Merge branch 'master' into golang-ver-fix

infra/base-images/base-builder/install_go.sh

@@ -16,9 +16,11 @@
 ################################################################################
 
 cd /tmp
+
 wget https://go.dev/dl/go1.23.4.linux-amd64.tar.gz
 mkdir temp-go
 tar -C temp-go/ -xzf go1.23.4.linux-amd64.tar.gz
+
 mkdir /root/.go/
 mv temp-go/go/* /root/.go/
 rm -rf temp-go

infra/build/functions/trial_build.py

@@ -287,7 +287,7 @@ def wait_on_builds(build_ids, credentials, cloud_project, end_time):  # pylint:
     # Update status every hour.
     if current_time >= next_check_time:
       logging.info(f'[{current_time}] Remaining builds: '
-                   '{len(wait_builds)}, {wait_builds}')
+                   f'{len(wait_builds)}, {wait_builds}')
       next_check_time += datetime.timedelta(hours=1)
 
     # Warn users and write a summary if build is about to end.

projects/arrow/project.yaml

@@ -15,4 +15,5 @@ auto_ccs:
   - "[email protected]"
   - "[email protected]"
   - "[email protected]"
+  - "[email protected]"
 main_repo: 'https://github.com/apache/arrow.git'

projects/golang/Dockerfile

@@ -23,6 +23,11 @@ RUN git clone --depth 1 https://github.com/golang/image
 RUN git clone --depth 1 https://github.com/golang/crypto
 RUN git clone --depth 1 https://github.com/golang/text
 RUN git clone --depth 1 https://github.com/AdamKorcz/instrumentation
+RUN wget https://go.dev/dl/go1.23.4.linux-amd64.tar.gz \
+    && mkdir temp-go \
+    && rm -rf /root/.go/* \
+    && tar -C temp-go/ -xzf go1.23.4.linux-amd64.tar.gz \
+    && mv temp-go/go/* /root/.go/
 COPY build.sh text_fuzzer.go \
      math_big_fuzzer.go \
      fuzz_tar_reader.go \

projects/golang/build.sh

@@ -134,7 +134,7 @@ compile_go_fuzzer regexpPackage FuzzFindMatchApis fuzz_find_match_apis
 cp $SRC/h2c_fuzzer.go $SRC/net/http2/h2c/
 cd $SRC/net/http2/h2c
 cd $SRC/instrumentation && go run main.go --target_dir=$SRC/net --check_io_length=true && cd -
-go mod tidy -e -go=1.16 && go mod tidy -e -go=1.17
+go mod tidy
 compile_go_fuzzer . FuzzH2c fuzz_x_h2c
 mv $SRC/fuzz_x_h2c.options $OUT/
 

projects/golang/ecdsa_fuzzer.go

@@ -38,7 +38,10 @@ func FuzzEcdsaSign(data []byte) int {
 		return 0
 	}
 	randReader := bytes.NewReader(data[:firstRandReaderLen])
-	priv, _ := ecdsa.GenerateKey(c[cIndex], randReader)
+	priv, err := ecdsa.GenerateKey(c[cIndex], randReader)
+	if err != nil {
+		return 0
+	}
 	_, _, _ = ecdsa.Sign(randReader, priv, data[firstRandReaderLen+1:])
 	return 1
 }

