system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-10-06 16:21:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
systemd/tools/oss-fuzz.sh
Evgeny Vereshchagin 81f84a2c0b ci: use CFLite to test forks (including systemd-stable) 
It's like CIFuzz but unlike CIFuzz it's compatible with forks and
it should make it possible to run the fuzzers to make sure that
patches backported to them are backported correctly without introducing
new bugs and regressions.
2022-01-29 18:37:17 +00:00

101 lines
3.2 KiB
Bash
Executable file
Raw Blame History

#!/usr/bin/env bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -ex
export LC_CTYPE=C.UTF-8
export CC=${CC:-clang}
export CXX=${CXX:-clang++}
clang_version="$($CC --version | sed -nr 's/.*version ([^ ]+?) .*/\1/p' | sed -r 's/-$//')"
SANITIZER=${SANITIZER:-address -fsanitize-address-use-after-scope}
flags="-O1 -fno-omit-frame-pointer -g -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=$SANITIZER"
clang_lib="/usr/lib64/clang/${clang_version}/lib/linux"
[ -d "$clang_lib" ] || clang_lib="/usr/lib/clang/${clang_version}/lib/linux"
export CFLAGS=${CFLAGS:-$flags}
export CXXFLAGS=${CXXFLAGS:-$flags}
export LDFLAGS=${LDFLAGS:--L${clang_lib}}
export WORK=${WORK:-$(pwd)}
export OUT=${OUT:-$(pwd)/out}
mkdir -p "$OUT"
build="$WORK/build"
rm -rf "$build"
mkdir -p "$build"
if [ -z "$FUZZING_ENGINE" ]; then
fuzzflag="llvm-fuzz=true"
else
fuzzflag="oss-fuzz=true"
apt-get update
apt-get install -y gperf m4 gettext python3-pip \
libcap-dev libmount-dev libkmod-dev \
pkg-config wget python3-jinja2
# gnu-efi is installed here to enable -Dgnu-efi behind which fuzz-bcd
# is hidden. It isn't linked against efi. It doesn't
# even include "efi.h" because "bcd.c" can work in "unit test" mode
# where it isn't necessary.
apt-get install -y gnu-efi zstd
pip3 install -r .github/workflows/requirements.txt --require-hashes
# https://github.com/google/oss-fuzz/issues/6868
ORIG_PYTHONPATH=$(python3 -c 'import sys;print(":".join(sys.path[1:]))')
export PYTHONPATH="$ORIG_PYTHONPATH:/usr/lib/python3/dist-packages/"
if [[ "$SANITIZER" == undefined ]]; then
additional_ubsan_checks=pointer-overflow,alignment
UBSAN_FLAGS="-fsanitize=$additional_ubsan_checks -fno-sanitize-recover=$additional_ubsan_checks"
CFLAGS="$CFLAGS $UBSAN_FLAGS"
CXXFLAGS="$CXXFLAGS $UBSAN_FLAGS"
fi
fi
if ! meson "$build" "-D$fuzzflag" -Db_lundef=false; then
cat "$build/meson-logs/meson-log.txt"
exit 1
fi
ninja -v -C "$build" fuzzers
# Compressed BCD files are kept in test/test-bcd so let's unpack them
# and put them all in the seed corpus.
bcd=$(mktemp -d)
for i in test/test-bcd/*.zst; do
unzstd "$i" -o "$bcd/$(basename "${i%.zst}")";
done
zip -jqr "$OUT/fuzz-bcd_seed_corpus.zip" "$bcd"
rm -rf "$bcd"
hosts=$(mktemp)
wget -O "$hosts" https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
zip -jq "$OUT/fuzz-etc-hosts_seed_corpus.zip" "$hosts"
rm -rf "$hosts"
# The seed corpus is a separate flat archive for each fuzzer,
# with a fixed name ${fuzzer}_seed_corpus.zip.
for d in test/fuzz/fuzz-*; do
zip -jqr "$OUT/$(basename "$d")_seed_corpus.zip" "$d"
done
# get fuzz-dns-packet corpus
df="$build/dns-fuzzing"
git clone --depth 1 https://github.com/CZ-NIC/dns-fuzzing "$df"
zip -jqr "$OUT/fuzz-dns-packet_seed_corpus.zip" "$df/packet"
install -Dt "$OUT/src/shared/" \
"$build"/src/shared/libsystemd-shared-*.so \
"$build"/src/core/libsystemd-core-*.so
wget -O "$OUT/fuzz-json.dict" https://raw.githubusercontent.com/rc0r/afl-fuzz/master/dictionaries/json.dict
find "$build" -maxdepth 1 -type f -executable -name "fuzz-*" -exec mv {} "$OUT" \;
find src -type f -name "fuzz-*.dict" -exec cp {} "$OUT" \;
cp src/fuzz/*.options "$OUT"
Reference in a new issue View git blame Copy permalink