2021-05-03 18:48:34 +00:00
|
|
|
#!/bin/bash -eu
|
|
|
|
|
# Copyright 2021 Google LLC
|
|
|
|
|
#
|
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
|
#
|
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
#
|
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
|
# limitations under the License.
|
|
|
|
|
#
|
|
|
|
|
################################################################################
|
|
|
|
|
|
2021-05-26 09:33:12 +00:00
|
|
|
$SRC/build_cryptofuzz.sh
|
2021-05-19 04:12:50 +00:00
|
|
|
|
|
|
|
|
cd $SRC/bitcoin-core/
|
|
|
|
|
|
2021-05-03 18:48:34 +00:00
|
|
|
# Build dependencies
|
|
|
|
|
# This will also force static builds
|
|
|
|
|
if [ "$ARCHITECTURE" = "i386" ]; then
|
|
|
|
|
export BUILD_TRIPLET="i686-pc-linux-gnu"
|
|
|
|
|
else
|
|
|
|
|
export BUILD_TRIPLET="x86_64-pc-linux-gnu"
|
|
|
|
|
fi
|
|
|
|
|
(
|
|
|
|
|
cd depends
|
2021-05-07 10:06:31 +00:00
|
|
|
sed -i --regexp-extended '/.*rm -rf .*extract_dir.*/d' ./funcs.mk # Keep extracted source
|
2022-02-18 17:04:25 +00:00
|
|
|
make HOST=$BUILD_TRIPLET NO_QT=1 NO_BDB=1 NO_ZMQ=1 NO_UPNP=1 NO_NATPMP=1 libevent_cflags="${CFLAGS}" sqlite_cflags="${CFLAGS}" -j$(nproc)
|
2022-02-16 10:04:46 +00:00
|
|
|
# DEBUG=1 is temporarily disabled due to libc++ bugs
|
2021-05-03 18:48:34 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# Build the fuzz targets
|
|
|
|
|
|
2021-05-07 10:06:31 +00:00
|
|
|
sed -i "s|PROVIDE_FUZZ_MAIN_FUNCTION|NEVER_PROVIDE_MAIN_FOR_OSS_FUZZ|g" "./configure.ac"
|
2021-05-03 18:48:34 +00:00
|
|
|
./autogen.sh
|
|
|
|
|
|
2021-09-20 13:15:32 +00:00
|
|
|
# Temporarily compile with O2 to work around clang-13 (and later) UBSan
|
|
|
|
|
# -fsanitize=vptr,object-size false positive that only happens with -O1
|
2022-02-16 10:04:46 +00:00
|
|
|
# Fixed in https://github.com/llvm/llvm-project/commit/bbeaf2aac678
|
|
|
|
|
# However, OSS-Fuzz is stuck on a buggy clang, so the workaround is still
|
|
|
|
|
# needed. See https://github.com/google/oss-fuzz/pull/7140
|
2021-09-20 13:15:32 +00:00
|
|
|
if [ "$SANITIZER" = "undefined" ]; then
|
|
|
|
|
export CFLAGS="$CFLAGS -O2"
|
|
|
|
|
export CXXFLAGS="$CXXFLAGS -O2"
|
|
|
|
|
fi
|
|
|
|
|
|
2021-05-03 18:48:34 +00:00
|
|
|
# OSS-Fuzz will provide CC, CXX, etc. So only set:
|
|
|
|
|
# * --enable-fuzz, see https://github.com/bitcoin/bitcoin/blob/master/doc/fuzzing.md
|
|
|
|
|
# * CONFIG_SITE, see https://github.com/bitcoin/bitcoin/blob/master/depends/README.md
|
2021-05-22 15:11:19 +00:00
|
|
|
if [ "$SANITIZER" = "memory" ]; then
|
2022-03-29 20:50:42 +00:00
|
|
|
CONFIG_SITE="$PWD/depends/$BUILD_TRIPLET/share/config.site" ./configure --with-seccomp=no --enable-fuzz SANITIZER_LDFLAGS="$LIB_FUZZING_ENGINE" --disable-hardening --with-asm=no
|
2021-05-22 15:11:19 +00:00
|
|
|
else
|
2021-10-14 12:33:07 +00:00
|
|
|
CONFIG_SITE="$PWD/depends/$BUILD_TRIPLET/share/config.site" ./configure --with-seccomp=no --enable-fuzz SANITIZER_LDFLAGS="$LIB_FUZZING_ENGINE"
|
2021-05-22 15:11:19 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ "$SANITIZER" = "memory" ]; then
