add cbor to the fuzzer, and fix a few issues it found #3486
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI-Sanitizers | |
on: | |
push: | |
branches-ignore: | |
- coverity_scan | |
- run-fuzzer** | |
- debug-fuzzer-** | |
pull_request: | |
env: | |
ASAN_OPTIONS: symbolize=1 detect_leaks=1 detect_stack_use_after_return=1 | |
LSAN_OPTIONS: fast_unwind_on_malloc=0:malloc_context_size=50 | |
UBSAN_OPTIONS: print_stacktrace=1 | |
M_PERTURB: "0x42" | |
PANIC_ACTION: "gdb -batch -x raddb/panic.gdb %e %p 1>&0 2>&0" | |
# Stops the utilities forking on every call to check if they're running under GDB/LLDB | |
DEBUGGER_ATTACHED: no | |
ANALYZE_C_DUMP: 1 | |
FR_GLOBAL_POOL: 4M | |
TEST_CERTS: yes | |
NO_PERFORMANCE_TESTS: yes | |
DO_BUILD: yes | |
HOSTAPD_BUILD_DIR: eapol_test.ci | |
HOSTAPD_GIT_TAG: hostap_2_11 | |
DEBIAN_FRONTEND: noninteractive | |
CI: 1 | |
GH_ACTIONS: 1 | |
jobs: | |
pre-ci: | |
runs-on: ubuntu-latest | |
# Map a step output to a job output | |
outputs: | |
should_skip: ${{ steps.skip_check.outputs.should_skip }} | |
steps: | |
- id: skip_check | |
uses: fkirc/skip-duplicate-actions@master | |
ci-sanitizers: | |
timeout-minutes: 150 | |
needs: pre-ci | |
if: ${{ needs.pre-ci.outputs.should_skip != 'true' }} | |
runs-on: ${{ matrix.os.runs_on }} | |
strategy: | |
fail-fast: false | |
matrix: | |
# runs_on - where GitHub will spin up the runner, either | |
# "self-hosted", or the name of a GitHub VM image | |
# e.g. ubuntu-20.04 or ubuntu-latest | |
# see: https://github.com/actions/runner-images | |
# code - the name/version of the OS (for step evaluations below) | |
# docker - the docker image name, if containers are being used | |
# name - used in the job name only | |
os: | |
- { runs_on: "ubuntu-24.04", code: "ubuntu2404", docker: "ubuntu:24.04", name: "gh-ubuntu24", imageos: "ubuntu24" } | |
env: | |
- { CC: clang, BUILD_CFLAGS: "-DWITH_EVAL_DEBUG", LIBS_OPTIONAL: no, LIBS_ALT: no, TEST_TYPE: fixtures, NAME: linux-clang-lean } | |
- { CC: clang, BUILD_CFLAGS: "-DWITH_EVAL_DEBUG", LIBS_OPTIONAL: yes, LIBS_ALT: no, TEST_TYPE: fixtures, NAME: linux-clang } | |
- { CC: clang, BUILD_CFLAGS: "-DWITH_EVAL_DEBUG -O2 -g3", LIBS_OPTIONAL: yes, LIBS_ALT: no, TEST_TYPE: fixtures, NAME: linux-clang-O2-g3 } | |
- { CC: clang, BUILD_CFLAGS: "-DNDEBUG", LIBS_OPTIONAL: yes, LIBS_ALT: no, TEST_TYPE: fixtures, NAME: linux-clang-ndebug } | |
- { CC: clang, BUILD_CFLAGS: "-DWITH_EVAL_DEBUG", LIBS_OPTIONAL: yes, LIBS_ALT: yes, TEST_TYPE: fixtures, NAME: linux-clang-altlibs } | |
env: ${{ matrix.env }} | |
# If branch protection is in place with status checks enabled, ensure | |
# names are updated if new matrix entries are added or the name format | |
# changes. | |
name: "master-${{ matrix.os.name }}-${{ matrix.env.NAME}}" | |
steps: | |
# Checkout, but defer pulling LFS objects until we've restored the cache | |
- uses: actions/checkout@v4 | |
with: | |
lfs: false | |
- name: Install build dependencies | |
uses: ./.github/actions/freeradius-deps | |
with: | |
use_docker: true | |
cc: ${{ matrix.env.CC }} | |
- name: Install alternative dependencies | |
if: ${{ matrix.env.LIBS_ALT == 'yes' }} | |
uses: ./.github/actions/freeradius-alt-deps | |
- name: Build FreeRADIUS | |
uses: ./.github/actions/build-freeradius | |
with: | |
use_sanitizers: true | |
cc: ${{ matrix.env.CC }} | |
test_type: ${{ matrix.env.TEST_TYPE }} | |
platform: ${{ matrix.os.imageos }} | |
- name: Run main CI tests | |
uses: ./.github/actions/ci-tests | |
if: ${{ matrix.env.TEST_TYPE == 'fixtures' }} | |
with: | |
use_docker: false | |
sql_mysql_test_server: 127.0.0.1 | |
sql_postgresql_test_server: 127.0.0.1 | |
redis_test_server: 127.0.0.1 | |
ldap_test_server: 127.0.0.1 | |
ldap_test_server_port: 3890 | |
ldaps_test_server_port: 6361 | |
ldap389_test_server: 127.0.0.1 | |
ldap389_test_server_port: 3892 | |
active_directory_test_server: 127.0.0.1 | |
rest_test_server: 127.0.0.1 | |
rest_test_port: 8080 | |
rest_test_ssl_port: 8443 | |
# | |
# If the CI has failed and the branch is ci-debug then we start a tmate | |
# session to provide interactive shell access to the session. | |
# | |
# The SSH rendezvous point will be emited continuously in the job output, | |
# which will look something like: | |
# | |
# SSH: ssh VfuX8SrNuU5pGPMyZcz7TpJTa@sfo2.tmate.io | |
# | |
# For example: | |
# | |
# git push origin ci-debug --force | |
# | |
# Look at the job output in: https://github.com/FreeRADIUS/freeradius-server/actions | |
# | |
# ssh VfuX8SrNuU5pGPMyZcz7TpJTa@sfo2.tmate.io | |
# | |
# Access requires that you have the private key corresponding to the | |
# public key of the GitHub user that initiated the job. | |
# | |
- name: "Debug: Start tmate" | |
uses: mxschmitt/action-tmate@v3 | |
with: | |
limit-access-to-actor: true | |
if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} | |