2021-05-03 18:48:34 +00:00
|
|
|
#!/bin/bash -eu
|
|
|
|
|
# Copyright 2021 Google LLC
|
|
|
|
|
#
|
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
|
#
|
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
#
|
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
|
# limitations under the License.
|
|
|
|
|
#
|
|
|
|
|
################################################################################
|
|
|
|
|
|
2021-05-26 09:33:12 +00:00
|
|
|
$SRC/build_cryptofuzz.sh
|
2021-05-19 04:12:50 +00:00
|
|
|
|
|
|
|
|
cd $SRC/bitcoin-core/
|
|
|
|
|
|
2021-05-03 18:48:34 +00:00
|
|
|
# Build dependencies
|
|
|
|
|
# This will also force static builds
|
|
|
|
|
if [ "$ARCHITECTURE" = "i386" ]; then
|
|
|
|
|
export BUILD_TRIPLET="i686-pc-linux-gnu"
|
|
|
|
|
else
|
|
|
|
|
export BUILD_TRIPLET="x86_64-pc-linux-gnu"
|
|
|
|
|
fi
|
|
|
|
|
(
|
|
|
|
|
cd depends
|
2021-05-07 10:06:31 +00:00
|
|
|
sed -i --regexp-extended '/.*rm -rf .*extract_dir.*/d' ./funcs.mk # Keep extracted source
|
2021-05-04 14:44:42 +00:00
|
|
|
make HOST=$BUILD_TRIPLET DEBUG=1 NO_QT=1 NO_WALLET=1 NO_ZMQ=1 NO_UPNP=1 NO_NATPMP=1 boost_cxxflags="-std=c++17 -fvisibility=hidden -fPIC ${CXXFLAGS}" libevent_cflags="${CFLAGS}" -j$(nproc)
|
2021-05-03 18:48:34 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# Build the fuzz targets
|
|
|
|
|
|
2021-05-07 10:06:31 +00:00
|
|
|
sed -i "s|PROVIDE_FUZZ_MAIN_FUNCTION|NEVER_PROVIDE_MAIN_FOR_OSS_FUZZ|g" "./configure.ac"
|
2021-05-03 18:48:34 +00:00
|
|
|
./autogen.sh
|
|
|
|
|
|
2021-09-20 13:15:32 +00:00
|
|
|
# Temporarily compile with O2 to work around clang-13 (and later) UBSan
|
|
|
|
|
# -fsanitize=vptr,object-size false positive that only happens with -O1
|
|
|
|
|
if [ "$SANITIZER" = "undefined" ]; then
|
|
|
|
|
export CFLAGS="$CFLAGS -O2"
|
|
|
|
|
export CXXFLAGS="$CXXFLAGS -O2"
|
|
|
|
|
fi
|
|
|
|
|
|
2021-05-03 18:48:34 +00:00
|
|
|
# OSS-Fuzz will provide CC, CXX, etc. So only set:
|
|
|
|
|
# * --enable-fuzz, see https://github.com/bitcoin/bitcoin/blob/master/doc/fuzzing.md
|
|
|
|
|
# * CONFIG_SITE, see https://github.com/bitcoin/bitcoin/blob/master/depends/README.md
|
2021-05-22 15:11:19 +00:00
|
|
|
if [ "$SANITIZER" = "memory" ]; then
|
2021-10-14 12:33:07 +00:00
|
|
|
CONFIG_SITE="$PWD/depends/$BUILD_TRIPLET/share/config.site" ./configure --with-seccomp=no --enable-fuzz SANITIZER_LDFLAGS="$LIB_FUZZING_ENGINE" --with-asm=no
|
2021-05-22 15:11:19 +00:00
|
|
|
else
|
2021-10-14 12:33:07 +00:00
|
|
|
CONFIG_SITE="$PWD/depends/$BUILD_TRIPLET/share/config.site" ./configure --with-seccomp=no --enable-fuzz SANITIZER_LDFLAGS="$LIB_FUZZING_ENGINE"
|
2021-05-22 15:11:19 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ "$SANITIZER" = "memory" ]; then