|
|
|
|
|
# MemorySanitizer (MSAN) does not support tracking memory initialization done by
|
|
|
|
|
# using the Linux getrandom syscall. Avoid using getrandom by undefining
|
|
|
|
|
# HAVE_SYS_GETRANDOM. See https://github.com/google/sanitizers/issues/852 for
|
|
|
|
|
# details.
|
|
|
|
|
grep -v HAVE_SYS_GETRANDOM src/config/bitcoin-config.h > src/config/bitcoin-config.h.tmp
|
|
|
|
|
mv src/config/bitcoin-config.h.tmp src/config/bitcoin-config.h
|
|
|
|
|
fi
|
2021-05-03 18:48:34 +00:00
|
|
|
|
|
|
|
|
make -j$(nproc)
|
|
|
|
|
|
2021-05-07 14:38:13 +00:00
|
|
|
WRITE_ALL_FUZZ_TARGETS_AND_ABORT="/tmp/a" "./src/test/fuzz/fuzz" || true
|
|
|
|
|
readarray FUZZ_TARGETS < "/tmp/a"
|
2021-05-08 12:57:00 +00:00
|
|
|
if [ -n "${OSS_FUZZ_CI-}" ]; then
|
|
|
|
|
# When running in CI, check the first targets only to save time and disk space
|
|
|
|
|
FUZZ_TARGETS=( ${FUZZ_TARGETS[@]:0:2} )
|
|
|
|
|
fi
|
2021-05-07 14:38:13 +00:00
|
|
|
|
2021-09-13 04:28:04 +00:00
|
|
|
# OSS-Fuzz requires a separate and self-contained binary for each fuzz target.
|
|
|
|
|
# To inject the fuzz target name in the finished binary, compile the fuzz
|
2022-03-21 12:51:18 +00:00
|
|
|
# executable with the name of the fuzz target injected into the source code.
|
2021-05-04 03:08:50 +00:00
|
|
|
for fuzz_target in ${FUZZ_TARGETS[@]}; do
|
2022-03-21 12:51:18 +00:00
|
|
|
git checkout -- "./src/test/fuzz/fuzz.cpp"
|
|
|
|
|
sed -i "s|static std::string_view g_fuzz_target;|static std::string g_fuzz_target;|g" "./src/test/fuzz/fuzz.cpp"
|
|
|
|
|
sed -i "s|std::getenv(\"FUZZ\")|\"$fuzz_target\"|g" "./src/test/fuzz/fuzz.cpp"
|
|
|
|
|
sed -i "s|.find(g_fuzz_target)|.find(g_fuzz_target.c_str())|g" "./src/test/fuzz/fuzz.cpp"
|
|
|
|
|
make -j$(nproc)
|
|
|
|
|
mv './src/test/fuzz/fuzz' "$OUT/$fuzz_target"
|
|
|
|
|
|
2021-05-07 14:38:13 +00:00
|
|
|
chmod +x "$OUT/$fuzz_target"
|
2021-05-04 03:08:50 +00:00
|
|
|
(
|
|
|
|
|
cd assets/fuzz_seed_corpus
|
2021-05-22 15:11:19 +00:00
|
|
|
if [ -d "$fuzz_target" ]; then
|
2021-05-31 03:52:48 +00:00
|
|
|
zip --recurse-paths --quiet --junk-paths "$OUT/${fuzz_target}_seed_corpus.zip" "${fuzz_target}"
|
2021-05-22 15:11:19 +00:00
|
|
|
fi
|
2021-05-04 03:08:50 +00:00
|
|
|
)
|
2021-05-22 15:11:19 +00:00
|
|
|
done
|
