diff --git a/infra/base-images/base-builder/Dockerfile b/infra/base-images/base-builder/Dockerfile index 0474530e3..f2cbf922c 100644 --- a/infra/base-images/base-builder/Dockerfile +++ b/infra/base-images/base-builder/Dockerfile @@ -15,14 +15,16 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-clang -RUN apt-get install -y git \ - subversion \ - jq \ - python3 \ - zip \ - make \ +RUN apt-get update && apt-get install -y \ binutils-dev \ - libc6-dev-i386 + curl \ + git \ + jq \ + libc6-dev-i386 \ + make \ + python3 \ + subversion \ + zip # Download and install the latest stable Go. ADD https://storage.googleapis.com/golang/getgo/installer_linux $SRC/ @@ -41,6 +43,13 @@ ENV PATH $PATH:/root/.go/bin:$GOPATH/bin RUN go get -u github.com/mdempsky/go114-fuzz-build && \ ln -s $GOPATH/bin/go114-fuzz-build $GOPATH/bin/go-fuzz +# Install Rust and cargo-fuzz for libFuzzer instrumentation. +ENV CARGO_HOME=/rust +ENV RUSTUP_HOME=/rust/rustup +ENV PATH=$PATH:/rust/bin +RUN curl https://sh.rustup.rs | sh -s -- -y --default-toolchain=nightly +RUN cargo install cargo-fuzz + # Default build flags for various sanitizers. ENV SANITIZER_FLAGS_address "-fsanitize=address -fsanitize-address-use-after-scope" diff --git a/infra/base-images/base-builder/compile b/infra/base-images/base-builder/compile index 1a3d4f508..8d8d9aeb0 100755 --- a/infra/base-images/base-builder/compile +++ b/infra/base-images/base-builder/compile @@ -63,8 +63,24 @@ if [ $FUZZING_ENGINE = "none" ]; then export COVERAGE_FLAGS= fi -export CFLAGS="$CFLAGS $SANITIZER_FLAGS $COVERAGE_FLAGS" -export CXXFLAGS="$CFLAGS $CXXFLAGS_EXTRA" +if [[ $FUZZING_LANGUAGE == "rust" ]]; then + # Rust does not support sanitizers and coverage flags via CFLAGS/CXXFLAGS. + # Instead, use RUSTFLAGS. + # FIXME: Support code coverage once support is in. + # See https://github.com/rust-lang/rust/issues/34701. + export RUSTFLAGS="--cfg fuzzing -Zsanitizer=${SANITIZER} -Cdebuginfo=1 -Cforce-frame-pointers" + + # Add Rust libfuzzer flags. + # See https://github.com/rust-fuzz/libfuzzer/blob/master/build.rs#L12. + export CUSTOM_LIBFUZZER_PATH="$LIB_FUZZING_ENGINE_DEPRECATED" + export CUSTOM_LIBFUZZER_STD_CXX=c++ + + # Set RUSTC_BOOTSTRAP to get nightly features like sanitizers. + export RUSTC_BOOTSTRAP=1 +else + export CFLAGS="$CFLAGS $SANITIZER_FLAGS $COVERAGE_FLAGS" + export CXXFLAGS="$CFLAGS $CXXFLAGS_EXTRA" +fi echo "CC=$CC" echo "CXX=$CXX" diff --git a/projects/ecc-diff-fuzzer/Dockerfile b/projects/ecc-diff-fuzzer/Dockerfile index 988c637f8..40b519ea4 100644 --- a/projects/ecc-diff-fuzzer/Dockerfile +++ b/projects/ecc-diff-fuzzer/Dockerfile @@ -17,8 +17,6 @@ FROM gcr.io/oss-fuzz-base/base-builder MAINTAINER p.antoine@catenacyber.fr RUN apt-get update && apt-get install -y make cmake bzip2 autoconf automake gettext libtool python nodejs npm -ENV CARGO_HOME=/rust RUSTUP_HOME=/rust/rustup PATH=$PATH:/rust/bin -RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y RUN rustup target add i686-unknown-linux-gnu RUN npm install -g browserify RUN npm install elliptic diff --git a/projects/libra/Dockerfile