diff options
author | Andrew Bartlett <abartlet@samba.org> | 2020-10-22 15:39:50 +1300 |
---|---|---|
committer | Douglas Bagnall <dbagnall@samba.org> | 2020-10-22 14:10:04 +0000 |
commit | c03a265030fefb1652469ff98a8b895b8f61b771 (patch) | |
tree | 61ec767c9df21fbe4783025c8cdba7da34409163 /lib/fuzzing | |
parent | 048725080b608d0d714f133a15e09dda6b6dd8ca (diff) | |
download | samba-c03a265030fefb1652469ff98a8b895b8f61b771.tar.gz |
oss-fuzz: standardise on RPATH for the static-ish binaries
This includes a revert of commit e60df214998afc145ca482cab184691b3ddc3bb2.
We strictly require RPATH, not the modern RUNPATH for the behaviour
we need in oss-fuzz, which is that not just the first line of dependencies
but the full set of libraries used by the program are looked for in the
'$ORIGIN/lib' directory.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Oct 22 14:10:04 UTC 2020 on sn-devel-184
Diffstat (limited to 'lib/fuzzing')
-rwxr-xr-x | lib/fuzzing/oss-fuzz/build_samba.sh | 21 | ||||
-rwxr-xr-x | lib/fuzzing/oss-fuzz/check_build.sh | 13 |
2 files changed, 20 insertions, 14 deletions
diff --git a/lib/fuzzing/oss-fuzz/build_samba.sh b/lib/fuzzing/oss-fuzz/build_samba.sh index c9a5162f801..28c37a793cc 100755 --- a/lib/fuzzing/oss-fuzz/build_samba.sh +++ b/lib/fuzzing/oss-fuzz/build_samba.sh @@ -63,7 +63,7 @@ case "$SANITIZER" in # cc style options, so we can just set ADDITIONAL_LDFLAGS # to ensure the coverage build is done, despite waf splitting # the compile and link phases. - ADDITIONAL_LDFLAGS="$COVERAGE_FLAGS" + ADDITIONAL_LDFLAGS="${ADDITIONAL_LDFLAGS:-} $COVERAGE_FLAGS" export ADDITIONAL_LDFLAGS SANITIZER_ARG='' @@ -113,19 +113,16 @@ do cp $x $OUT/ bin=`basename $x` - # Change any RPATH to RUNPATH. + # Changing RPATH (not RUNPATH, but we can't tell here which was + # set) is critical, otherwise libraries used by libraries won't be + # found on the oss-fuzz target host. Sadly this is only possible + # with clang or ld.bfd on Ubuntu 16.04 (this script is only run on + # that). # - # We use ld.bfd for the coverage builds, rather than the faster ld.gold. + # chrpath --convert only allows RPATH to be changed to RUNPATH, + # not the other way around, and we really don't want RUNPATH. # - # On Ubuntu 16.04, used for the oss-fuzz build, when linking with - # ld.bfd the binaries get a RPATH, but builds in Ubuntu 18.04 - # ld.bfd and those using ld.gold get a RUNPATH. - # - # Just convert them all to RUNPATH to make the check_build.sh test - # easier. - chrpath -c $OUT/$bin - # Change RUNPATH so that the copied libraries are found on the - # runner + # This means the copied libraries are found on the runner chrpath -r '$ORIGIN/lib' $OUT/$bin # Truncate the original binary to save space diff --git a/lib/fuzzing/oss-fuzz/check_build.sh b/lib/fuzzing/oss-fuzz/check_build.sh index b971d2c1bb0..501c2c813fc 100755 --- a/lib/fuzzing/oss-fuzz/check_build.sh +++ b/lib/fuzzing/oss-fuzz/check_build.sh @@ -23,12 +23,21 @@ do continue fi # Confirm that the chrpath was reset to lib/ in the same directory - # as the binary - chrpath -l $bin | grep 'RUNPATH=$ORIGIN/lib' + # as the binary. RPATH (not RUNPATH) is critical, otherwise + # libraries used by libraries won't be found on the oss-fuzz + # target host, but is only possible with clang or ld.bfd on Ubuntu + # 16.04 (this script is only run on that). + chrpath -l $bin | grep 'RPATH=$ORIGIN/lib' # Confirm that we link to at least some libraries in this # directory (shows that the libraries were found and copied). ldd $bin | grep "$OUT/lib" + num_libs=$(ldd $bin | grep -v ld-linux | grep -v linux-vdso | grep -v "$OUT/lib"| wc -l) + + if [ 0$num_libs -ne 0 ]; then + echo "some libraries not linked to $ORIGIN/lib, oss-fuzz will fail!" + exit 1 + fi if [ -f ${bin}_seed_corpus.zip ]; then seeds_found=yes |