ClamAV recently removed autotools generated materials (configure,
Makefile.in, etc) from the git repo. This commit adds tools and calls
necessary to generate those files if autogen.sh is present.
Flex & Bison are needed to generate source files for yara syntax
support. While the generated source are currently in the clamav-devel
repo, the build system sometimes thinks the files must be regenerated.
In the future, these and the autotools generated files will be removed
from the clamav-devel repo and will need to be generated for every
build.
We're also planning to add CMake tooling (still a work in progress).
Once the generated files are removed, we'll either have ot build the
fuzz targets with CMake or bring in autoconf, automake, m4, libtool, and
pkg-config to generate the files in build.sh. At that time, we should
also update build.sh to build the dependencies statically, many of which
are missing at present meaning we're not getting great code coverage.
We'll also want to load a small signature set to improve code coverage
for the fuzz targets.
ClamAV's mempool feature uses mmap to improve performance for some
memory allocations. As currently implemented, on systems that support
mmap's MAP_ANONYMOUS flag, fmaps are backed by mmap'd memory.
Valgrind and ASan can't track mmap-backed memory, though, so it's more
difficult to track down fmap-related memory errors.
The changes in this commit to clamav's build script should disable mmap
usage, and hopefully allow oss-fuzz to catch more bugs.
Build script improvements to use the WORK dir, rather than polluting the SRC dir, and to use make in the clamav-devel/fuzz directory rather than building source files manually.
Micah Snyder