2018-07-25 14:28:37 +00:00
|
|
|
#!/bin/bash -eu
|
|
|
|
# Copyright 2018 Google Inc.
|
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
|
|
|
#
|
|
|
|
################################################################################
|
|
|
|
|
|
|
|
# Case-sensitive names of internal Firefox fuzzing targets. Edit to add more.
|
|
|
|
FUZZ_TARGETS=(
|
|
|
|
SdpParser
|
|
|
|
StunParser
|
2018-08-27 13:27:12 +00:00
|
|
|
ContentParentIPC
|
|
|
|
ContentSecurityPolicyParser
|
2018-07-25 14:28:37 +00:00
|
|
|
# Qcms # needn't be enabled; has its own project with more sanitizers/engines
|
|
|
|
)
|
|
|
|
|
|
|
|
# Firefox object (build) directory.
|
|
|
|
OBJDIR=$WORK/obj-fuzz
|
|
|
|
|
2018-08-19 21:21:18 +00:00
|
|
|
[[ $SANITIZER = "coverage" ]] && touch $OUT/empty && exit 0
|
2018-08-18 23:32:16 +00:00
|
|
|
|
2018-07-25 14:28:37 +00:00
|
|
|
# Firefox fuzzing build configuration.
|
|
|
|
cat << EOF > mozconfig
|
|
|
|
ac_add_options --disable-debug
|
|
|
|
ac_add_options --disable-elf-hack
|
|
|
|
ac_add_options --disable-jemalloc
|
|
|
|
ac_add_options --disable-crashreporter
|
|
|
|
ac_add_options --enable-fuzzing
|
|
|
|
ac_add_options --enable-optimize=-O1
|
|
|
|
ac_add_options --enable-debug-symbols=-gline-tables-only
|
2018-08-18 23:32:16 +00:00
|
|
|
ac_add_options --enable-address-sanitizer
|
2018-07-25 14:28:37 +00:00
|
|
|
mk_add_options MOZ_OBJDIR=${OBJDIR}
|
|
|
|
mk_add_options MOZ_MAKE_FLAGS=-j$(nproc)
|
|
|
|
EOF
|
|
|
|
|
|
|
|
if [[ $SANITIZER = "address" ]]
|
|
|
|
then
|
|
|
|
cat << EOF >> mozconfig
|
2018-08-18 23:32:16 +00:00
|
|
|
mk_add_options CFLAGS=
|
|
|
|
mk_add_options CXXFLAGS=
|
2018-07-25 14:28:37 +00:00
|
|
|
EOF
|
|
|
|
fi
|
|
|
|
|
2018-08-27 13:27:12 +00:00
|
|
|
# Install dependencies. Note that bootstrap installs cargo, which must be added
|
|
|
|
# to PATH via source. In a successive run (for a different sanitizer), the
|
|
|
|
# cargo installation carries over, but bootstrap fails if cargo is not in PATH.
|
2018-07-27 15:23:43 +00:00
|
|
|
export SHELL=/bin/bash
|
2018-08-27 13:27:12 +00:00
|
|
|
[ -f "$HOME/.cargo/env" ] && source $HOME/.cargo/env
|
2018-07-26 17:23:07 +00:00
|
|
|
./mach bootstrap --no-interactive --application-choice browser
|
2018-07-26 19:18:30 +00:00
|
|
|
source $HOME/.cargo/env
|
2018-07-26 08:16:07 +00:00
|
|
|
|
2018-08-19 21:19:58 +00:00
|
|
|
# Update internal libFuzzer.
|
|
|
|
(cd tools/fuzzing/libfuzzer && ./clone_libfuzzer.sh HEAD)
|
2018-08-18 23:32:16 +00:00
|
|
|
|
2018-07-25 14:28:37 +00:00
|
|
|
# Build! Takes about 15 minutes on a 32 vCPU instance.
|
|
|
|
./mach build
|
|
|
|
./mach gtest buildbutdontrun
|
|
|
|
|
|
|
|
# Packages Firefox only to immediately extract the archive. Some files are
|
|
|
|
# replaced with gtest-variants, which is required by the fuzzing interface.
|
|
|
|
# Weighs in shy of 1GB afterwards.
|
|
|
|
make -j$(nproc) -C $OBJDIR package
|
|
|
|
tar -xf $OBJDIR/dist/firefox*bz2 -C $OUT
|
|
|
|
mv $OBJDIR/toolkit/library/gtest/libxul.so $OUT/firefox
|
|
|
|
mv $OUT/firefox/dependentlibs.list $OUT/firefox/dependentlibs.list.gtest
|
|
|
|
|
2018-08-27 13:27:12 +00:00
|
|
|
# Get the absolute paths of the required system libraries.
|
2018-07-26 17:23:07 +00:00
|
|
|
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH:-}:$OUT/firefox
|
2018-07-25 14:28:37 +00:00
|
|
|
REQUIRED_LIBRARIES=($(ldd $OUT/firefox/libxul.so | gawk '/=> [/]/ {print $3}'))
|
|
|
|
REQUIRED_LIBRARIES=(${REQUIRED_LIBRARIES[@]##$OUT/*})
|
|
|
|
|
2018-08-27 13:27:12 +00:00
|
|
|
# Copy libraries. Less than 50MB total.
|
|
|
|
mkdir -p $OUT/lib
|
2018-07-25 14:28:37 +00:00
|
|
|
for REQUIRED_LIBRARY in ${REQUIRED_LIBRARIES[@]}
|
|
|
|
do
|
2018-08-27 13:27:12 +00:00
|
|
|
cp -L $REQUIRED_LIBRARY $OUT/lib
|
2018-07-25 14:28:37 +00:00
|
|
|
done
|
|
|
|
|
|
|
|
# Build a wrapper binary for each target to set environment variables.
|
|
|
|
for FUZZ_TARGET in ${FUZZ_TARGETS[@]}
|
|
|
|
do
|
|
|
|
$CC $CFLAGS -O0 \
|
|
|
|
-DFUZZ_TARGET=$FUZZ_TARGET \
|
|
|
|
$SRC/target.c -o $OUT/$FUZZ_TARGET
|
|
|
|
done
|
2018-08-18 23:32:16 +00:00
|
|
|
|
|
|
|
# SdpParser
|
2018-08-27 13:27:12 +00:00
|
|
|
find media/webrtc -iname "*.sdp" \
|
|
|
|
-type f -exec zip -qu $OUT/SdpParser_seed_corpus.zip "{}" \;
|
|
|
|
cp $SRC/fuzzdata/dicts/sdp.dict $OUT/SdpParser.dict
|
2018-08-18 23:32:16 +00:00
|
|
|
|
|
|
|
# StunParser
|
2018-08-27 13:27:12 +00:00
|
|
|
find media/webrtc -iname "*.stun" \
|
|
|
|
-type f -exec zip -qu $OUT/StunParser_seed_corpus.zip "{}" \;
|
|
|
|
cp $SRC/fuzzdata/dicts/stun.dict $OUT/StunParser.dict
|
|
|
|
|
|
|
|
# ContentParentIPC
|
|
|
|
cp $SRC/fuzzdata/settings/ipc/libfuzzer.content.blacklist.txt $OUT/firefox
|
2018-08-28 13:36:56 +00:00
|
|
|
cp $SRC/ContentParentIPC.options $OUT
|
2018-08-27 13:27:12 +00:00
|
|
|
|
|
|
|
# ContentSecurityPolicyParser
|
|
|
|
cp dom/security/fuzztest/csp_fuzzer.dict $OUT/ContentSecurityPolicyParser.dict
|