b/projects/libra/Dockerfile index 61a4a7450..3a2cd4d26 100644 --- a/projects/libra/Dockerfile +++ b/projects/libra/Dockerfile @@ -21,10 +21,6 @@ MAINTAINER davidwg@fb.com # install other tools we might need RUN apt-get update && apt-get install -y cmake curl -# install rust and cargo-fuzz -ENV CARGO_HOME=/rust RUSTUP_HOME=/rust/rustup PATH=$PATH:/rust/bin -RUN curl https://sh.rustup.rs | sh -s -- -y - # get libra RUN git clone --depth 1 https://github.com/libra/libra $SRC/libra WORKDIR $SRC/libra diff --git a/projects/libra/build.sh b/projects/libra/build.sh index c778169e2..c80e5dc8a 100644 --- a/projects/libra/build.sh +++ b/projects/libra/build.sh @@ -56,9 +56,6 @@ export CUSTOM_LIBFUZZER_PATH="$LIB_FUZZING_ENGINE_DEPRECATED" export CUSTOM_LIBFUZZER_STD_CXX=c++ # export CUSTOM_LIBFUZZER_STD_CXX=none -# RUSTC_BOOTSTRAP: to get some nightly features like ASAN -export RUSTC_BOOTSTRAP=1 - # export fuzzing flags RUSTFLAGS="$RUSTFLAGS --cfg fuzzing" # used to change code logic RUSTFLAGS="$RUSTFLAGS -Cdebug-assertions" # to get debug_assert in rust diff --git a/projects/mp4parse-rust/Dockerfile b/projects/mp4parse-rust/Dockerfile index bd1ec8d66..b125761b2 100644 --- a/projects/mp4parse-rust/Dockerfile +++ b/projects/mp4parse-rust/Dockerfile @@ -18,10 +18,6 @@ FROM gcr.io/oss-fuzz-base/base-builder MAINTAINER mgregan@mozilla.com RUN apt-get update && apt-get install -y make autoconf automake libtool curl cmake python llvm-dev libclang-dev clang -ENV CARGO_HOME=/rust RUSTUP_HOME=/rust/rustup PATH=$PATH:/rust/bin -RUN curl https://sh.rustup.rs | sh -s -- -y --default-toolchain=nightly -RUN cargo install cargo-fuzz - RUN git clone --depth 1 https://github.com/mozilla/mp4parse-rust mp4parse-rust WORKDIR mp4parse-rust diff --git a/projects/serde_json/Dockerfile b/projects/serde_json/Dockerfile index c2794085f..2bc753a90 100644 --- a/projects/serde_json/Dockerfile +++ b/projects/serde_json/Dockerfile @@ -17,10 +17,6 @@ FROM gcr.io/oss-fuzz-base/base-builder MAINTAINER david@adalogics.com RUN apt-get update && apt-get install -y make autoconf automake libtool curl cmake python llvm-dev libclang-dev clang -ENV CARGO_HOME=/rust RUSTUP_HOME=/rust/rustup PATH=$PATH:/rust/bin -RUN curl https://sh.rustup.rs | sh -s -- -y --default-toolchain=nightly -RUN cargo install cargo-fuzz - RUN git clone --depth 1 https://github.com/serde-rs/json json WORKDIR $SRC diff --git a/projects/wasmtime/Dockerfile b/projects/wasmtime/Dockerfile index a954d2d56..8057ecd77 100644 --- a/projects/wasmtime/Dockerfile +++ b/projects/wasmtime/Dockerfile @@ -18,10 +18,6 @@ FROM gcr.io/oss-fuzz-base/base-builder MAINTAINER foote@fastly.com RUN apt-get update && apt-get install -y make autoconf automake libtool curl cmake python llvm-dev libclang-dev clang -ENV CARGO_HOME=/rust RUSTUP_HOME=/rust/rustup PATH=$PATH:/rust/bin -RUN curl https://sh.rustup.rs | sh -s -- -y --default-toolchain=nightly -RUN cargo install cargo-fuzz - RUN git clone --depth 1 https://github.com/bytecodealliance/wasmtime wasmtime WORKDIR wasmtime RUN git submodule update --init --recursive