Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
oss-fuzz/infra/base-images/base-libfuzzer
History
Mike Aizatsky 93476cdefe Update README.md 2016-12-05 09:44:57 -08:00
..
Dockerfile [infra] SANITIZER environment variable (#103) 2016-12-02 10:58:51 -08:00
README.md Update README.md 2016-12-05 09:44:57 -08:00
compile [infra] SANITIZER environment variable (#103) 2016-12-02 10:58:51 -08:00
coverage_report folding coverage into base-libfuzzer since target images is where sources are 2016-11-03 20:13:29 -07:00
just_run [infra] use $src, $out and $work in build scripts instead of /src, /out, /work (#88) 2016-11-18 11:16:38 -08:00
reproduce [infra] reproduce command (#53) 2016-10-26 08:28:38 -07:00
run setting path in just_run 2016-11-02 16:33:21 -07:00
srcmap [infra] use $src, $out and $work in build scripts instead of /src, /out, /work (#88) 2016-11-18 11:16:38 -08:00

README.md

base-libfuzzer

Abstract base image for libfuzzer builders.

Every project image supports multiple commands that can be invoked through docker after the image is built:

docker run --rm -ti ossfuzz/$project <command> <arguments...>

Supported Commands

Command Description
compile (default) build all fuzz targets
reproduce <fuzzer_name> <fuzzer_options> build all fuzz targets and run specified one with testcase /testcase and given options.
run <fuzzer_name> <fuzzer_options...> build all fuzz targets and run specified one with given options.
/bin/bash drop into shell, execute compile script to start build.

Examples

  • Reproduce using latest OSS-Fuzz build:

    • 



docker run --rm -ti -v $testcase_file:/testcase ossfuzz/$project reproduce $fuzzer



    

  • 

    Reproduce using local source checkout:
    
  
      docker run --rm -ti -v $local_source_checkout_dir:/src/$project \
                      -v $testcase_file:/testcase ossfuzz/$project reproduce $fuzzer
  
    

    • 



Build Configuration


Build configuration is performed through following environment variables:






Env Variable
Description






$SANITIZER ("address")
Specifies sanitizer configuration to use. address or undefined.




$SANITIZER_FLAGS
Specify compiler sanitizer flags directly. Overrides $SANITIZER.






Examples


    

  • 

    building sqlite3 fuzzer with UBSan (SANITIZER=undefined):
    
 
    • 



docker run --rm -ti -e SANITIZER=undefined ossfuzz/sqlite3



Image Files Layout






Location
Env
Description






/out/
$OUT
Directory to store build artifacts (fuzz targets, dictionaries, options files, seed corpus archives).




/src/
$SRC
Directory to checkout source files




/work/
$WORK
Directory for storing intermediate files




/usr/lib/libfuzzer.a

Location of prebuilt libFuzzer library that needs to be linked into all fuzz targets (-lfuzzer).






While files layout is fixed within a container, $SRC, $OUT, $WORK are
provided to be able to write retargetable scripts.


Compiler Flags


You must use special compiler flags to build your project and fuzz targets.
These flags are provided in following environment variables:






Env Variable
Description






$CC
The C compiler binary.




$CXX, $CCC
The C++ compiler binary.




$CFLAGS
C compiler flags.




$CXXFLAGS
C++ compiler flags.






Most well-crafted build scripts will automatically use these variables. If not,
pass them manually to the build tool.


Child Image Interface


Sources


Child image has to checkout all sources that it needs to compile fuzz targets into
$SRC directory. When the image is executed, a directory could be mounted on top
of these with local checkouts using
docker run -v $HOME/my_project:/src/my_project ....


Other Required Files


Following files have to be added by child images:






File Location
Description






$SRC/build.sh
build script to build the project and its fuzz targets