1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-22 13:33:56 +03:00
systemd-stable/tools/oss-fuzz.sh

96 lines
3.1 KiB
Bash
Raw Normal View History

#!/usr/bin/env bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -ex
export LC_CTYPE=C.UTF-8
export CC=${CC:-clang}
export CXX=${CXX:-clang++}
clang_version="$($CC --version | sed -nr 's/.*version ([^ ]+?) .*/\1/p' | sed -r 's/-$//')"
SANITIZER=${SANITIZER:-address -fsanitize-address-use-after-scope}
flags="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=$SANITIZER"
clang_lib="/usr/lib64/clang/${clang_version}/lib/linux"
[ -d "$clang_lib" ] || clang_lib="/usr/lib/clang/${clang_version}/lib/linux"
export CFLAGS=${CFLAGS:-$flags}
export CXXFLAGS=${CXXFLAGS:-$flags}
export LDFLAGS=${LDFLAGS:--L${clang_lib}}
export WORK=${WORK:-$(pwd)}
export OUT=${OUT:-$(pwd)/out}
2021-09-29 22:28:55 +03:00
mkdir -p "$OUT"
2021-09-29 22:28:55 +03:00
build="$WORK/build"
rm -rf "$build"
mkdir -p "$build"
if [ -z "$FUZZING_ENGINE" ]; then
fuzzflag="llvm-fuzz=true"
else
fuzzflag="oss-fuzz=true"
apt-get update
apt-get install -y gperf m4 gettext python3-pip \
libcap-dev libmount-dev libkmod-dev \
pkg-config wget python3-jinja2
2021-12-27 02:26:56 +03:00
# gnu-efi is installed here to enable -Dgnu-efi behind which fuzz-bcd
# is hidden. It isn't linked against efi. It doesn't
# even include "efi.h" because "bcd.c" can work in "unit test" mode
# where it isn't necessary.
apt-get install -y gnu-efi zstd
pip3 install -r .github/workflows/requirements.txt --require-hashes
# https://github.com/google/oss-fuzz/issues/6868
ORIG_PYTHONPATH=$(python3 -c 'import sys;print(":".join(sys.path[1:]))')
export PYTHONPATH="$ORIG_PYTHONPATH:/usr/lib/python3/dist-packages/"
if [[ "$SANITIZER" == undefined ]]; then
2021-12-28 20:10:18 +03:00
additional_ubsan_checks=pointer-overflow,alignment
UBSAN_FLAGS="-fsanitize=$additional_ubsan_checks -fno-sanitize-recover=$additional_ubsan_checks"
CFLAGS="$CFLAGS $UBSAN_FLAGS"
CXXFLAGS="$CXXFLAGS $UBSAN_FLAGS"
fi
fi
2021-09-29 22:28:55 +03:00
if ! meson "$build" "-D$fuzzflag" -Db_lundef=false; then
cat "$build/meson-logs/meson-log.txt"
exit 1
fi
2021-09-29 22:28:55 +03:00
ninja -v -C "$build" fuzzers
2021-12-27 02:26:56 +03:00
# Compressed BCD files are kept in test/test-bcd so let's unpack them
# and put them all in the seed corpus.
bcd=$(mktemp -d)
for i in test/test-bcd/*.zst; do
unzstd "$i" -o "$bcd/$(basename "${i%.zst}")";
done
zip -jqr "$OUT/fuzz-bcd_seed_corpus.zip" "$bcd"
rm -rf "$bcd"
# The seed corpus is a separate flat archive for each fuzzer,
# with a fixed name ${fuzzer}_seed_corpus.zip.
for d in "$(dirname "$0")/../test/fuzz/fuzz-"*; do
2021-09-29 22:28:55 +03:00
zip -jqr "$OUT/$(basename "$d")_seed_corpus.zip" "$d"
2018-01-20 03:44:56 +03:00
done
# get fuzz-dns-packet corpus
2021-09-29 22:28:55 +03:00
df="$build/dns-fuzzing"
git clone --depth 1 https://github.com/CZ-NIC/dns-fuzzing "$df"
zip -jqr "$OUT/fuzz-dns-packet_seed_corpus.zip" "$df/packet"
meson: create new libsystemd-core.so private shared library The scheme is very similar to libsystemd-shared.so: instead of building a static library, we build a shared library from the same objects and link the two users to it. Both systemd and systemd-analyze consist mostly of the fairly big code in libcore, so we save a bit on the installation: (-0g, no strip) -rwxr-xr-x 5238864 Dec 14 12:52 /var/tmp/inst1/usr/lib/systemd/systemd -rwxr-xr-x 5399600 Dec 14 12:52 /var/tmp/inst1/usr/bin/systemd-analyze -rwxr-xr-x 244912 Dec 14 13:17 /var/tmp/inst2/usr/lib/systemd/systemd -rwxr-xr-x 461224 Dec 14 13:17 /var/tmp/inst2/usr/bin/systemd-analyze -rwxr-xr-x 5271568 Dec 14 13:17 /var/tmp/inst2/usr/lib/systemd/libsystemd-core-250.so (-0g, strip) -rwxr-xr-x 2522080 Dec 14 13:19 /var/tmp/inst1/usr/lib/systemd/systemd -rwxr-xr-x 2604160 Dec 14 13:19 /var/tmp/inst1/usr/bin/systemd-analyze -rwxr-xr-x 113304 Dec 14 13:19 /var/tmp/inst2/usr/lib/systemd/systemd -rwxr-xr-x 207656 Dec 14 13:19 /var/tmp/inst2/usr/bin/systemd-analyze -rwxr-xr-x 2648520 Dec 14 13:19 /var/tmp/inst2/usr/lib/systemd/libsystemd-core-250.so So for systemd itself we grow a bit (2522080 → 2648520+113304=2761824), but overall we save. The most is saved on all the test files that link to libcore, if they are installed, because there's 15 of them: $ du -s /var/tmp/inst? 220096 /var/tmp/inst1 122960 /var/tmp/inst2 I also considered making systemd-analyze a symlink to /usr/lib/systemd/systemd and turning systemd into a multicall binary. We did something like this with udevd and udevadm. But that solution doesn't fit well in this case. systemd-analyze has a bunch of functionality that is not used in systemd, so the systemd binary would need to grow quite a bit. And we're likely to add new types of verification or introspection features in analyze, and this baggage would only grow. In addition, there are the test binaries which also benefit from this.
2021-12-14 15:20:28 +03:00
install -Dt "$OUT/src/shared/" \
"$build"/src/shared/libsystemd-shared-*.so \
"$build"/src/core/libsystemd-core-*.so
2021-09-29 22:28:55 +03:00
wget -O "$OUT/fuzz-json.dict" https://raw.githubusercontent.com/rc0r/afl-fuzz/master/dictionaries/json.dict
2021-09-29 22:28:55 +03:00
find "$build" -maxdepth 1 -type f -executable -name "fuzz-*" -exec mv {} "$OUT" \;
find src -type f -name "fuzz-*.dict" -exec cp {} "$OUT" \;
cp src/fuzz/*.options "$OUT"