2019-08-07 14:37:16 +00:00
---
layout: default
title: Fuzzer environment
2019-08-21 22:10:15 +00:00
parent: Further reading
2019-08-07 14:37:16 +00:00
nav_order: 2
2019-08-21 22:10:15 +00:00
permalink: /further-reading/fuzzer-environment/
2019-08-07 14:37:16 +00:00
---
2016-11-07 21:08:44 +00:00
# Fuzzer environment on ClusterFuzz
2019-08-07 14:37:16 +00:00
Your fuzz targets will be run on a
[Google Compute Engine ](https://cloud.google.com/compute/ ) VM (Linux) with some
[security restrictions ](https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-runner/run_minijail ).
- TOC
{:toc}
---
2016-11-07 21:08:44 +00:00
2017-02-07 16:39:14 +00:00
## Runtime Dependencies
2017-01-10 20:44:14 +00:00
You should not make any assumptions on the availability of dependent packages
2017-02-08 03:15:53 +00:00
in the execution environment. Packages that are installed via
2019-08-07 14:37:16 +00:00
[Dockerfile ]({{ site.baseurl }}/getting-started/new-project-guide/#dockerfile )
2017-02-07 17:14:23 +00:00
or built as part of
2019-08-07 14:37:16 +00:00
[build.sh ]({{ site.baseurl }}/getting-started/new-project-guide/#buildsh )
2017-02-08 03:15:53 +00:00
are not available on the bot runtime environment (where the fuzz targets run).
2017-02-07 17:14:23 +00:00
2020-06-18 15:21:49 +00:00
If you need these dependencies in the runtime environment, you can either:
2017-02-08 03:15:53 +00:00
- Install the packages via Dockerfile
2019-08-15 22:07:23 +00:00
([example](https://github.com/google/oss-fuzz/blob/2d5e2ef84f281e6ab789055aa735606d3122fda9/projects/tor/Dockerfile#L19))
2017-02-07 17:14:23 +00:00
and then link statically against them
2020-06-18 15:21:49 +00:00
([example](https://github.com/google/oss-fuzz/blob/2d5e2ef84f281e6ab789055aa735606d3122fda9/projects/tor/build.sh#L40)).
2017-02-07 17:14:23 +00:00
- Or build the dependencies statically in
2019-08-07 14:37:16 +00:00
[build.sh ]({{ site.baseurl }}/getting-started/new-project-guide/#buildsh )
2019-08-15 22:07:23 +00:00
([example](https://github.com/google/oss-fuzz/blob/64f8b6593da141b97c98c7bc6f07df92c42ee010/projects/ffmpeg/build.sh#L26)).
2017-02-07 16:43:34 +00:00
2019-08-07 14:37:16 +00:00
All build artifacts needed during fuzz target execution should be inside the
`$OUT` directory. Only those artifacts are archived and used on the bots.
Everything else is ignored (e.g. artifacts in `$WORK` , `$SRC` , etc) and hence
is not available in the execution environment.
2017-01-14 20:20:48 +00:00
2019-09-24 23:19:45 +00:00
We strongly recommend static linking because it just works.
However dynamic linking can work if shared objects are included in the `$OUT` directory and are loaded relative
to `'$ORIGIN'` , the path of the binary (see the discussion of `'$ORIGIN'` [here ](http://man7.org/linux/man-pages/man8/ld.so.8.html )).
A fuzzer can be instructed to load libraries relative to `'$ORIGIN'` during compilation (i.e. `-Wl,-rpath,'$ORIGIN/lib'` )
or afterwards using `chrpath -r '$ORIGIN/lib' $OUT/$fuzzerName` ([example](https://github.com/google/oss-fuzz/blob/09aa9ac556f97bd4e31928747eca0c8fed42509f/projects/php/build.sh#L40)). Note that `'$ORIGIN'` should be surronded
by single quotes because it is not an environment variable like `$OUT` that can be retrieved during execution of `build.sh` .
2019-09-24 23:25:00 +00:00
Its value is retrieved during execution of the binary. You can verify that you did this correctly using `ldd <fuzz_target_name>` and the `check_build` command in `infra/helper.py` .
2019-09-24 23:19:45 +00:00
2019-08-07 14:37:16 +00:00
You should ensure that the fuzz target works correctly by using `run_fuzzer`
command (see instructions
[here ]({{ site.baseurl }}/getting-started/new-project-guide/#testing-locally )).
This command uses a clean base-runner docker container and not the base-builder
docker container created during build-time.
2017-01-10 20:44:14 +00:00
2017-01-20 19:55:22 +00:00
## argv[0]
2019-08-07 14:37:16 +00:00
You must not modify `argv[0]` . It is required for certain things to work
correctly.
2017-01-20 19:55:22 +00:00
2016-11-07 21:08:44 +00:00
## Current working directory
2016-11-26 23:59:29 +00:00
You should not make any assumptions about the current working directory of your
2017-01-06 07:41:38 +00:00
fuzz target. If you need to load data files, please use `argv[0]` to get the
directory where your fuzz target executable is located.
2016-11-07 21:08:44 +00:00
2016-11-29 19:47:37 +00:00
## File system
2016-11-07 21:08:44 +00:00
2019-08-07 14:37:16 +00:00
Everything except `/tmp` is read-only, including the directory that your fuzz
target executable lives in.
2016-11-07 21:08:44 +00:00
2016-12-09 16:49:42 +00:00
`/dev` is also unavailable.
2017-08-01 16:31:29 +00:00
## Hardware
Your project should not be compiled with `-march=native` or `-mtune=native`
flags, as the build infrastructure and fuzzing machines may have different CPUs
as well as other hardware differences. You may however use `-mtune=generic` .