systemd/tools/oss-fuzz.sh

#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1+

set -ex

export LC_CTYPE=C.UTF-8

export CC=${CC:-clang}
export CXX=${CXX:-clang++}
clang_version="$($CC --version | sed -nr 's/.*version ([^ ]+?) .*/\1/p' | sed -r 's/-$//')"

SANITIZER=${SANITIZER:-address -fsanitize-address-use-after-scope}
flags="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=$SANITIZER -fsanitize-coverage=trace-pc-guard,trace-cmp"

clang_lib="/usr/lib64/clang/${clang_version}/lib/linux"
[ -d "$clang_lib" ] || clang_lib="/usr/lib/clang/${clang_version}/lib/linux"

export CFLAGS=${CFLAGS:-$flags}
export CXXFLAGS=${CXXFLAGS:-$flags}
export LDFLAGS=${LDFLAGS:--L${clang_lib}}

export WORK=${WORK:-$(pwd)}
export OUT=${OUT:-$(pwd)/out}
mkdir -p $OUT

build=$WORK/build
rm -rf $build
mkdir -p $build

fuzzflag="oss-fuzz=true"
if [ -z "$FUZZING_ENGINE" ]; then
        fuzzflag="llvm-fuzz=true"
fi

meson $build -D$fuzzflag -Db_lundef=false
ninja -C $build fuzzers

# The seed corpus is a separate flat archive for each fuzzer,
# with a fixed name ${fuzzer}_seed_corpus.zip.
for d in "$(dirname "$0")/../test/fuzz/fuzz-"*; do
        zip -jqr $OUT/$(basename "$d")_seed_corpus.zip "$d"
done

# get fuzz-dns-packet corpus
df=$build/dns-fuzzing
git clone --depth 1 https://github.com/CZ-NIC/dns-fuzzing $df
zip -jqr $OUT/fuzz-dns-packet_seed_corpus.zip $df/packet

install -Dt $OUT/src/shared/ $build/src/shared/libsystemd-shared-*.so

wget -O $OUT/fuzz-json_seed_corpus.zip https://storage.googleapis.com/skia-fuzzer/oss-fuzz/skjson_seed_corpus.zip
wget -O $OUT/fuzz-json.dict https://raw.githubusercontent.com/rc0r/afl-fuzz/master/dictionaries/json.dict

find $build -maxdepth 1 -type f -executable -name "fuzz-*" -exec mv {} $OUT \;
find src -type f -name "fuzz-*.dict" -exec cp {} $OUT \;
cp src/fuzz/*.options $OUT
fuzz: add initial fuzzing infrastructure The fuzzers will be used by oss-fuzz to automatically and continuously fuzz systemd. This commit includes the build tooling necessary to build fuzz targets, and a fuzzer for the DNS packet parser. 2018-01-14 03:51:07 +03:00			`#!/bin/bash`
			`# SPDX-License-Identifier: LGPL-2.1+`

			`set -ex`

			`export LC_CTYPE=C.UTF-8`

tools/oss-fuzz: add clang library dir using -L I have no idea why clang doesn't do this on its own, and why clang makes it so hard to query this path (-dumpversion returns something unrelated...). I know this is an ugly hack, but this is a very specialized script, so it should be OK to make it a bit hacky. Tested to work on Fedora (27) and Debian (unstable). Fixes #8428. 2018-03-12 17:59:10 +03:00			`export CC=${CC:-clang}`
			`export CXX=${CXX:-clang++}`
			`clang_version="$($CC --version \| sed -nr 's/.version ([^ ]+?) ./\1/p' \| sed -r 's/-$//')"`

fuzz: allow building fuzzers outside of oss-fuzz Add a new -Dllvm-fuzz=true option that can be used to build against libFuzzer and update the oss-fuzz script to work outside of the oss-fuzz build environment. 2018-01-16 18:25:43 +03:00			`SANITIZER=${SANITIZER:-address -fsanitize-address-use-after-scope}`
			`flags="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=$SANITIZER -fsanitize-coverage=trace-pc-guard,trace-cmp"`

tools/oss-fuzz: add clang library dir using -L I have no idea why clang doesn't do this on its own, and why clang makes it so hard to query this path (-dumpversion returns something unrelated...). I know this is an ugly hack, but this is a very specialized script, so it should be OK to make it a bit hacky. Tested to work on Fedora (27) and Debian (unstable). Fixes #8428. 2018-03-12 17:59:10 +03:00			`clang_lib="/usr/lib64/clang/${clang_version}/lib/linux"`
			`[ -d "$clang_lib" ] \|\| clang_lib="/usr/lib/clang/${clang_version}/lib/linux"`

fuzz: allow building fuzzers outside of oss-fuzz Add a new -Dllvm-fuzz=true option that can be used to build against libFuzzer and update the oss-fuzz script to work outside of the oss-fuzz build environment. 2018-01-16 18:25:43 +03:00			`export CFLAGS=${CFLAGS:-$flags}`
			`export CXXFLAGS=${CXXFLAGS:-$flags}`
tools/oss-fuzz: add clang library dir using -L I have no idea why clang doesn't do this on its own, and why clang makes it so hard to query this path (-dumpversion returns something unrelated...). I know this is an ugly hack, but this is a very specialized script, so it should be OK to make it a bit hacky. Tested to work on Fedora (27) and Debian (unstable). Fixes #8428. 2018-03-12 17:59:10 +03:00			`export LDFLAGS=${LDFLAGS:--L${clang_lib}}`

