1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

oss-fuzz: standardise on RPATH for the static-ish binaries

This includes a revert of commit e60df21499.

We strictly require RPATH, not the modern RUNPATH for the behaviour
we need in oss-fuzz, which is that not just the first line of dependencies
but the full set of libraries used by the program are looked for in the
'$ORIGIN/lib' directory.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Oct 22 14:10:04 UTC 2020 on sn-devel-184
This commit is contained in:
Andrew Bartlett 2020-10-22 15:39:50 +13:00 committed by Douglas Bagnall
parent 048725080b
commit c03a265030
3 changed files with 21 additions and 15 deletions

View File

@ -63,7 +63,7 @@ case "$SANITIZER" in
# cc style options, so we can just set ADDITIONAL_LDFLAGS # cc style options, so we can just set ADDITIONAL_LDFLAGS
# to ensure the coverage build is done, despite waf splitting # to ensure the coverage build is done, despite waf splitting
# the compile and link phases. # the compile and link phases.
ADDITIONAL_LDFLAGS="$COVERAGE_FLAGS" ADDITIONAL_LDFLAGS="${ADDITIONAL_LDFLAGS:-} $COVERAGE_FLAGS"
export ADDITIONAL_LDFLAGS export ADDITIONAL_LDFLAGS
SANITIZER_ARG='' SANITIZER_ARG=''
@ -113,19 +113,16 @@ do
cp $x $OUT/ cp $x $OUT/
bin=`basename $x` bin=`basename $x`
# Change any RPATH to RUNPATH. # Changing RPATH (not RUNPATH, but we can't tell here which was
# set) is critical, otherwise libraries used by libraries won't be
# found on the oss-fuzz target host. Sadly this is only possible
# with clang or ld.bfd on Ubuntu 16.04 (this script is only run on
# that).
# #
# We use ld.bfd for the coverage builds, rather than the faster ld.gold. # chrpath --convert only allows RPATH to be changed to RUNPATH,
# not the other way around, and we really don't want RUNPATH.
# #
# On Ubuntu 16.04, used for the oss-fuzz build, when linking with # This means the copied libraries are found on the runner
# ld.bfd the binaries get a RPATH, but builds in Ubuntu 18.04
# ld.bfd and those using ld.gold get a RUNPATH.
#
# Just convert them all to RUNPATH to make the check_build.sh test
# easier.
chrpath -c $OUT/$bin
# Change RUNPATH so that the copied libraries are found on the
# runner
chrpath -r '$ORIGIN/lib' $OUT/$bin chrpath -r '$ORIGIN/lib' $OUT/$bin
# Truncate the original binary to save space # Truncate the original binary to save space

View File

@ -23,12 +23,21 @@ do
continue continue
fi fi
# Confirm that the chrpath was reset to lib/ in the same directory # Confirm that the chrpath was reset to lib/ in the same directory
# as the binary # as the binary. RPATH (not RUNPATH) is critical, otherwise
chrpath -l $bin | grep 'RUNPATH=$ORIGIN/lib' # libraries used by libraries won't be found on the oss-fuzz
# target host, but is only possible with clang or ld.bfd on Ubuntu
# 16.04 (this script is only run on that).
chrpath -l $bin | grep 'RPATH=$ORIGIN/lib'
# Confirm that we link to at least some libraries in this # Confirm that we link to at least some libraries in this
# directory (shows that the libraries were found and copied). # directory (shows that the libraries were found and copied).
ldd $bin | grep "$OUT/lib" ldd $bin | grep "$OUT/lib"
num_libs=$(ldd $bin | grep -v ld-linux | grep -v linux-vdso | grep -v "$OUT/lib"| wc -l)
if [ 0$num_libs -ne 0 ]; then
echo "some libraries not linked to $ORIGIN/lib, oss-fuzz will fail!"
exit 1
fi
if [ -f ${bin}_seed_corpus.zip ]; then if [ -f ${bin}_seed_corpus.zip ]; then
seeds_found=yes seeds_found=yes

View File

@ -651,7 +651,7 @@ tasks = {
"samba-fuzz": [ "samba-fuzz": [
# build the fuzzers (static) via the oss-fuzz script # build the fuzzers (static) via the oss-fuzz script
("fuzzers-mkdir-prefix", "mkdir -p ${PREFIX_DIR}"), ("fuzzers-mkdir-prefix", "mkdir -p ${PREFIX_DIR}"),
("fuzzers-build", "OUT=${PREFIX_DIR} LIB_FUZZING_ENGINE= SANITIZER=address CXX= CFLAGS= ./lib/fuzzing/oss-fuzz/build_samba.sh --enable-afl"), ("fuzzers-build", "OUT=${PREFIX_DIR} LIB_FUZZING_ENGINE= SANITIZER=address CXX= CFLAGS= ADDITIONAL_LDFLAGS='-fuse-ld=bfd' ./lib/fuzzing/oss-fuzz/build_samba.sh --enable-afl"),
("fuzzers-check", "./lib/fuzzing/oss-fuzz/check_build.sh ${PREFIX_DIR}") ("fuzzers-check", "./lib/fuzzing/oss-fuzz/check_build.sh ${PREFIX_DIR}")
], ],