Due to upstream changes, the Git fuzzers must now link against
common-main.o; however, this breaks the build in two ways:
1) Linking with common-main.o causes main() to have multiple
definitions, one in common-main.o and one from the fuzzing engine.
2) To avoid #1, the Git Makefile specifically excludes common-main.o
from the fuzzer build rule.
To work around these issues, we can override FUZZ_CXXFLAGS (add
"-Wl,--allow-multiple-definition" to fix#1) and LIB_FUZZING_ENGINE (add
"common-main.o" to fix#2).
Once we can get a Makefile fix into Git's upstream, we can remove the
override for LIB_FUZZING_ENGINE.
However, this change causes `check_build` to fail for honggfuzz, and we
have not yet been able to diagnose the reason. So for now, we also need
to limit our engines to afl and libfuzzer.
The oss-fuzz git ASAN build fails due to a leak inside git iself:
the build script builds a copy of git, and then uses that binary to
prepare the corpus - although the git invocation itself succeeds,
ASAN causes the script to fail due to the leak:
https://oss-fuzz-build-logs.storage.googleapis.com/log-2eee2921-1b3f-4dd8-a902-50474e8fed55.txt
This was reproduced locally using:
$ python infra/helper.py build_fuzzers --sanitizer address git
Disabling leak checking for all invocations of git in the script
is enough to avoid this failure, thus fixing the build.
The leak itself is being fixed in git in the following commit (which
is now in next, hence the build should be fixed by now):
https://git.kernel.org/pub/scm/git/git.git/commit/?id=bf4bb9f9f5130a7b299f7810fb87a40cdd1bd8ee
However, I still believe we should be disabling leak checking during
the build script in this way because:
1. This issue persisted for close to one month before being fixed,
and blocking oss-fuzz runs on a leak during the build process
for that long seems counter-productive.
2. An alternative would be to use a pre-built copy of git to build
the corpus (thus sidestepping ASAN in the first place), but IMHO
installing git via the Dockerfile seems more wasteful AND it's
unclear if that would have side effects (I'm not sure if the
commit-graph format changes between versions).
steadmon