZING_ENGINE fuzz_mms_decode.o -o $OUT/fuzz_mms_decode ./src/libiec61850.a ./hal/libhal.a
 
 # Copy over the options file
 cp $SRC/fuzz_decode.options $OUT/fuzz_decode.options

projects/libpg_query/build.sh

@@ -16,4 +16,5 @@
 ################################################################################
 
 make build
-$CC $CFLAGS $LIB_FUZZING_ENGINE ./test/fuzz/fuzz_parser.c ./libpg_query.a -I./ -o $OUT/fuzz_parser
+$CC $CFLAGS -c ./test/fuzz/fuzz_parser.c ./libpg_query.a -I./
+$CXX $CXXFLAGS $LIB_FUZZING_ENGINE fuzz_parser.o ./libpg_query.a -I./ -o $OUT/fuzz_parser

projects/libredwg/build.sh

@@ -21,7 +21,9 @@ sh ./autogen.sh
 ./configure --disable-shared --disable-bindings --enable-release
 make
 
-$CC $CFLAGS $LIB_FUZZING_ENGINE examples/llvmfuzz.c -o $OUT/llvmfuzz \
-    src/.libs/libredwg.a -I./include -I./src
+$CC $CFLAGS src/.libs/libredwg.a -I./include -I./src -c examples/llvmfuzz.c
+
+$CXX $CXXFLAGS $LIB_FUZZING_ENGINE llvmfuzz.o src/.libs/libredwg.a \
+  -o $OUT/llvmfuzz
 
 cp $SRC/llvmfuzz.options $OUT/llvmfuzz.options

projects/libressl/Dockerfile

@@ -14,9 +14,8 @@
 #
 ################################################################################
 
-# Held back because of github.com/google/oss-fuzz/pull/8313
-# Please fix failure and upgrade.
-FROM gcr.io/oss-fuzz-base/base-builder@sha256:111d6b9d3a52bd3392602c71dc8936c628607a7a9bc86d381db7586f9b1e840f
+FROM gcr.io/oss-fuzz-base/base-builder
+
 RUN apt-get update && apt-get install -y make cmake wget autoconf automake libtool bison flex texinfo lzip
 RUN git clone --depth 1 https://github.com/libressl-portable/portable.git libressl
 RUN git clone --depth 1 https://github.com/libressl-portable/fuzz.git libressl.fuzzers

projects/libssh/build.sh

@@ -28,7 +28,10 @@ for f in $fuzzers; do
     fuzzerName=$(basename $f .c)
     echo "Building fuzzer $fuzzerName"
     $CC $CFLAGS -I$SRC/libssh/include/ -I$SRC/libssh/src/ -I$BUILD/ -I$BUILD/include/ \
-        "$f" -o "$OUT/$fuzzerName" -O0 -g \
+        -c "$f" -O0 -g
+
+    $CXX $CXXFLAGS $fuzzerName.o \
+        -o "$OUT/$fuzzerName" -O0 -g \
         $LIB_FUZZING_ENGINE ./src/libssh.a -Wl,-Bstatic -lcrypto -lz -Wl,-Bdynamic
 
     if [ -d "$SRC/libssh/tests/fuzz/${fuzzerName}_corpus" ]; then

projects/libucl/build.sh

@@ -16,10 +16,12 @@
 
 cp $SRC/ucl_add_string_fuzzer.options $OUT/
 
-cd libucl 
+cd libucl
 ./autogen.sh && ./configure
 make
 
-$CC $CFLAGS $LIB_FUZZING_ENGINE tests/fuzzers/ucl_add_string_fuzzer.c \
-    -DHAVE_CONFIG_H -I./src -I./include src/.libs/libucl.a -I./ \
-    -o $OUT/ucl_add_string_fuzzer
+$CC $CFLAGS -c tests/fuzzers/ucl_add_string_fuzzer.c \
+  -DHAVE_CONFIG_H -I./src -I./include src/.libs/libucl.a -I./ \
+  -o $OUT/ucl_add_string_fuzzer.o
+
+$CXX $CXXFLAGS $LIB_FUZZING_ENGINE $OUT/ucl_add_string_fuzzer.o -DHAVE_CONFIG_H -I./src -I./include src/.libs/libucl.a -I. -o $OUT/ucl_add_string_fuzzer

projects/libyang/build.sh

@@ -20,12 +20,13 @@ git checkout devel
 
 sed -i 's/add_subdirectory/#add_subdirectory/g' ./tools/CMakeLists.txt
 mkdir build && cd build
-cmake ../ -DENABLE_STATIC=ON 
+cmake ../ -DENABLE_STATIC=ON
 make
 
 static_pcre=($(find /src/pcre2 -name "libpcre2-8.a"))
 
 for fuzzer in lyd_parse_mem_json lyd_parse_mem_xml lys_parse_mem; do
-    $CC $CFLAGS $LIB_FUZZING_ENGINE ../tests/fuzz/${fuzzer}.c -o $OUT/${fuzzer} \
-        ./libyang.a -I../src -I../src/plugins_exts -I./src -I./compat ${static_pcre}
+  $CC $CFLAGS -c ../tests/fuzz/${fuzzer}.c -I../src -I../src/plugins_exts -I./src -I./compat
+  $CXX $CXXFLAGS $LIB_FUZZING_ENGINE ${fuzzer}.o -o $OUT/${fuzzer} \
+    ./libyang.a ${static_pcre}
 done