Change LIB_FUZZING_ENGINE to -fsanitize=fuzzer in libFuzzer builds (#2312)

2019-04-15 10:05:02 -07:00 · 2019-04-15 10:05:02 -07:00 · ae9398deef
parent 8b34fd89d2
commit ae9398deef
8 changed files with 28 additions and 10 deletions
--- a/docs/new_project_guide.md
+++ b/docs/new_project_guide.md
@ -143,7 +143,7 @@ In general, this script will need to:

 1. Please don't assume that the fuzzing engine is libFuzzer and hardcode in your build scripts.
 We generate builds for both libFuzzer and AFL fuzzing engine configurations.
-So, link the fuzzing engine using `-lFuzzingEngine`, see example below.
+So, link the fuzzing engine using $LIB_FUZZING_ENGINE, see example below.
 2. Please make sure that the binary names for your [fuzz targets](glossary.md#fuzz-target) contain only
 alphanumeric characters, underscore(_) or dash(-). Otherwise, they won't run on our infrastructure.

@ -161,7 +161,7 @@ make -j$(nproc) all

 $CXX $CXXFLAGS -std=c++11 -Ilib/ \
    $SRC/parse_fuzzer.cc -o $OUT/parse_fuzzer \
-    -lFuzzingEngine .libs/libexpat.a
+    $LIB_FUZZING_ENGINE .libs/libexpat.a

