fuzzing/oss-fuzz: strip RUNPATH from dependencies

Strip all RUNPATH headers from all dependency shared objects that
we copy to the fuzzing target, as those libraries aren't placed
in their original place.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

1 files changed, 14 insertions, 0 deletions

diff --git a/lib/fuzzing/oss-fuzz/do_build.sh b/lib/fuzzing/oss-fuzz/do_build.sh
index b1e009a0577..e00e2251589 100755
--- a/lib/fuzzing/oss-fuzz/do_build.sh
+++ b/lib/fuzzing/oss-fuzz/do_build.sh
@@ -270,6 +270,20 @@ do
 
 done
 
+# Strip RUNPATH: or RPATH: entries from shared libraries copied over to $OUT/lib.
+# When those libraries get loaded and have further dependencies, a RUNPATH: header
+# will cause the dynamic linker to search in the runpath, and not in $OUT/lib,
+# and there's no way it will be found in the fuzzing env.
+#
+# So how is the indirect depedency found in $OUT/lib? Well, suppose the fuzzer binary
+# links library A which links library B. During linking, both A and B as listed in the
+# executable file's runtime dependencies (This was pioneered in Fedora 13 in 2010, but
+# is common behavior now). So we have the fuzzer binary with RPATH set to $OUT/lib, and
+# a dependency on library B, and it will therefor find library B in $OUT/lib. On the
+# hand, if we keep the RUNPATH in library A, and load A first, it will try loading
+# library B as a dependency of A from the wrong place.
+chrpath -d $OUT/lib/*
+
 # Grap the seeds dictionary from github and put the seed zips in place
 # beside their executables.