From 4f300d672a8ef1820e68bc82833de4f5d4c0996e Mon Sep 17 00:00:00 2001 From: Uri Simchoni Date: Mon, 6 Sep 2021 22:55:55 +0300 Subject: fuzzing/oss-fuzz: strip RUNPATH from dependencies Strip all RUNPATH headers from all dependency shared objects that we copy to the fuzzing target, as those libraries aren't placed in their original place. Signed-off-by: Uri Simchoni Reviewed-by: Andrew Bartlett --- lib/fuzzing/oss-fuzz/do_build.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'lib/fuzzing') diff --git a/lib/fuzzing/oss-fuzz/do_build.sh b/lib/fuzzing/oss-fuzz/do_build.sh index b1e009a0577..e00e2251589 100755 --- a/lib/fuzzing/oss-fuzz/do_build.sh +++ b/lib/fuzzing/oss-fuzz/do_build.sh @@ -270,6 +270,20 @@ do done +# Strip RUNPATH: or RPATH: entries from shared libraries copied over to $OUT/lib. +# When those libraries get loaded and have further dependencies, a RUNPATH: header +# will cause the dynamic linker to search in the runpath, and not in $OUT/lib, +# and there's no way it will be found in the fuzzing env. +# +# So how is the indirect depedency found in $OUT/lib? Well, suppose the fuzzer binary +# links library A which links library B. During linking, both A and B as listed in the +# executable file's runtime dependencies (This was pioneered in Fedora 13 in 2010, but +# is common behavior now). So we have the fuzzer binary with RPATH set to $OUT/lib, and +# a dependency on library B, and it will therefor find library B in $OUT/lib. On the +# hand, if we keep the RUNPATH in library A, and load A first, it will try loading +# library B as a dependency of A from the wrong place. +chrpath -d $OUT/lib/* + # Grap the seeds dictionary from github and put the seed zips in place # beside their executables. -- cgit v1.2.1