 cp $SRC/*.dict $SRC/*.options $OUT/
 ```
@ -175,7 +175,6 @@ When build.sh script is executed, the following locations are available within t
 | `/out/` | `$OUT`         | Directory to store build artifacts (fuzz targets, dictionaries, options files, seed corpus archives). |
 | `/src/` | `$SRC`         | Directory to checkout source files |
 | `/work/`| `$WORK`        | Directory for storing intermediate files |
-| `/usr/lib/libFuzzingEngine.a` | `$LIB_FUZZING_ENGINE` | Location of prebuilt fuzzing engine library (e.g. libFuzzer ) that needs to be linked with all fuzz targets (`-lFuzzingEngine`).

 While files layout is fixed within a container, the environment variables are
 provided to be able to write retargetable scripts.
@ -191,6 +190,7 @@ These flags are provided in the following environment variables:
 | -------------          | --------
 | `$CC`, `$CXX`, `$CCC`  | The C and C++ compiler binaries.
 | `$CFLAGS`, `$CXXFLAGS` | C and C++ compiler flags.
+| `$LIB_FUZZING_ENGINE`  | C++ compiler argument to link fuzz target against the prebuilt engine library (e.g. libFuzzer).

 You *must* use `$CXX` as a linker, even if your project is written in pure C.

--- a/infra/base-images/base-builder/Dockerfile
+++ b/infra/base-images/base-builder/Dockerfile
@ -46,7 +46,14 @@ ENV COVERAGE_FLAGS_coverage "-fprofile-instr-generate -fcoverage-mapping -pthrea
 ENV SANITIZER="address"
 ENV FUZZING_ENGINE="libfuzzer"

-# Path to fuzzing engine library.
+# DEPRECATED - NEW CODE SHOULD NOT USE THIS. OLD CODE SHOULD STOP. Please use
+# LIB_FUZZING_ENGINE instead.
+# Path to fuzzing engine library to support some old users of
+# LIB_FUZZING_ENGINE.
+ENV LIB_FUZZING_ENGINE_DEPRECATED="/usr/lib/libFuzzingEngine.a"
+
+# Argument passed to compiler to link against fuzzing engine.
+# Defaults to the path, but is "-fsanitize=fuzzer" in libFuzzer builds.
 ENV LIB_FUZZING_ENGINE="/usr/lib/libFuzzingEngine.a"

 # TODO: remove after tpm2 catchup.
--- a/infra/base-images/base-builder/compile_libfuzzer
+++ b/infra/base-images/base-builder/compile_libfuzzer
@ -22,7 +22,10 @@ pushd $WORK/libfuzzer > /dev/null
 # Use -fPIC to allow preloading (LD_PRELOAD).
 $CXX $CXXFLAGS -std=c++11 -O2 -fPIC $SANITIZER_FLAGS -fno-sanitize=vptr \
    -c $SRC/libfuzzer/*.cpp -I$SRC/libfuzzer
-ar r $LIB_FUZZING_ENGINE $WORK/libfuzzer/*.o
+ar r $LIB_FUZZING_ENGINE_DEPRECATED $WORK/libfuzzer/*.o
 popd > /dev/null
 rm -rf $WORK/libfuzzer
+# Override variable as libFuzzer builds do not link directly against an
+# engine library, but use -fsanitize=fuzzer to instruct clang to do so.
+export LIB_FUZZING_ENGINE="-fsanitize=fuzzer"
 echo " done."
--- a/projects/irssi/build.sh
+++ b/projects/irssi/build.sh
@ -18,8 +18,10 @@
 # configure script needs leak checking disabled to not fail
 export ASAN_OPTIONS=detect_leaks=0
 ./autogen.sh
+# TODO: Stop using LIB_FUZZING_ENGINE_DEPRECATED and make this build use
+# LIB_FUZZING_ENGINE (see https://github.com/google/oss-fuzz/issues/2317).
 ./configure --with-perl=no --disable-shared --without-textui --with-fuzzer \
-	--with-fuzzer-lib=$LIB_FUZZING_ENGINE \
+	--with-fuzzer-lib=$LIB_FUZZING_ENGINE_DEPRECATED \
 	CC=$CC CXX=$CXX PKG_CONFIG="pkg-config --static"
 make clean
 make "-j$(nproc)" CFLAGS="-static -DSUPPRESS_PRINTF_FALLBACK $CFLAGS" CXXFLAGS="-static $CXXFLAGS"
--- a/projects/librawspeed/build.sh
+++ b/projects/librawspeed/build.sh
@ -26,13 +26,15 @@ cd "$WORK"
 mkdir build
 cd build

+# TODO: Stop using LIB_FUZZING_ENGINE_DEPRECATED and make this build use
+# LIB_FUZZING_ENGINE (see https://github.com/google/oss-fuzz/issues/2317).
 cmake \
  -G"Unix Makefiles" -DBINARY_PACKAGE_BUILD=ON \
  -DWITH_PTHREADS=OFF -DWITH_OPENMP=OFF \
  -DWITH_PUGIXML=OFF -DUSE_XMLLINT=OFF -DWITH_JPEG=OFF -DWITH_ZLIB=OFF \
  -DBUILD_TESTING=OFF -DBUILD_TOOLS=OFF -DBUILD_BENCHMARKING=OFF \
  -DCMAKE_BUILD_TYPE=FUZZ -DBUILD_FUZZERS=ON \
-  -DLIB_FUZZING_ENGINE:FILEPATH="$LIB_FUZZING_ENGINE" \
+  -DLIB_FUZZING_ENGINE:FILEPATH="$LIB_FUZZING_ENGINE_DEPRECATED" \
  -DCMAKE_INSTALL_PREFIX:PATH="$OUT" -DCMAKE_INSTALL_BINDIR:PATH="$OUT" \
  "$SRC/librawspeed/"

--- a/projects/llvm/Dockerfile
+++ b/projects/llvm/Dockerfile
@ -22,7 +22,7 @@ RUN apt-get install -y autoconf automake libtool curl make g++ unzip wget git \
    pkg-config

 # Get LLVM
-RUN svn co http://llvm.org/svn/llvm-project/llvm/trunk llvm > svn.log 2>&1 
+RUN svn co http://llvm.org/svn/llvm-project/llvm/trunk llvm > svn.log 2>&1
 RUN cd llvm/tools && svn co http://llvm.org/svn/llvm-project/cfe/trunk clang -r $(cd ../ && svn info | grep Revision | awk '{print $2}') >> svn.log 2>&1 
 RUN cd llvm/projects && svn co http://llvm.org/svn/llvm-project/compiler-rt/trunk compiler-rt -r $(cd ../ && svn info | grep Revision | awk '{print $2}')  >> svn.log 2>&1 
 RUN cd llvm/tools/clang/tools && svn co http://llvm.org/svn/llvm-project/clang-tools-extra/trunk extra -r $(cd ../ && svn info | grep Revision | awk '{print $2}')  >> svn.log 2>&1
--- a/projects/llvm/build.sh
+++ b/projects/llvm/build.sh
@ -36,13 +36,15 @@ esac

 mkdir build
 cd build
+# TODO: Stop using LIB_FUZZING_ENGINE_DEPRECATED and make this build use
+# LIB_FUZZING_ENGINE (see https://github.com/google/oss-fuzz/issues/2317).
 cmake -GNinja -DCMAKE_BUILD_TYPE=Release ../llvm \
    -DLLVM_ENABLE_ASSERTIONS=ON \
    -DCMAKE_C_COMPILER="${CC}" \
    -DCMAKE_CXX_COMPILER="${CXX}" \
    -DCMAKE_C_FLAGS="${CFLAGS}" \
    -DCMAKE_CXX_FLAGS="${CXXFLAGS}" \
-    -DLLVM_LIB_FUZZING_ENGINE="${LIB_FUZZING_ENGINE}" \
+    -DLLVM_LIB_FUZZING_ENGINE="${LIB_FUZZING_ENGINE_DEPRECATED}" \
    -DLLVM_NO_DEAD_STRIP=ON \
    -DLLVM_USE_SANITIZER="${LLVM_SANITIZER}" \
    -DLLVM_EXPERIMENTAL_TARGETS_TO_BUILD=WebAssembly
--- a/projects/strongswan/build.sh
+++ b/projects/strongswan/build.sh
@ -17,11 +17,13 @@

 ./autogen.sh

+# TODO: Stop using LIB_FUZZING_ENGINE_DEPRECATED and make this build use
+# LIB_FUZZING_ENGINE (see https://github.com/google/oss-fuzz/issues/2317).
 ./configure CFLAGS="$CFLAGS -DNO_CHECK_MEMWIPE" \
 	--enable-imc-test \
 	--enable-tnccs-20 \
 	--enable-fuzzing \
-	--with-libfuzzer=$LIB_FUZZING_ENGINE \
+	--with-libfuzzer=$LIB_FUZZING_ENGINE_DEPRECATED \
 	--enable-monolithic \
 	--disable-shared \
 	--enable-static