projects/kimageformats/build.sh

@@ -172,6 +172,7 @@ HANDLER_TYPES="ANIHandler ani
         EXRHandler exr
         HDRHandler hdr
         HEIFHandler heif
+        JP2Handler jp2
         QJpegXLHandler jxl
         JXRHandler jxr
         KraHandler kra
@@ -196,7 +197,7 @@ echo "$HANDLER_TYPES" | while read class format; do
   /usr/libexec/moc $SRC/kimageformats/src/imageformats/$format.cpp -o $format.moc
   header=`ls $SRC/kimageformats/src/imageformats/$format*.h`
   /usr/libexec/moc $header -o moc_`basename $header .h`.cpp
-  $CXX $CXXFLAGS -fPIC -DHANDLER=$class -std=c++17 $SRC/kimgio_fuzzer.cc $SRC/kimageformats/src/imageformats/$format.cpp $SRC/kimageformats/src/imageformats/scanlineconverter.cpp -o $OUT/$fuzz_target_name -DJXL_STATIC_DEFINE -DJXL_THREADS_STATIC_DEFINE -DJXL_CMS_STATIC_DEFINE -DINITGUID -I $SRC/kimageformats/src/imageformats/ -I $SRC/libavif/include/ -I $SRC/libjxl/build/lib/include/ -I $SRC/libjxl/lib/include/ -I /usr/local/include/OpenEXR/ -I /usr/local/include/KF6/KArchive/ -I /usr/local/include/Imath -I $SRC/jxrlib/common/include -I $SRC/jxrlib/jxrgluelib -I $SRC/jxrlib/image/sys -I /usr/include/QtCore/ -I /usr/include/QtGui/ -I . $SRC/libavif/build/libavif.a /usr/local/lib/libheif.a /usr/local/lib/libde265.a $SRC/aom/build.libavif/libaom.a $SRC/libjxl/build/lib/libjxl_threads.a $SRC/libjxl/build/lib/libjxl.a $SRC/libjxl/build/lib/libjxl_cms.a $SRC/libjxl/build/third_party/highway/libhwy.a $SRC/libjxl/build/third_party/brotli/libbrotlidec.a $SRC/libjxl/build/third_party/brotli/libbrotlienc.a $SRC/libjxl/build/third_party/brotli/libbrotlicommon.a -lQt6Gui -lQt6Core -lQt6BundledLibpng -lQt6BundledHarfbuzz -lm -lQt6BundledPcre2 -ldl -lpthread $LIB_FUZZING_ENGINE /usr/local/lib/libzip.a /usr/local/lib/libz.a -lKF6Archive /usr/local/lib/libz.a /usr/local/lib/libraw.a /usr/local/lib/libOpenEXR-3_3.a /usr/local/lib/libIex-3_3.a /usr/local/lib/libImath-3_1.a /usr/local/lib/libIlmThread-3_3.a /usr/local/lib/libOpenEXRCore-3_3.a /usr/local/lib/libOpenEXRUtil-3_3.a /usr/local/lib/libopenjp2.a /usr/local/lib/libzstd.a $SRC/jxrlib/build/libjxrglue.a $SRC/jxrlib/build/libjpegxr.a -llzma /usr/local/lib/libbz2.a -lclang_rt.builtins
+  $CXX $CXXFLAGS -fPIC -DHANDLER=$class -std=c++17 $SRC/kimgio_fuzzer.cc $SRC/kimageformats/src/imageformats/$format.cpp $SRC/kimageformats/src/imageformats/scanlineconverter.cpp -o $OUT/$fuzz_target_name -DJXL_STATIC_DEFINE -DJXL_THREADS_STATIC_DEFINE -DJXL_CMS_STATIC_DEFINE -DINITGUID -I $SRC/kimageformats/src/imageformats/ -I $SRC/libavif/include/ -I $SRC/libjxl/build/lib/include/ -I $SRC/libjxl/lib/include/ -I /usr/local/include/OpenEXR/ -I /usr/local/include/KF6/KArchive/ -I /usr/local/include/openjpeg-2.5 -I /usr/local/include/Imath -I $SRC/jxrlib/common/include -I $SRC/jxrlib/jxrgluelib -I $SRC/jxrlib/image/sys -I /usr/include/QtCore/ -I /usr/include/QtGui/ -I . $SRC/libavif/build/libavif.a /usr/local/lib/libheif.a /usr/local/lib/libde265.a $SRC/aom/build.libavif/libaom.a $SRC/libjxl/build/lib/libjxl_threads.a $SRC/libjxl/build/lib/libjxl.a $SRC/libjxl/build/lib/libjxl_cms.a $SRC/libjxl/build/third_party/highway/libhwy.a $SRC/libjxl/build/third_party/brotli/libbrotlidec.a $SRC/libjxl/build/third_party/brotli/libbrotlienc.a $SRC/libjxl/build/third_party/brotli/libbrotlicommon.a -lQt6Gui -lQt6Core -lQt6BundledLibpng -lQt6BundledHarfbuzz -lm -lQt6BundledPcre2 -ldl -lpthread $LIB_FUZZING_ENGINE /usr/local/lib/libzip.a /usr/local/lib/libz.a -lKF6Archive /usr/local/lib/libz.a /usr/local/lib/libraw.a /usr/local/lib/libOpenEXR-3_3.a /usr/local/lib/libIex-3_3.a /usr/local/lib/libImath-3_1.a /usr/local/lib/libIlmThread-3_3.a /usr/local/lib/libOpenEXRCore-3_3.a /usr/local/lib/libOpenEXRUtil-3_3.a /usr/local/lib/libopenjp2.a /usr/local/lib/libzstd.a $SRC/jxrlib/build/libjxrglue.a $SRC/jxrlib/build/libjpegxr.a -llzma /usr/local/lib/libbz2.a -lclang_rt.builtins
 
