diff options
-rwxr-xr-x | lib/fuzzing/oss-fuzz/build_samba.sh | 120 | ||||
-rwxr-xr-x | lib/fuzzing/oss-fuzz/do_build.sh | 141 | ||||
-rwxr-xr-x | script/autobuild.py | 1 |
3 files changed, 143 insertions, 119 deletions
diff --git a/lib/fuzzing/oss-fuzz/build_samba.sh b/lib/fuzzing/oss-fuzz/build_samba.sh index 0ecfe172cd8..dc5387d33c3 100755 --- a/lib/fuzzing/oss-fuzz/build_samba.sh +++ b/lib/fuzzing/oss-fuzz/build_samba.sh @@ -11,11 +11,6 @@ # https://github.com/google/oss-fuzz/blob/master/projects/samba/build.sh # which does nothing else. # -# We have to push to oss-fuzz CFLAGS into the waf ADDITIONAL_CFLAGS -# as otherwise waf's configure fails linking the first test binary -# -# CFLAGS are supplied by the caller, eg the oss-fuzz compile command -# # Additional arguments are passed to configure, to allow this to be # tested in autobuild.py # @@ -26,116 +21,5 @@ set -e set -x set -u -# It is critical that this script, just as the rest of Samba's GitLab -# CI docker has LANG set to en_US.utf8 (oss-fuzz fails to set this) -. /etc/default/locale -export LANG -export LC_ALL - -ADDITIONAL_CFLAGS="$CFLAGS" -export ADDITIONAL_CFLAGS -CFLAGS="" -export CFLAGS -LD="$CXX" -export LD - -# Use the system Python, not the OSS-Fuzz provided statically linked -# and instrumented Python, because we can't statically link. - -PYTHON=/usr/bin/python3 -export PYTHON - -# $SANITIZER is provided by the oss-fuzz "compile" command -# -# We need to add the waf configure option as otherwise when we also -# get (eg) -fsanitize=address via the CFLAGS we will fail to link -# correctly - -case "$SANITIZER" in - address) - SANITIZER_ARG='--address-sanitizer' - ;; - undefined) - SANITIZER_ARG='--undefined-sanitizer' - ;; - coverage) - # Thankfully clang operating as ld has no objection to the - # cc style options, so we can just set ADDITIONAL_LDFLAGS - # to ensure the coverage build is done, despite waf splitting - # the compile and link phases. - ADDITIONAL_LDFLAGS="${ADDITIONAL_LDFLAGS:-} $COVERAGE_FLAGS" - export ADDITIONAL_LDFLAGS - - SANITIZER_ARG='' - ;; -esac - -# $LIB_FUZZING_ENGINE is provided by the oss-fuzz "compile" command -# - -./configure -C --without-gettext --enable-debug --enable-developer \ - --enable-libfuzzer \ - $SANITIZER_ARG \ - --disable-warnings-as-errors \ - --abi-check-disable \ - --fuzz-target-ldflags="$LIB_FUZZING_ENGINE" \ - --nonshared-binary=ALL \ - "$@" \ - LINK_CC="$CXX" - -make -j - -# Make a directory for the system shared libraries to be copied into -mkdir -p $OUT/lib - -# We can't static link to all the system libs with waf, so copy them -# to $OUT/lib and set the rpath to point there. This is similar to how -# firefox handles this. - -for x in bin/fuzz_* -do - # Copy any system libraries needed by this fuzzer to $OUT/lib. - - # We run ldd on $x, the fuzz_binary in bin/ which has not yet had - # the RPATH altered. This is clearer for debugging in local - # development builds as $OUT is not cleaned between runs. - # - # Otherwise trying to re-run this can see cp can fail with: - # cp: '/out/lib/libgcc_s.so.1' and '/out/lib/libgcc_s.so.1' are the same file - # which is really confusing! - - # The cut for ( and ' ' removes the special case references to: - # linux-vdso.so.1 => (0x00007ffe8f2b2000) - # /lib64/ld-linux-x86-64.so.2 (0x00007fc63ea6f000) - - ldd $x | cut -f 2 -d '>' | cut -f 1 -d \( | cut -f 2 -d ' ' | xargs -i cp \{\} $OUT/lib/ - - cp $x $OUT/ - bin=`basename $x` - - # Changing RPATH (not RUNPATH, but we can't tell here which was - # set) is critical, otherwise libraries used by libraries won't be - # found on the oss-fuzz target host. Sadly this is only possible - # with clang or ld.bfd on Ubuntu 16.04 (this script is only run on - # that). - # - # chrpath --convert only allows RPATH to be changed to RUNPATH, - # not the other way around, and we really don't want RUNPATH. - # - # This means the copied libraries are found on the runner - chrpath -r '$ORIGIN/lib' $OUT/$bin - - # Truncate the original binary to save space - echo -n > $x - -done - -# Grap the seeds dictionary from github and put the seed zips in place -# beside their executables. - -wget https://gitlab.com/samba-team/samba-fuzz-seeds/-/jobs/artifacts/master/download?job=zips \ - -O seeds.zip - -# We might not have unzip, but we do have python -$PYTHON -mzipfile -e seeds.zip $OUT -rm -f seeds.zip +$(dirname $0)/do_build.sh $@ +$(dirname $0)/check_build.sh $OUT diff --git a/lib/fuzzing/oss-fuzz/do_build.sh b/lib/fuzzing/oss-fuzz/do_build.sh new file mode 100755 index 00000000000..0f813df777a --- /dev/null +++ b/lib/fuzzing/oss-fuzz/do_build.sh @@ -0,0 +1,141 @@ +#!