From 89b7e9c419144464e08dfa467dcd236610cf2a00 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 16 Dec 2016 23:03:39 -0500 Subject: [PATCH] Update build scripts for Botan (#200) Botan's fuzzers now have builtin maximums where necessary, instead of relying on max len option. So the code to generate the .options files goes. Suggested by @kcc in #150 Use corpus for the common formats, seems to help with initial coverage at least. Disables Botan's pool allocator at build time, since it hides things from ASan. The fuzzer driver already tries to disable it at runtime in LLVMFuzzerInitialize, but the Clusterfuzz coverage report indicates that this init function is not ever called, and the pool allocator ends up being used. --- projects/botan/Dockerfile | 1 + projects/botan/build.sh | 19 ++++++------------- 2 files changed, 7 insertions(+), 13 deletions(-) diff --git a/projects/botan/Dockerfile b/projects/botan/Dockerfile index 1ac826903..c59ec7ef0 100644 --- a/projects/botan/Dockerfile +++ b/projects/botan/Dockerfile @@ -18,5 +18,6 @@ FROM ossfuzz/base-libfuzzer MAINTAINER jack@randombit.net RUN apt-get install -y make python RUN git clone --depth 1 https://github.com/randombit/botan.git botan +RUN git clone --depth 1 https://github.com/randombit/crypto-corpus.git crypto-corpus WORKDIR botan COPY build.sh $SRC/ diff --git a/projects/botan/build.sh b/projects/botan/build.sh index 38533f6a2..d1e293a2b 100755 --- a/projects/botan/build.sh +++ b/projects/botan/build.sh @@ -19,25 +19,18 @@ cd $SRC/botan # This assumes $CC is set to either 'clang' or 'gcc' ./configure.py --cc=$CC --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" \ - --unsafe-fuzzer-mode --disable-shared + --unsafe-fuzzer-mode --disable-shared --disable-modules=locking_allocator make -j$(nproc) libbotan-1.11.a jigs=$(find $SRC/botan/src/extra_tests/fuzzers/jigs -name "*.cpp") for fuzzer_src in $jigs; do - fuzzer_name=$(basename $fuzzer_src .cpp) + fuzzer=$(basename $fuzzer_src .cpp) $CXX $CXXFLAGS -DUSE_LLVM_FUZZER -std=c++11 -I$SRC/botan/build/include \ - -o $OUT/$fuzzer_name $fuzzer_src -L$SRC/botan -lbotan-1.11 -lFuzzingEngine + -o $OUT/$fuzzer $fuzzer_src -L$SRC/botan -lbotan-1.11 -lFuzzingEngine - max_len=1024 # default max_len - if [ $fuzzer_name = 'ecc_bp256' ] || [ $fuzzer_name = 'ecc_p256' ] || [ $fuzzer_name = 'redc_p256' ]; then - max_len=64 - elif [ $fuzzer_name = 'ecc_p384' ] || [ $fuzzer_name = 'redc_p384' ]; then - max_len=96 - elif [ $fuzzer_name = 'ecc_p521' ] || [ $fuzzer_name = 'redc_p521' ]; then - max_len=132 + if [ -d "$SRC/crypto-corpus/${fuzzer}" ]; then + zip -j $OUT/${fuzzer}_seed_corpus.zip $SRC/crypto-corpus/${fuzzer}/* fi - - echo -en "[libfuzzer]\nmax_len = $max_len\n" > $OUT/${fuzzer_name}.options - done +