github: Also run UBSan with CIFuzz

author Tobias Brunner <tobias@strongswan.org>

Fri, 30 Jan 2026 14:06:14 +0000 (15:06 +0100)

committer Tobias Brunner <tobias@strongswan.org>

Wed, 4 Feb 2026 11:38:28 +0000 (12:38 +0100)
author Tobias Brunner <tobias@strongswan.org>
Fri, 30 Jan 2026 14:06:14 +0000 (15:06 +0100)
committer Tobias Brunner <tobias@strongswan.org>
Wed, 4 Feb 2026 11:38:28 +0000 (12:38 +0100)
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml

index 9e159e97ff2a3fcba6abd730bb1888df66153975..2857bb9b2edf5310a00050426ba274e7d56a233b 100644 (file)
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@@ -16,6 +16,10 @@ jobs:
      needs: pre-check
      if: ${{ needs.pre-check.outputs.should_skip != 'true' }}
      runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        sanitizer: [address, undefined]
      permissions:
        security-events: write
      steps:
@@ -25,6 +29,7 @@ jobs:
        with:
          oss-fuzz-project-name: 'strongswan'
          language: c
+        sanitizer: ${{ matrix.sanitizer }}
  
      - name: Run Fuzzers
        uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
@@ -32,12 +37,13 @@ jobs:
          oss-fuzz-project-name: 'strongswan'
          output-sarif: true
          language: c
+        sanitizer: ${{ matrix.sanitizer }}
  
      - name: Upload Crash
        uses: actions/upload-artifact@v4
        if: failure() && steps.build.outcome == 'success'
        with:
-        name: artifacts
+        name: ${{ matrix.sanitizer }}-artifacts
          path: ./out/artifacts
  
      - name: Upload Sarif
author	Tobias Brunner <tobias@strongswan.org>
	Fri, 30 Jan 2026 14:06:14 +0000 (15:06 +0100)
committer	Tobias Brunner <tobias@strongswan.org>
	Wed, 4 Feb 2026 11:38:28 +0000 (12:38 +0100)