Fuzzing: Add new fuzzer

[AdamKorcz]

This PR adds a fuzzer that creates a container with a randomized configuration and then calls State().

Furthermore a seed and a dictionary is added to help the fuzzer mutate relevant input data.

Lastly the OSS-fuzz build file has been updated to include this new fuzzer.

[AdamKorcz]

Failing build looks unrelated

[AkihiroSuda]

The fuzzer should be ensured to run FuzzStateApi() only with a valid JSON bytes. I'm not sure whether it is possible with go-fuzz, but without ensuring that, fuzzing is not really meaningful. (Assuming that json.Unmarshal is stable enough and not worth fuzzing.)

[AdamKorcz]

The fuzzer should be ensured to run FuzzStateApi() only with a valid JSON bytes.

You are right, and the fuzzer will take care of that. It will eventually start creating json to get a valid container.

The way the fuzzer creates the container allows it to be validated:

runc/libcontainer/factory_linux.go

Lines 192 to 198 in f973238

	l := &LinuxFactory{
	Root: root,
	InitPath: "/proc/self/exe",
	InitArgs: []string{os.Args[0], "init"},
	Validator: validate.New(),
	CriuPath: "criu",
	}

... and if the fuzzer does not generate a valid container, it will return and try over:

container, err := newContainer(root, config)
if err != nil {
	return 0
}

State() is therefore not called on invalid containers.

(Assuming that json.Unmarshal is stable enough and not worth fuzzing.)

json.Unmarshal is being fuzzed elsewhere continuously.

[AdamKorcz]

@AkihiroSuda Can you check what I wrote? It would be helpful to get this up and running on OSS-fuzz to see how it performs continuously. I will modify the fuzzer over the next couple of weeks, and getting feedback from OSS-fuzz helps tremendously in that process.

[AdamKorcz]

@AkihiroSuda Please check the updated version of the fuzzer. We have aborted using json to create the config and instead pass random values to the struct.

[AkihiroSuda]

Looks better, thanks

[AdamKorcz]

@kolyshkin Could you take a look at the failing centos test? It looks unrelated to the files in this PR.

[AdamKorcz]

@kolyshkin @AkihiroSuda How is this one looking now?

[AdamKorcz]

I ran the tests again, and this PR now passes

[AdamKorcz]

@AkihiroSuda @kolyshkin How is this one looking now?

[kolyshkin]

@AdamKorcz can you please fix the commit message? Now it merely says "Updated" which is not a good description of what the commit does.

[kolyshkin]

Also needs a rebase.

[kolyshkin]

LGTM

(but this will probably need a rebase after #2925 is merged)

[AdamKorcz]

@kolyshkin Can this be merged?

[caniszczyk]

it has branch conflicts now

but cc: @opencontainers/runc-maintainers

[AdamKorcz]

rebased

[cyphar]

LGTM.

[cyphar]

/ping @opencontainers/runc-maintainers