fuzzers: use -fsanitizer=fuzzer if clang supports it

Closes https://github.com/systemd/systemd/issues/10645
2025-01-09 01:18:19 +03:00 · 2019-05-09 00:03:41 +02:00 · 2019-05-09 00:03:41 +02:00 · 9c5c4677fa
commit 9c5c4677fa
parent 8c6637bab2
2 changed files with 19 additions and 4 deletions
--- a/meson.build
+++ b/meson.build
@ -303,7 +303,14 @@ else
 endif

 if want_libfuzzer
-        fuzzing_engine = meson.get_compiler('cpp').find_library('Fuzzer')
+        fuzzing_engine = meson.get_compiler('cpp').find_library('Fuzzer', required : false)
+        if fuzzing_engine.found()
+                add_project_arguments('-fsanitize-coverage=trace-pc-guard,trace-cmp', language : 'c')
+        elif cc.has_argument('-fsanitize=fuzzer-no-link')
+                add_project_arguments('-fsanitize=fuzzer-no-link', language : 'c')
+        else
+                error('Looks like neither libFuzzer nor -fsanitize=fuzzer-no-link is supported')
+        endif
 elif want_ossfuzz
        fuzzing_engine = meson.get_compiler('cpp').find_library('FuzzingEngine')
 elif want_fuzzbuzz
@ -2825,9 +2832,16 @@ foreach tuple : fuzzers
        dependencies = tuple[2]
        defs = tuple.length() >= 4 ? tuple[3] : []
        incs = tuple.length() >= 5 ? tuple[4] : includes
+        link_args = []

-        if fuzzer_build
+        if want_ossfuzz or want_fuzzbuzz
                dependencies += fuzzing_engine
+        elif want_libfuzzer
+                if fuzzing_engine.found()
+                        dependencies += fuzzing_engine
+                else
+                        link_args += ['-fsanitize=fuzzer']
+                endif
        else
                sources += 'src/fuzz/fuzz-main.c'
        endif
@ -2845,6 +2859,7 @@ foreach tuple : fuzzers
                link_with : link_with,
                dependencies : dependencies,
                c_args : defs,
+                link_args: link_args,
                install : false)
 endforeach
 endif
--- a/tools/oss-fuzz.sh
+++ b/tools/oss-fuzz.sh
@ -10,7 +10,7 @@ export CXX=${CXX:-clang++}
 clang_version="$($CC --version | sed -nr 's/.*version ([^ ]+?) .*/\1/p' | sed -r 's/-$//')"

 SANITIZER=${SANITIZER:-address -fsanitize-address-use-after-scope}
-flags="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=$SANITIZER -fsanitize-coverage=trace-pc-guard,trace-cmp"
+flags="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=$SANITIZER"

 clang_lib="/usr/lib64/clang/${clang_version}/lib/linux"
 [ -d "$clang_lib" ] || clang_lib="/usr/lib/clang/${clang_version}/lib/linux"
@ -33,7 +33,7 @@ if [ -z "$FUZZING_ENGINE" ]; then
 fi

 meson $build -D$fuzzflag -Db_lundef=false
-ninja -C $build fuzzers
+ninja -v -C $build fuzzers

 # The seed corpus is a separate flat archive for each fuzzer,
 # with a fixed name ${fuzzer}_seed_corpus.zip.