CI: Add fuzzer jobs.

.gitlab-ci.yml

@@ -19,3 +19,4 @@ include:
   - local: .gitlab/ci/compilation-clang.gitlab-ci.yml
   - local: .gitlab/ci/alpinelinux.yml
   - local: .gitlab/ci/ubuntu-32bit.yml
+  - local: .gitlab/ci/cifuzz.yml

.gitlab/ci/cifuzz.yml

@@ -0,0 +1,46 @@
+cifuzz:
+  variables:
+    OSS_FUZZ_PROJECT_NAME: cryptsetup
+    CFL_PLATFORM: gitlab
+    CIFUZZ_DEBUG: "True"
+    FUZZ_SECONDS: 300 # 5 minutes per fuzzer
+    ARCHITECTURE: "x86_64"
+    DRY_RUN: "False"
+    LOW_DISK_SPACE: "True"
+    BAD_BUILD_CHECK: "True"
+    LANGUAGE: "c"
+    DOCKER_HOST: "tcp://docker:2375"
+    DOCKER_IN_DOCKER: "true"
+    DOCKER_DRIVER: overlay2
+    DOCKER_TLS_CERTDIR: ""
+  image:
+    name: gcr.io/oss-fuzz-base/cifuzz-base
+    entrypoint: [""]
+  services:
+    - docker:dind
+
+  stage: test
+  parallel:
+    matrix:
+      - SANITIZER: [address, undefined, memory]
+  rules:
+    # Default code change.
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+      variables:
+        MODE: "code-change"
+    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+      when: never
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+  before_script:
+    # Get gitlab's container id.
+    - export CFL_CONTAINER_ID=`cut -c9- < /proc/1/cpuset`
+  script:
+    # Will build and run the fuzzers.
+    # We use a hack to override CI_JOB_ID, because otherwise a bad path is used
+    # in GitLab CI environment
+    - CI_JOB_ID="$CI_PROJECT_NAMESPACE/$CI_PROJECT_TITLE" python3 "/opt/oss-fuzz/infra/cifuzz/cifuzz_combined_entrypoint.py"
+  artifacts:
+    # Upload artifacts when a crash makes the job fail.
+    when: always
+    paths:
+      - artifacts/

tests/fuzz/oss-fuzz-build.sh

@@ -27,9 +27,9 @@ flags="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAF
 
 export CFLAGS="${CFLAGS:-$flags} -I$DEPS_PATH/include"
 export CXXFLAGS="${CXXFLAGS:-$flags} -I$DEPS_PATH/include"
-export LDFLAGS="$LDFLAGS -L$DEPS_PATH/lib"
+export LDFLAGS="${LDFLAGS-} -L$DEPS_PATH/lib"
 
-ENABLED_FUZZERS="crypt2_load_fuzz crypt2_load_proto_plain_json_fuzz"
+ENABLED_FUZZERS=${ENABLED_FUZZERS:-crypt2_load_fuzz crypt2_load_proto_plain_json_fuzz}
 
 mkdir -p $SRC
 mkdir -p $OUT