Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wasmi: initial integration #12665

Merged
merged 17 commits into from
Jan 10, 2025
Merged

wasmi: initial integration #12665

merged 17 commits into from
Jan 10, 2025

Conversation

Robbepop
Copy link
Contributor

@Robbepop Robbepop commented Oct 30, 2024
edited
Loading

This proposes to add the Wasmi project to OSS-fuzz.

Wasmi is an efficient WebAssembly interpreter especially suited for embedded environments similar to Wasm3.
It has over 7M downloads on crates.io, a Rust and C API, and is used as security critical component in several big projects, especially in the blockchain industry. Recently Wasmi has been added as backend by the Wasmer project which is also registered in OSS-fuzz.

2 audits have been conducted for Wasmi so far which (amongst others) concluded that Wasmi ideally should be registered to the OSS-fuzz project if possible.

Unfortunately I could not test the Dockerfile and shell script locally due to this issue: #10967

This adds the 3 fuzzing targets provided by the Wasmi project, translate, execute and differential.
The setup is very simple since it mostly uses the recommended cargo-fuzz.

@github-actions GitHub Actions
Copy link

Robbepop is integrating a new project:
- Main repo: https://github.com/wasmi-labs/wasmi
- Criticality score: 0.58153

@Robbepop Robbepop changed the title Add Wasmi project wasmi: initial integration Oct 30, 2024
@Robbepop Robbepop force-pushed the rf-add-wasmi-project branch from a68d92e to e9a4301 Compare November 5, 2024 19:38
@Robbepop Robbepop force-pushed the rf-add-wasmi-project branch from e9a4301 to 8d4db71 Compare November 5, 2024 19:40
@Robbepop

This comment was marked as resolved.

Sign in to view
@Robbepop

This comment was marked as resolved.

Sign in to view
@oliverchang
Copy link
Collaborator

oliverchang commented Nov 18, 2024
edited
Loading

Thank you for working on this.

Our instructions for testing locally are here: https://google.github.io/oss-fuzz/getting-started/new-project-guide/#testing-locally.

In this case, it looks like the failure is in the coverage sanitizer, so you'd likely be able to reproduce by running python3 infra/helper.py build_fuzzers --sanitizer coverage wasmi

@Robbepop

This comment was marked as resolved.

Sign in to view
@Robbepop

This comment was marked as resolved.

Sign in to view
vitorguidi
vitorguidi approved these changes Jan 10, 2025
View reviewed changes
Copy link
Contributor

@vitorguidi vitorguidi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@vitorguidi vitorguidi merged commit 1a0c648 into google:master Jan 10, 2025
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vitorguidi vitorguidi vitorguidi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Robbepop @oliverchang @vitorguidi