Fuzzing Coverage Expansion

[viktoriia-lsg]

This pull requests expands fuzzing coverage for OSS-fuzz by adding 4 more fuzz test files and 5 corpora files. All fuzz tests are written in native go fuzzing style. Corpora files are compatible with OSS-fuzz format.

[klauspost]

Please see #289 for reference.

A) I would like to move seed files off-repo, since it is making the repo too large. I have an old repo that was used for the old fuzz tests, but can be repurposed for this.

B) I do not want to end up like with #289 - where a third party controls scripts that I cannot modify freely. This means I have been unable to modify/add my fuzz tests for half a year now. I have asked @AdamKorcz for assistance in this, but no response. If I am not in control of the setup, I will not accept this.

Needless to say I am not very happy about the current setup and would like that fixed as a primary thing, which TBH is more important than adding coverage.

If you need assistance in making CI pass, let me know.

[viktoriia-lsg]

Regarding fuzzing setup:
A) I think it can be done easily. I just need to rewrite configuration file for it to take files from the github repository. So it's not a problem.
B) As the configuration file (build.sh) is located on oss-fuzz repo, I still need to make PR to update it. To satisfy your needs, we can change build.sh to the following format, so the oss-fuzz will take build script from your repo:

$SRC/compress/ossfuzz.sh

Does it make sense?

[klauspost]

Seems a file is missing:

--- FAIL: FuzzEncoder (0.00s)
    helpers.go:36: open testdata/fuzz/block-corpus-raw.zip: no such file or directory
FAIL

[viktoriia-lsg]

Thanks! I've added a missing file and slightly changed a path to it.

[klauspost]

Run diff <(gofmt -d .) <(printf "")
1,13d0
< diff fse/fuzz_test.go.orig fse/fuzz_test.go
< --- fse/fuzz_test.go.orig
< +++ fse/fuzz_test.go
< @@ -3,[8](https://github.com/klauspost/compress/actions/runs/6313933219/job/17143098604?pr=866#step:4:9) +3,8 @@
<  import (
<  	"bytes"
<  	"fmt"
< -	"testing"
<  	"github.com/klauspost/compress/internal/fuzz"
< +	"testing"
<  )
<

[viktoriia-lsg]

1. Does it mean that fse/fuzz_test.go needs a newline after "testing" package?
2. Regarding s2_fuzz_test.go file, is everything fine, so I can merge it with s2/fuzz_test.go? Fuzzing Coverage Expansion #866 (comment)
3. What do you think about this setup? Fuzzing Coverage Expansion #866 (comment)

[klauspost]

1. Does it mean that fse/fuzz_test.go needs a newline after "testing" package?

Imports are always sorted.

2. Regarding s2_fuzz_test.go file, is everything fine, so I can merge it with s2/fuzz_test.go? Fuzzing Coverage Expansion #866 (comment)

Yes, please do that.

3. What do you think about this setup? Fuzzing Coverage Expansion #866 (comment)

Sounds like a reasonable approach.

[viktoriia-lsg]

Alright, we started working on it.

[viktoriia-lsg]

Hi @klauspost! We've made changes as discussed earlier. We've also opened a pull request to compress-fuzz with seed corpuses klauspost/compress-fuzz#2.

Please let us know, if we need to change anything.

[klauspost]

Thanks! I will run the tests and give it a final review.

[klauspost]

Just one change and a question.

[viktoriia-lsg]

I have edited ossfuzz.sh file and decreased the seed corpus in size.

[klauspost]

Looks good!

[viktoriia-lsg]

Thanks! Please also review klauspost/compress-fuzz#2 , so I can make a PR to oss-fuzz in order to start fuzzing.

[klauspost]

Thanks! Please also review klauspost/compress-fuzz#2 , so I can make a PR to oss-fuzz in order to start fuzzing.

Ah. Somehow I missed that. Will take a look - probably tomorrow.