|
|
|
|
|
# MemorySanitizer (MSAN) does not support tracking memory initialization done by
|
|
|
|
|
# using the Linux getrandom syscall. Avoid using getrandom by undefining
|
|
|
|
|
# HAVE_SYS_GETRANDOM. See https://github.com/google/sanitizers/issues/852 for
|
|
|
|
|
# details.
|
|
|
|
|
grep -v HAVE_SYS_GETRANDOM src/config/bitcoin-config.h > src/config/bitcoin-config.h.tmp
|
|
|
|
|
mv src/config/bitcoin-config.h.tmp src/config/bitcoin-config.h
|
|
|
|
|
fi
|
2021-05-03 18:48:34 +00:00
|
|
|
|
|
|
|
|
make -j$(nproc)
|
|
|
|
|
|
2021-05-07 14:38:13 +00:00
|
|
|
WRITE_ALL_FUZZ_TARGETS_AND_ABORT="/tmp/a" "./src/test/fuzz/fuzz" || true
|
|
|
|
|
readarray FUZZ_TARGETS < "/tmp/a"
|
2021-05-08 12:57:00 +00:00
|
|
|
if [ -n "${OSS_FUZZ_CI-}" ]; then
|
|
|
|
|
# When running in CI, check the first targets only to save time and disk space
|
|
|
|
|
FUZZ_TARGETS=( ${FUZZ_TARGETS[@]:0:2} )
|
|
|
|
|
fi
|
2021-05-07 14:38:13 +00:00
|
|
|
|
2021-09-13 04:28:04 +00:00
|
|
|
# OSS-Fuzz requires a separate and self-contained binary for each fuzz target.
|
|
|
|
|
# To inject the fuzz target name in the finished binary, compile the fuzz
|
|
|
|
|
# executable with a "magic string" as the name of the fuzz target.
|
|
|
|
|
#
|
|
|
|
|
# An alternative to mocking the string in the finished binary would be to
|
|
|
|
|
# replace the string in the source code and re-invoke 'make'. This is slower,
|
|
|
|
|
# so use the hack.
|
2021-05-07 14:38:13 +00:00
|
|
|
export MAGIC_STR="b5813eee2abc9d3358151f298b75a72264ffa119d2f71ae7fefa15c4b70b4bc5b38e87e3107a730f25891ea428b2b4fabe7a84f5bfa73c79e0479e085e4ff157"
|
2021-09-13 04:28:04 +00:00
|
|
|
sed -i "s|.*std::getenv(\"FUZZ\").*|std::string fuzz_target{\"$MAGIC_STR\"};|g" "./src/test/fuzz/fuzz.cpp"
|
|
|
|
|
sed -i "s|.find(fuzz_target)|.find(fuzz_target.c_str())|g" "./src/test/fuzz/fuzz.cpp"
|
2021-05-07 14:38:13 +00:00
|
|
|
make -j$(nproc)
|
|
|
|
|
|
|
|
|
|
# Replace the magic string with the actual name of each fuzz target
|
2021-05-04 03:08:50 +00:00
|
|
|
for fuzz_target in ${FUZZ_TARGETS[@]}; do
|
2021-05-08 12:57:00 +00:00
|
|
|
python3 -c "c_str_target=b\"${fuzz_target}\x00\";c_str_magic=b\"$MAGIC_STR\";c=open('./src/test/fuzz/fuzz','rb').read();c=c.replace(c_str_magic, c_str_target+c_str_magic[len(c_str_target):]);open(\"$OUT/$fuzz_target\",'wb').write(c)"
|
2021-05-07 14:38:13 +00:00
|
|
|
chmod +x "$OUT/$fuzz_target"
|
2021-05-04 03:08:50 +00:00
|
|
|
(
|
|
|
|
|
cd assets/fuzz_seed_corpus
|
2021-05-22 15:11:19 +00:00
|
|
|
if [ -d "$fuzz_target" ]; then
|
2021-05-31 03:52:48 +00:00
|
|
|
zip --recurse-paths --quiet --junk-paths "$OUT/${fuzz_target}_seed_corpus.zip" "${fuzz_target}"
|
2021-05-22 15:11:19 +00:00
|
|
|
fi
|
2021-05-04 03:08:50 +00:00
|
|
|
)
|
2021-05-22 15:11:19 +00:00
|
|
|
done
|
