Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
oss-fuzz/infra/base-images/base-builder
History
Max Moroz 6a6163110a [infra] Add another coverage build using Clang Source-based Code Coverage. (#804) 
* [infra] Add another coverage build using Clang Source-based Code Coverage.

* [infra] Remove redundant compile_coverage script.
 		2017-08-31 13:43:06 -07:00
..
Dockerfile [infra] Add another coverage build using Clang Source-based Code Coverage. (#804) 2017-08-31 13:43:06 -07:00
README.md More ossfuzz/IMAGE -> gcr.io/oss-fuzz/IMAGE. 2017-03-15 19:11:01 -07:00
compile Create a separate coverage build. 2017-05-08 11:17:27 -07:00
compile_afl [infra] Add another coverage build using Clang Source-based Code Coverage. (#804) 2017-08-31 13:43:06 -07:00
compile_honggfuzz Practically revert 182f607f9b as it will force CC compiler for CXX in honggfuzz (#658) 2017-06-07 12:52:46 -07:00
compile_libfuzzer Enable UBSan without vptr for ffmpeg, disable vptr for libFuzzer. (#404) 2017-02-17 23:13:50 -08:00
coverage_report [infra] renaming images: base->base-image, base-libfuzzer->base-builder 2016-12-29 13:39:41 -08:00
srcmap [infra] using str comparison 2017-03-10 16:11:34 -08:00

README.md

base-builder

Abstract base image for libfuzzer builders.

Every project image supports multiple commands that can be invoked through docker after the image is built:

docker run --rm -ti gcr.io/oss-fuzz/$project <command> <arguments...>

Supported Commands

Command Description
compile (default) build all fuzz targets
/bin/bash drop into shell, execute compile script to start build.

Build Configuration

A single build image can build same set of fuzzers in many configurations. The configuration is picked through one or more environment variables.

Env Variable Description
$SANITIZER ("address") Specifies predefined sanitizer configuration to use. address or memory or undefined.
$SANITIZER_FLAGS Specify compiler sanitizer flags directly. Overrides $SANITIZER.
$COVERAGE_FLAGS Specify compiler flags to use for fuzzer feedback coverage.
$BUILD_UID User id to use while building fuzzers.

Examples

  • building sqlite3 fuzzer with UBSan (SANITIZER=undefined):

    • 



docker run --rm -ti -e SANITIZER=undefined gcr.io/oss-fuzz/sqlite3



Image Files Layout






Location
Env
Description






/out/
$OUT
Directory to store build artifacts (fuzz targets, dictionaries, options files, seed corpus archives).




/src/
$SRC
Directory to checkout source files




/work/
$WORK
Directory for storing intermediate files




/usr/lib/libFuzzingEngine.a
$LIB_FUZZING_ENGINE
Location of prebuilt fuzzing engine library (e.g. libFuzzer ) that needs to be linked with all fuzz targets (-lFuzzingEngine).






While files layout is fixed within a container, the environment variables are
provided to be able to write retargetable scripts.


Compiler Flags


You must use special compiler flags to build your project and fuzz targets.
These flags are provided in following environment variables:






Env Variable
Description






$CC
The C compiler binary.




$CXX, $CCC
The C++ compiler binary.




$CFLAGS
C compiler flags.




$CXXFLAGS
C++ compiler flags.






Most well-crafted build scripts will automatically use these variables. If not,
pass them manually to the build tool.


Child Image Interface


Sources


Child image has to checkout all sources that it needs to compile fuzz targets into
$SRC directory. When the image is executed, a directory could be mounted on top
of these with local checkouts using
docker run -v $HOME/my_project:/src/my_project ....


Other Required Files


Following files have to be added by child images:






File Location
Description






$SRC/build.sh
build script to build the project and its fuzz targets