2019-09-19 23:32:39 +00:00
|
|
|
# Copyright 2019 Google Inc.
|
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
|
|
|
#
|
|
|
|
################################################################################
|
|
|
|
|
|
|
|
FROM gcr.io/oss-fuzz-base/base-builder
|
|
|
|
|
|
|
|
# Install packages we need to build dependencies
|
|
|
|
RUN apt-get update && \
|
|
|
|
apt-get install -y \
|
|
|
|
make \
|
|
|
|
autoconf \
|
|
|
|
automake \
|
|
|
|
libtool \
|
|
|
|
sudo \
|
|
|
|
wget \
|
|
|
|
gcc \
|
|
|
|
g++ \
|
|
|
|
python \
|
|
|
|
python-dev
|
|
|
|
|
|
|
|
# Install and build boost from source so we can have it use libc++
|
2020-03-29 14:22:54 +00:00
|
|
|
RUN wget https://sourceforge.net/projects/boost/files/boost/1.70.0/boost_1_70_0.tar.gz && \
|
2019-09-19 23:32:39 +00:00
|
|
|
tar xzf boost_1_70_0.tar.gz && \
|
|
|
|
cd boost_1_70_0 && \
|
|
|
|
./bootstrap.sh --with-toolset=clang && \
|
|
|
|
./b2 clean && \
|
|
|
|
./b2 toolset=clang cxxflags="-stdlib=libc++" linkflags="-stdlib=libc++" -j$(nproc) install && \
|
|
|
|
cd .. && \
|
|
|
|
rm -rf boost_1_70_0
|
|
|
|
|
|
|
|
# Build gflags/glog/gtest from source so we use libc++ and avoid incompatibilities with the std::string ABI breaking changes
|
|
|
|
RUN sudo apt-get purge libgflags-dev
|
|
|
|
|
|
|
|
RUN wget https://github.com/gflags/gflags/archive/v2.2.2.tar.gz && \
|
|
|
|
tar xzf v2.2.2.tar.gz && \
|
|
|
|
cd gflags-2.2.2 && \
|
|
|
|
mkdir build && \
|
|
|
|
cd build && \
|
|
|
|
export CC=clang && \
|
|
|
|
export CXX=clang++ && \
|
|
|
|
export CXXFLAGS="-stdlib=libc++" && \
|
|
|
|
cmake -DCMAKE_POSITION_INDEPENDENT_CODE=ON .. && \
|
|
|
|
make -j$(nproc) && \
|
|
|
|
sudo make install && \
|
|
|
|
cd ../../ && \
|
|
|
|
rm -rf gflags-2.2.2
|
|
|
|
|
|
|
|
RUN wget https://github.com/google/glog/archive/v0.4.0.tar.gz && \
|
|
|
|
tar xzf v0.4.0.tar.gz && \
|
|
|
|
cd glog-0.4.0 && \
|
|
|
|
export CC=clang && \
|
|
|
|
export CXX=clang++ && \
|
|
|
|
export CXXFLAGS="-stdlib=libc++" && \
|
|
|
|
mkdir build && \
|
|
|
|
cd build && \
|
|
|
|
cmake -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCMAKE_VERBOSE_MAKEFILE=ON .. && \
|
|
|
|
make -j$(nproc) && \
|
|
|
|
sudo make install && \
|
|
|
|
cd ../.. && \
|
|
|
|
rm -rf glog-0.4.0
|
|
|
|
|
|
|
|
RUN wget https://github.com/google/googletest/archive/release-1.8.1.tar.gz && \
|
|
|
|
tar xzf release-1.8.1.tar.gz && \
|
|
|
|
cd googletest-release-1.8.1 && \
|
|
|
|
export CC=clang && \
|
|
|
|
export CXX=clang++ && \
|
|
|
|
export CXXFLAGS="-stdlib=libc++" && \
|
|
|
|
mkdir build && \
|
|
|
|
cd build && \
|
|
|
|
cmake -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCMAKE_VERBOSE_MAKEFILE=ON .. && \
|
|
|
|
make -j$(nproc) && \
|
|
|
|
sudo make install && \
|
|
|
|
cd ../.. && \
|
|
|
|
rm -rf googletest-release-1.8.1
|
|
|
|
|
|
|
|
# Build and install zstd from source so we have it available for proxygen
|
|
|
|
RUN wget https://github.com/facebook/zstd/releases/download/v1.4.2/zstd-1.4.2.tar.gz && \
|
|
|
|
tar xzf zstd-1.4.2.tar.gz && \
|
|
|
|
cd zstd-1.4.2 && \
|
|
|
|
export CC=clang && \
|
|
|
|
export CXX=clang++ && \
|
|
|
|
export CXXFLAGS="-stdlib=libc++" && \
|
|
|
|
sudo make -j$(nproc) install && \
|
|
|
|
cd .. && \
|
|
|
|
rm -rf zstd-1.4.2
|
|
|
|
|
2019-11-21 23:16:43 +00:00
|
|
|
# Build and install `fmt` needed by folly
|
|
|
|
RUN wget https://github.com/fmtlib/fmt/archive/6.0.0.tar.gz && \
|
|
|
|
tar xzf 6.0.0.tar.gz && \
|
|
|
|
cd fmt-6.0.0 && \
|
|
|
|
export CC=clang && \
|
|
|
|
export CXX=clang++ && \
|
|
|
|
export CXXFLAGS="-stdlib=libc++" && \
|
|
|
|
mkdir build && \
|
|
|
|
cd build && \
|
|
|
|
cmake .. && \
|
|
|
|
make -j$(nproc) && \
|
|
|
|
sudo make install && \
|
|
|
|
cd ../.. && \
|
|
|
|
rm -rf fmt-6.0.0
|
2020-09-28 18:58:42 +00:00
|
|
|
|
|
|
|
# Build and install `gperf` (>= 3.1)
|