   # -lclang_rt.builtins in the previous line is a temporary workaround to avoid a linker error "undefined reference to __truncsfhf2". Investigate why this is needed here, but not anywhere else, and possibly remove it.
 

projects/kimageformats/kimgio_fuzzer.cc

@@ -20,7 +20,7 @@
   Usage:
     python infra/helper.py build_image kimageformats
     python infra/helper.py build_fuzzers --sanitizer undefined|address|memory kimageformats
-    python infra/helper.py run_fuzzer kimageformats kimgio_[ani|avif|dds|exr|hdr|heif|jxl|jxr|kra|ora|pcx|pfm|pic|psd|pxr|qoi|ras|raw|rgb|sct|tga|xcf]_fuzzer
+    python infra/helper.py run_fuzzer kimageformats kimgio_[ani|avif|dds|exr|hdr|heif|jp2|jxl|jxr|kra|ora|pcx|pfm|pic|psd|pxr|qoi|ras|raw|rgb|sct|tga|xcf]_fuzzer
 */
 
 
@@ -34,6 +34,7 @@
 #include "exr_p.h"
 #include "hdr_p.h"
 #include "heif_p.h"
+#include "jp2_p.h"
 #include "jxl_p.h"
 #include "jxr_p.h"
 #include "kra.h"

projects/starnix-netlink/cargo.toml/route

@@ -7,7 +7,7 @@ edition = "2018"
 anyhow = { path = "/src/fuchsia/third_party/rust_crates/vendor/anyhow-1.0.86" }
 bitflags = { path = "/src/fuchsia/third_party/rust_crates/vendor/bitflags-2.4.1" }
 byteorder = "1.5"
-libc = { path = "/src/fuchsia/third_party/rust_crates/vendor/libc-0.2.158" }
+libc = "0.2.158"
 log = { path = "/src/fuchsia/third_party/rust_crates/vendor/log-0.4.22", features = ["std"] }
 thiserror = { path = "/src/fuchsia/third_party/rust_crates/vendor/thiserror-1.0.57" }
 netlink_packet_core = { path = "../netlink_packet_core" }

projects/starnix-netlink/cargo.toml/sock_diag

@@ -7,7 +7,7 @@ edition = "2018"
 anyhow = { path = "/src/fuchsia/third_party/rust_crates/vendor/anyhow-1.0.86" }
 bitflags = { path = "/src/fuchsia/third_party/rust_crates/vendor/bitflags-2.4.1" }
 byteorder = "1.5"
-libc = { path = "/src/fuchsia/third_party/rust_crates/vendor/libc-0.2.158" }
+libc = "0.2.158"
 smallvec = { path = "/src/fuchsia/third_party/rust_crates/vendor/smallvec-1.13.1" }
 netlink_packet_core = { path = "../netlink_packet_core" }
 netlink_packet_utils = { path = "../netlink_packet_utils" }

projects/ttf-parser/Dockerfile

@@ -0,0 +1,24 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder-rust
+
+# Clone ttf-parser project
+RUN git clone https://github.com/RazrFalcon/ttf-parser ttf-parser
+WORKDIR $SRC/ttf-parser
+
+COPY build.sh $SRC/
+COPY fuzz $SRC/ttf-parser/fuzz

projects/ttf-parser/build.sh

@@ -0,0 +1,24 @@
+#!/bin/bash -eu
+#
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# Build fuzzers
+cargo fuzz build -O
+
+find $SRC/ttf-parser/fuzz/target/x86_64-unknown-linux-gnu/release -maxdepth 1 -name fuzz-* \
+    -type f -perm -u=x -exec cp {} $OUT \;
+

