1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
#!/bin/sh
#
# This is not a general-purpose build script, but instead one specific
# to the Google oss-fuzz compile environment.
#
# https://google.github.io/oss-fuzz/getting-started/new-project-guide/#Requirements
#
# https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-builder/README.md#provided-environment-variables
#
# This file is run by
# https://github.com/google/oss-fuzz/blob/master/projects/samba/build.sh
# which does nothing else.
#
# We have to push to oss-fuzz CFLAGS into the waf ADDITIONAL_CFLAGS
# as otherwise waf's configure fails linking the first test binary
#
# CFLAGS are supplied by the caller, eg the oss-fuzz compile command
#
# Additional arguments are passed to configure, to allow this to be
# tested in autobuild.py
#
# Ensure we give good trace info, fail right away and fail with unset
# variables
set -e
set -x
set -u
# It is critical that this script, just as the rest of Samba's GitLab
# CI docker has LANG set to en_US.utf8 (oss-fuzz fails to set this)
. /etc/default/locale
export LANG
export LC_ALL
ADDITIONAL_CFLAGS="$CFLAGS"
export ADDITIONAL_CFLAGS
CFLAGS=""
export CFLAGS
LD="$CXX"
export LD
# Use the system Python, not the OSS-Fuzz provided statically linked
# and instrumented Python, because we can't statically link.
PYTHON=/usr/bin/python3
export PYTHON
# $SANITIZER is provided by the oss-fuzz "compile" command
#
# We need to add the waf configure option as otherwise when we also
# get (eg) -fsanitize=address via the CFLAGS we will fail to link
# correctly
case "$SANITIZER" in
address)
SANITIZER_ARG='--address-sanitizer'
;;
undefined)
SANITIZER_ARG='--undefined-sanitizer'
;;
coverage)
# Thankfully clang operating as ld has no objection to the
# cc style options, so we can just set ADDITIONAL_LDFLAGS
# to ensure the coverage build is done, despite waf splitting
# the compile and link phases.
ADDITIONAL_LDFLAGS="${ADDITIONAL_LDFLAGS:-} $COVERAGE_FLAGS"
export ADDITIONAL_LDFLAGS
SANITIZER_ARG=''
;;
esac
# $LIB_FUZZING_ENGINE is provided by the oss-fuzz "compile" command
#
./configure -C --without-gettext --enable-debug --enable-developer \
--enable-libfuzzer \
$SANITIZER_ARG \
--disable-warnings-as-errors \
--abi-check-disable \
--fuzz-target-ldflags="$LIB_FUZZING_ENGINE" \
--nonshared-binary=ALL \
"$@" \
LINK_CC="$CXX"
make -j
# Make a directory for the system shared libraries to be copied into
mkdir -p $OUT/lib
# We can't static link to all the system libs with waf, so copy them
# to $OUT/lib and set the rpath to point there. This is similar to how
# firefox handles this.
for x in bin/fuzz_*
do
# Copy any system libraries needed by this fuzzer to $OUT/lib.
# We run ldd on $x, the fuzz_binary in bin/ which has not yet had
# the RPATH altered. This is clearer for debugging in local
# development builds as $OUT is not cleaned between runs.
#
# Otherwise trying to re-run this can see cp can fail with:
# cp: '/out/lib/libgcc_s.so.1' and '/out/lib/libgcc_s.so.1' are the same file
# which is really confusing!
# The cut for ( and ' ' removes the special case references to:
# linux-vdso.so.1 => (0x00007ffe8f2b2000)
# /lib64/ld-linux-x86-64.so.2 (0x00007fc63ea6f000)
ldd $x | cut -f 2 -d '>' | cut -f 1 -d \( | cut -f 2 -d ' ' | xargs -i cp \{\} $OUT/lib/
cp $x $OUT/
bin=`basename $x`
# Changing RPATH (not RUNPATH, but we can't tell here which was
# set) is critical, otherwise libraries used by libraries won't be
# found on the oss-fuzz target host. Sadly this is only possible
# with clang or ld.bfd on Ubuntu 16.04 (this script is only run on
# that).
#
# chrpath --convert only allows RPATH to be changed to RUNPATH,
# not the other way around, and we really don't want RUNPATH.
#
# This means the copied libraries are found on the runner
chrpath -r '$ORIGIN/lib' $OUT/$bin
# Truncate the original binary to save space
echo -n > $x
done
# Grap the seeds dictionary from github and put the seed zips in place
# beside their executables.
wget https://gitlab.com/samba-team/samba-fuzz-seeds/-/jobs/artifacts/master/download?job=zips \
-O seeds.zip
# We might not have unzip, but we do have python
$PYTHON -mzipfile -e seeds.zip $OUT
rm -f seeds.zip
|