fuzz: allow building fuzzers outside of oss-fuzz Add a new -Dllvm-fuzz=true option that can be used to build against libFuzzer and update the oss-fuzz script to work outside of the oss-fuzz build environment. 2018-01-16 18:25:43 +03:00			`export WORK=${WORK:-$(pwd)}`
			`export OUT=${OUT:-$(pwd)/out}`
			`mkdir -p $OUT`

fuzz: rebuild everything during each oss-fuzz build This avoids failures while using the oss-fuzz local testing infrastructure. 2018-01-16 16:36:56 +03:00			`build=$WORK/build`
			`rm -rf $build`
			`mkdir -p $build`

fuzz: allow building fuzzers outside of oss-fuzz Add a new -Dllvm-fuzz=true option that can be used to build against libFuzzer and update the oss-fuzz script to work outside of the oss-fuzz build environment. 2018-01-16 18:25:43 +03:00			`fuzzflag="oss-fuzz=true"`
			`if [ -z "$FUZZING_ENGINE" ]; then`
			`fuzzflag="llvm-fuzz=true"`
			`fi`

			`meson $build -D$fuzzflag -Db_lundef=false`
fuzz: rebuild everything during each oss-fuzz build This avoids failures while using the oss-fuzz local testing infrastructure. 2018-01-16 16:36:56 +03:00			`ninja -C $build fuzzers`
fuzz: add initial fuzzing infrastructure The fuzzers will be used by oss-fuzz to automatically and continuously fuzz systemd. This commit includes the build tooling necessary to build fuzz targets, and a fuzzer for the DNS packet parser. 2018-01-14 03:51:07 +03:00
fuzz: rename "fuzz-corpus" directory to just "fuzz" Also, all corpus subdirectories are named exactly the same as the fuzzer they are for. This makes the paths a bit longer, but easier. 2018-07-07 18:43:40 +03:00			`# The seed corpus is a separate flat archive for each fuzzer,`
			`# with a fixed name ${fuzzer}_seed_corpus.zip.`
			`for d in "$(dirname "$0")/../test/fuzz/fuzz-"*; do`
			`zip -jqr $OUT/$(basename "$d")_seed_corpus.zip "$d"`
fuzz: add DHCP server fuzzer 2018-01-20 03:44:56 +03:00			`done`

			`# get fuzz-dns-packet corpus`
fuzz: rebuild everything during each oss-fuzz build This avoids failures while using the oss-fuzz local testing infrastructure. 2018-01-16 16:36:56 +03:00			`df=$build/dns-fuzzing`
fuzz: add initial fuzzing infrastructure The fuzzers will be used by oss-fuzz to automatically and continuously fuzz systemd. This commit includes the build tooling necessary to build fuzz targets, and a fuzzer for the DNS packet parser. 2018-01-14 03:51:07 +03:00			`git clone --depth 1 https://github.com/CZ-NIC/dns-fuzzing $df`
			`zip -jqr $OUT/fuzz-dns-packet_seed_corpus.zip $df/packet`

oss-fuzz.sh: just install the shared library The workaround is no longer necessary, because the scripts checking fuzzers have stopped going down to the subdirectories of $OUT and started to look for the string "LLVMFuzzerTestOneInput" to tell fuzzers and random binaries apart. Some more details can be found at https://github.com/google/oss-fuzz/issues/1566. 2018-08-16 05:06:35 +03:00			`install -Dt $OUT/src/shared/ $build/src/shared/libsystemd-shared-*.so`
fuzz: add initial fuzzing infrastructure The fuzzers will be used by oss-fuzz to automatically and continuously fuzz systemd. This commit includes the build tooling necessary to build fuzz targets, and a fuzzer for the DNS packet parser. 2018-01-14 03:51:07 +03:00
tests: add a fuzzer for the json parser and dumper 2018-08-01 13:25:26 +03:00			`wget -O $OUT/fuzz-json_seed_corpus.zip https://storage.googleapis.com/skia-fuzzer/oss-fuzz/skjson_seed_corpus.zip`
			`wget -O $OUT/fuzz-json.dict https://raw.githubusercontent.com/rc0r/afl-fuzz/master/dictionaries/json.dict`

fuzz: rebuild everything during each oss-fuzz build This avoids failures while using the oss-fuzz local testing infrastructure. 2018-01-16 16:36:56 +03:00			`find $build -maxdepth 1 -type f -executable -name "fuzz-*" -exec mv {} $OUT \;`
oss-fuzz.sh: copy dictionaries along with "options" files We currently don't have any upstream but it doesn't mean that it should be impossible to experiment with local ones :-) 2018-11-06 21:51:45 +03:00			`find src -type f -name "fuzz-*.dict" -exec cp {} $OUT \;`
fuzz: allow building fuzzers outside of oss-fuzz Add a new -Dllvm-fuzz=true option that can be used to build against libFuzzer and update the oss-fuzz script to work outside of the oss-fuzz build environment. 2018-01-16 18:25:43 +03:00			`cp src/fuzz/*.options $OUT`