projects/ttf-parser/fuzz/.gitignore

@@ -0,0 +1,4 @@
+target
+corpus
+artifacts
+coverage

projects/ttf-parser/fuzz/Cargo.toml

@@ -0,0 +1,70 @@
+[package]
+name = "ttf-parser-fuzz"
+version = "0.0.0"
+publish = false
+edition = "2018"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = "0.4"
+serde = "1.0"
+serde_json = "1.0"
+ttf-parser = { path = "..", features = ["apple-layout"] }
+
+[[bin]]
+name = "fuzz-base"
+path = "fuzz_targets/fuzz-base.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "fuzz-aat"
+path = "fuzz_targets/fuzz-aat.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "fuzz-cpal"
+path = "fuzz_targets/fuzz-cpal.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "fuzz-table"
+path = "fuzz_targets/fuzz-table.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "fuzz-table-with-builder"
+path = "fuzz_targets/fuzz-table-with-builder.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "fuzz-glyph-index"
+path = "fuzz_targets/fuzz-glyph-index.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "fuzz-outline"
+path = "fuzz_targets/fuzz-outline.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "fuzz-variable-outline"
+path = "fuzz_targets/fuzz-variable-outline.rs"
+test = false
+doc = false
+bench = false

projects/ttf-parser/fuzz/fuzz_targets/fuzz-aat.rs

@@ -0,0 +1,109 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#![no_main]
+
+use libfuzzer_sys::fuzz_target;
+use std::num::NonZeroU16;
+use ttf_parser::{GlyphId, apple_layout::Lookup};
+
+fn u16_to_u8_vec(data: &[u16]) -> Vec<u8> {
+    let mut u8_data = Vec::with_capacity(data.len() * 2);
+    for &value in data {
+        u8_data.push((value >> 8) as u8);
+        u8_data.push(value as u8);
+    }
+    u8_data
+}
+
+fuzz_target!(|data: &[u8]| {
+    // Skip this iteration if data not enough
+    if data.len() < 4 {
+        return;
+    }
+
+    let (format_data, rest) = data.split_at(2);
+    let format = u16::from_be_bytes([format_data[0], format_data[1]]);
+
+    let random_u16 = |data: &[u8], idx: usize| -> Option<u16> {
+        if data.len() > idx + 1 {
+            Some(u16::from_be_bytes([data[idx], data[idx + 1]]))
+        } else {
+            None
+        }
+    };
+
+    let lookup_len = NonZeroU16::new(1).unwrap();
+
+    // Use valid fromat 0 2 4 6 8 10 for fuzzing chioce
+    match format {
+        0 => {
+            if let Some(value) = random_u16(rest, 0) {
+                let lookup_data = u16_to_u8_vec(&[0, value]);
+                if let Some(table) = Lookup::parse(lookup_len, &lookup_data) {
+                    let _ = table.value(GlyphId(0));
+                    let _ = table.value(GlyphId(1));
+                }
+            }
+        }
+        2 => {
+            if let Some(segment_size) = random_u16(rest, 2) {
+                let lookup_data = u16_to_u8_vec(&[2, segment_size, 1]);
+                if let Some(table) = Lookup::parse(lookup_len, &lookup_data) {
+                    let _ = table.value(GlyphId(118));
+                    let _ = table.value(GlyphId(5));
+                }
+            }
+        }
+        4 => {
+            if let Some(segment_size) = random_u16(rest, 2) {
+                let lookup_data = u16_to_u8_vec(&[4, segment_size, 1]);
+                if let Some(table) = Lookup::parse(lookup_len, &lookup_data) {
+                    let _ = table.value(GlyphId(118));
+                    let _ = table.value(GlyphId(7));
+                }
+            }
+        }
+        6 => {
+            if let Some(segment_size) = random_u16(rest, 2) {
+                let lookup_data = u16_to_u8_vec(&[6, segment_size]);
+                if let Some(table) = Lookup::parse(lookup_len, &lookup_data) {
+                    let _ = table.value(GlyphId(0));
+                    let _ = table.value(GlyphId(10));
+                }
+            }
+        }
+        8 => {
+            if let Some(glyph_count) = random_u16(rest, 2) {
+                let lookup_data = u16_to_u8_vec(&[8, 0, glyph_count]);
+                if let Some(table) = Lookup::parse(lookup_len, &lookup_data) {
+                    let _ = table.value(GlyphId(0));
+                    let _ = table.value(GlyphId(5));
+                }
+            }
+        }
+        10 => {
+            if let Some(value_size) = random_u16(rest, 2) {
+                let lookup_data = u16_to_u8_vec(&[10, value_size, 0]);
+                if let Some(table) = Lookup::parse(lookup_len, &lookup_data) {
+                    let _ = table.value(GlyphId(0));
+                    let _ = table.value(GlyphId(1));
+                }
+            }
+        }
+        _ => {
+          // Ignore invliad format of 1 3 5 7 9        
+        }
+    }
+});