/bin/sh +# +# This is not a general-purpose build script, but instead one specific +# to the Google oss-fuzz compile environment. +# +# https://google.github.io/oss-fuzz/getting-started/new-project-guide/#Requirements +# +# https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-builder/README.md#provided-environment-variables +# +# This file is run by build_samba.sh, which is run by +# https://github.com/google/oss-fuzz/blob/master/projects/samba/build.sh +# which does nothing else. +# +# We have to push to oss-fuzz CFLAGS into the waf ADDITIONAL_CFLAGS +# as otherwise waf's configure fails linking the first test binary +# +# CFLAGS are supplied by the caller, eg the oss-fuzz compile command +# +# Additional arguments are passed to configure, to allow this to be +# tested in autobuild.py +# + +# Ensure we give good trace info, fail right away and fail with unset +# variables +set -e +set -x +set -u + +# It is critical that this script, just as the rest of Samba's GitLab +# CI docker has LANG set to en_US.utf8 (oss-fuzz fails to set this) +. /etc/default/locale +export LANG +export LC_ALL + +ADDITIONAL_CFLAGS="$CFLAGS" +export ADDITIONAL_CFLAGS +CFLAGS="" +export CFLAGS +LD="$CXX" +export LD + +# Use the system Python, not the OSS-Fuzz provided statically linked +# and instrumented Python, because we can't statically link. + +PYTHON=/usr/bin/python3 +export PYTHON + +# $SANITIZER is provided by the oss-fuzz "compile" command +# +# We need to add the waf configure option as otherwise when we also +# get (eg) -fsanitize=address via the CFLAGS we will fail to link +# correctly + +case "$SANITIZER" in + address) + SANITIZER_ARG='--address-sanitizer' + ;; + undefined) + SANITIZER_ARG='--undefined-sanitizer' + ;; + coverage) + # Thankfully clang operating as ld has no objection to the + # cc style options, so we can just set ADDITIONAL_LDFLAGS + # to ensure the coverage build is done, despite waf splitting + # the compile and link phases. + ADDITIONAL_LDFLAGS="${ADDITIONAL_LDFLAGS:-} $COVERAGE_FLAGS" + export ADDITIONAL_LDFLAGS + + SANITIZER_ARG='' + ;; +esac + +# $LIB_FUZZING_ENGINE is provided by the oss-fuzz "compile" command +# + +./configure -C --without-gettext --enable-debug --enable-developer \ + --enable-libfuzzer \ + $SANITIZER_ARG \ + --disable-warnings-as-errors \ + --abi-check-disable \ + --fuzz-target-ldflags="$LIB_FUZZING_ENGINE" \ + --nonshared-binary=ALL \ + "$@" \ + LINK_CC="$CXX" + +make -j + +# Make a directory for the system shared libraries to be copied into +mkdir -p $OUT/lib + +# We can't static link to all the system libs with waf, so copy them +# to $OUT/lib and set the rpath to point there. This is similar to how +# firefox handles this. + +for x in bin/fuzz_* +do + # Copy any system libraries needed by this fuzzer to $OUT/lib. + + # We run ldd on $x, the fuzz_binary in bin/ which has not yet had + # the RPATH altered. This is clearer for debugging in local + # development builds as $OUT is not cleaned between runs. + # + # Otherwise trying to re-run this can see cp can fail with: + # cp: '/out/lib/libgcc_s.so.1' and '/out/lib/libgcc_s.so.1' are the same file + # which is really confusing! + + # The cut for ( and ' ' removes the special case references to: + # linux-vdso.so.1 => (0x00007ffe8f2b2000) + # /lib64/ld-linux-x86-64.so.2 (0x00007fc63ea6f000) + + ldd $x | cut -f 2 -d '>' | cut -f 1 -d \( | cut -f 2 -d ' ' | xargs -i cp \{\} $OUT/lib/ + + cp $x $OUT/ + bin=`basename $x` + + # Changing RPATH (not RUNPATH, but we can't tell here which was + # set) is critical, otherwise libraries used by libraries won't be + # found on the oss-fuzz target host. Sadly this is only possible + # with clang or ld.bfd on Ubuntu 16.04 (this script is only run on + # that). + # + # chrpath --convert only allows RPATH to be changed to RUNPATH, + # not the other way around, and we really don't want RUNPATH. + # + # This means the copied libraries are found on the runner + chrpath -r '$ORIGIN/lib' $OUT/$bin + + # Truncate the original binary to save space + echo -n > $x + +done + +# Grap the seeds dictionary from github and put the seed zips in place +# beside their executables. + +wget https://gitlab.com/samba-team/samba-fuzz-seeds/-/jobs/artifacts/master/download?job=zips \ + -O seeds.zip + +# We might not have unzip, but we do have python +$PYTHON -mzipfile -e seeds.zip $OUT +rm -f seeds.zip diff --git a/script/autobuild.py b/script/autobuild.py index 00ed3a47022..24baa0fa9f2 100755 --- a/script/autobuild.py +++ b/script/autobuild.py @@ -652,7 +652,6 @@ tasks = { # build the fuzzers (static) via the oss-fuzz script ("fuzzers-mkdir-prefix", "mkdir -p ${PREFIX_DIR}"), ("fuzzers-build", "OUT=${PREFIX_DIR} LIB_FUZZING_ENGINE= SANITIZER=address CXX= CFLAGS= ADDITIONAL_LDFLAGS='-fuse-ld=bfd' ./lib/fuzzing/oss-fuzz/build_samba.sh --enable-afl"), - ("fuzzers-check", "./lib/fuzzing/oss-fuzz/check_build.sh ${PREFIX_DIR}") ], # * Test smbd and smbtorture can build semi-static |