Add fuzzing for WSLC

[florelis]

Summary of the Pull Request

Introduce libFuzzer/ASAN-based fuzzing for WSLC, run continuously via OneFuzz in the nightly pipeline. Adds three harnesses covering the CLI argument parser, the C SDK API, and the WinRT API.

Fully vibe-coded with Copilot 🤖

PR Checklist

• Closes: Link to issue #xxx
• Communication: I've discussed this with core contributors already. If work hasn't been agreed, this work might be rejected
• Tests: Added/updated if needed and all pass
• Localization: All end user facing strings can be localized
• Dev docs: Added/updated if needed
• Documentation updated: If checked, please file a pull request on our docs repo and link it here: #xxx

Detailed Description of the Pull Request / Additional comments

Harnesses (src/windows/fuzzing/):

• WslcCliArgumentFuzzing: exercises ParseArgumentsStateMachine
• WslcSdkFuzzing: exercises the C SDK session/container flow
• WslcWinRtFuzzing: same, but using the WinRT projection
• FuzzingHarness.h: shared FuzzInput reader plus a replay main (gated on WSL_ENABLE_FUZZING_REPLAY) for reproducing crashes locally
• generate-seeds.ps1: deterministic seed corpus generator, used for local replay; SDK and WinRT share the same binary format
• OneFuzzConfig.json.in, setup.ps1: OneFuzz config and VM setup

Build (WSL_BUILD_FUZZING):

• Compiles the tree with /fsanitize=address so the service and SDK data paths are instrumented; harness targets add /fsanitize=fuzzer
• Drops /guard:cf, /Qspectre, /CETCOMPAT (incompatible with ASAN)
• wslinstall is an MSI custom action that can't easily load the ASAN runtime at install time. It isn't fuzzed, so build it without ASAN.
• Resolves clang_rt.asan_dynamic next to the compiler and ships it into INSTALLDIR so instrumented binaries can load the runtime; the path is also exported as a pipeline variable to stage next to the harnesses.

Pipeline (.pipelines/fuzzing-stage.yml): builds the harnesses and MSI, stages the shared runtime, and submits each target to OneFuzz. Seeding is left unwired for now (libFuzzer starts from an empty corpus); a SeedCorpusContainer can be added later.

Local dev notes added to README.md and UserConfig.cmake.sample.

Validation Steps Performed

Executed the nightly pipeline with the changes. The fuzzers are running; no issues found so far.

[Copilot]

Pull request overview

This PR introduces an ASAN + libFuzzer-based fuzzing setup for WSLC (CLI parser + SDK C API + WinRT API) and wires it into the nightly OneBranch pipeline via OneFuzz, including build-system switches and staged runtime dependencies.

Changes:

• Adds three fuzzing harness executables plus shared harness utilities, OneFuzz config templates, and VM setup/seeding scripts under src/windows/fuzzing/.
• Adds WSL_BUILD_FUZZING (and replay mode) build plumbing, including ASAN runtime discovery and packaging/staging support.
• Adds a new nightly pipeline stage that builds/stages fuzzing artifacts and submits tasks to OneFuzz.

Reviewed changes

Copilot reviewed 19 out of 19 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
UserConfig.cmake.sample	Documents new fuzzing build toggles for local developers.
src/windows/wslinstall/CMakeLists.txt	Builds wslinstall without ASAN in fuzzing builds and links against a non-instrumented common lib.
src/windows/wslc/CMakeLists.txt	Refactors wslc build to keep Main.cpp out of wslclib so harnesses can link without pulling in main.
src/windows/fuzzing/WslcWinRtFuzzing.cpp	New WinRT-based fuzzing harness for session/container flows.
src/windows/fuzzing/WslcSdkFuzzing.cpp	New C SDK fuzzing harness for session/container flows.
src/windows/fuzzing/WslcCliArgumentFuzzing.cpp	New CLI argument parser fuzzing harness for ParseArgumentsStateMachine.
src/windows/fuzzing/setup.ps1	OneFuzz VM setup script to enable Hyper-V/WSL and install the MSI.
src/windows/fuzzing/README.md	Developer documentation for building/running harnesses and OneFuzz integration.
src/windows/fuzzing/OneFuzzConfigEntry.json.in	Template for OneFuzz job entries per harness.
src/windows/fuzzing/OneFuzzConfig.json.in	Template for the top-level OneFuzz config file.
src/windows/fuzzing/generate-seeds.ps1	Deterministic seed corpus generator for local replay / future seeding.
src/windows/fuzzing/FuzzingHarness.h	Shared fuzz input reader + optional standalone replay main().
src/windows/fuzzing/CMakeLists.txt	Adds fuzzing harness build targets and generates/stages OneFuzz config/artifacts.
src/windows/common/CMakeLists.txt	Factors common library creation to allow an ASAN and non-ASAN variant.
msipackage/package.wix.in	Conditionally includes ASAN runtime DLL in the MSI for fuzzing builds.
msipackage/CMakeLists.txt	Ensures ASAN runtime is treated as a packaging dependency for fuzzing builds.
CMakeLists.txt	Adds WSL_BUILD_FUZZING wiring, ASAN flags, runtime discovery, and fuzzing subdirectory inclusion.
.pipelines/wsl-build-nightly-onebranch.yml	Adds the fuzzing stage to the nightly pipeline.
.pipelines/fuzzing-stage.yml	New pipeline stage to build/stage harnesses + MSI and submit to OneFuzz.