oss-fuzz icon indicating copy to clipboard operation
oss-fuzz copied to clipboard
verified publisher icon google

[setuptools] Fix Broken Build & Improve Fuzz Harness

Open DaveLak opened this issue 1 year ago • 2 comments

Fixes Issue 68958: setuptools: Fuzzing Build Failure

Fixes the setuptools fuzzer builds that have been broken since May 12, 2024.

Key Changes

  • Pyinstaller Upgrade: Updated Pyinstaller to version 3.10.0, which is the minimum version supporting setuptools >= 71.0.0. This upgrade addresses the new dependency vendoring approach in setuptools. For more details, refer to the setuptools history.

  • Tomli Import Fix: Replaced the tomli import from setuptools.extern with a direct import. This change resolves the ModuleNotFoundError: No module named 'setuptools.extern' exception. Using setuptools.extern for imports is discouraged, as noted in pypa/setuptools#4498.

Additional Improvements

  • Dictionary Addition: Added a dictionary for setuptools fuzz harnesses.

  • Fuzzer Optimization: Improved fuzzer cold-start time by using atheris.instrument_imports instead of atheris.instrument_all. For additional details on other minor changes, see commit e01e5aeb3da0e55cec36887f5adda32b97dc2256.

  • Docker Image Enhancement: Cached the cloned dependency during the Docker image build step.

DaveLak avatar Aug 13 '24 11:08 DaveLak

DaveLak is a new contributor to projects/setuptools. The PR must be approved by known contributors before it can be merged.

github-actions[bot] avatar Aug 13 '24 11:08 github-actions[bot]

@DavidKorczynski Could you please help double-check this? Thank you : )

DonggeLiu avatar Aug 27 '24 02:08 DonggeLiu

Gentle ping @DavidKorczynski, thanks!

DonggeLiu avatar Oct 01 '24 08:10 DonggeLiu

I'll take a look at this in detail tomorrow!

DavidKorczynski avatar Oct 02 '24 22:10 DavidKorczynski