|
|
|
RUN wget http://ftp.gnu.org/pub/gnu/gperf/gperf-3.1.tar.gz && \
|
|
|
|
rm -rf gperf-3.1 | true && \
|
|
|
|
tar xzvf gperf-3.1.tar.gz && \
|
|
|
|
cd gperf-3.1 && \
|
|
|
|
export CC=gcc && \
|
|
|
|
export CXX=g++ && \
|
|
|
|
export CXXFLAGS="" && \
|
|
|
|
export CFLAGS_TMP="$CFLAGS" && \
|
|
|
|
unset CFLAGS && \
|
|
|
|
./configure && \
|
|
|
|
make -j1 V=s && \
|
|
|
|
sudo make install && \
|
|
|
|
export CFLAGS="$CFLAGS_TMP" && \
|
|
|
|
unset CFLAGS_TMP && \
|
|
|
|
cd .. && \
|
|
|
|
rm -rf gperf-3.1
|
2019-11-21 23:16:43 +00:00
|
|
|
|
2019-09-19 23:32:39 +00:00
|
|
|
# Replicate `install-dependencies` from the proxygen `build.sh` script
|
|
|
|
RUN apt-get install -y \
|
|
|
|
git \
|
|
|
|
flex \
|
|
|
|
bison \
|
|
|
|
libkrb5-dev \
|
|
|
|
libsasl2-dev \
|
|
|
|
libnuma-dev \
|
|
|
|
pkg-config \
|
|
|
|
libssl-dev \
|
|
|
|
libcap-dev \
|
|
|
|
libevent-dev \
|
|
|
|
libtool \
|
|
|
|
libjemalloc-dev \
|
|
|
|
unzip \
|
|
|
|
libiberty-dev \
|
|
|
|
liblzma-dev \
|
|
|
|
zlib1g-dev \
|
|
|
|
binutils-dev \
|
|
|
|
libsodium-dev \
|
2020-01-09 00:47:53 +00:00
|
|
|
libdouble-conversion-dev \
|
|
|
|
libunwind8-dev
|
2019-09-19 23:32:39 +00:00
|
|
|
|
[proxygen] Re-enable AFL; change build script to put libunwind in the generated directory and make the fuzzer find it (#2872)
I'm re-enabling AFL since the issue with gmock's main being present was fixed in https://github.com/facebook/proxygen/commit/e8616a31f4df1486a522dde62fd337ae0d4e87e9
This libunwind changes solve the issues we were seeing with the fuzzers not running in the clusterfuzz bot environment. What this PR does, roughly:
* Copy the .so from the build image into `/out/lib`
* Patch the binaries so they have an rpath which specifies looking in `/out/lib` for libraries in addition to the normal search path
This will work *assuming* `/out/lib` is copied over in the bot environment and is available. I'm relying on code reviewers to let me know if this is true or not. If not, it should be an easy path update.
Test plan:
Verifying the AFL build was easy:
python infra/helper.py build_fuzzers --sanitizer address --engine afl proxygen
python infra/helper.py check_build --engine afl proxygen
python infra/helper.py run_fuzzer --engine afl proxygen ProxygenHTTP1xFuzzer
I verified the libunwind changes by using the shell command (thanks for the tip, didn't know that was there!).
I first built the binary using this build script.
I then used `python infra/helper.py shell --sanitizer address proxygen`
In the shell, I:
* Ran `/out/ProxygenHTTP1xFuzzer` and verified it worked
* Ran `ldd` on it and showed it pointed to `/out/lib` for `libunwind.so.8`
* Uninstalled libunwind
* Verified it still worked
* Used `patchelf --print-rpath ProxygenHTTP1xFuzzer` to verify that the rpath was set as I expected (inside `/out/lib`)
* Removed the patch using `patchelf --remove-rpath to_patch`
* Verified that the fuzzer no longer runs (crashes on startup, complaining about missing `libunwind.so.8`)
* I verified that the binary still finds the system one if rpath isn't set, by reinstalling it, using `patchelf --print-rpath` again, verifying that it prints the path to the system `libunwind` when I run `ldd`, and that the fuzzer runs fine. This implies it can find other system libraries fine too (and I saw that in the `ldd` output)
I don't think I can do any further testing, so we will just have to hope that this works in the bot environment.
2019-09-22 03:08:51 +00:00
|
|
|
# Install patchelf so we can fix path to libunwind
|
|
|
|
RUN apt-get install patchelf
|
|
|
|
|
2019-09-19 23:32:39 +00:00
|
|
|
# Fetch source and copy over files
|
|
|
|
RUN git clone --depth 1 https://github.com/facebook/proxygen.git proxygen
|
|
|
|
WORKDIR proxygen
|
2020-03-29 14:22:54 +00:00
|
|
|
COPY build.sh $SRC/
|