• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/bash -eu
2# Copyright 2016 Google Inc.
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8#      http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16################################################################################
17
18echo "---------------------------------------------------------------"
19
20if [ "$SANITIZER" = "dataflow" ] && [ "$FUZZING_ENGINE" != "dataflow" ]; then
21  echo "ERROR: 'dataflow' sanitizer can be used with 'dataflow' engine only."
22  exit 1
23fi
24
25if [ "$FUZZING_LANGUAGE" = "jvm" ]; then
26  if [ "$FUZZING_ENGINE" != "libfuzzer" ]; then
27    echo "ERROR: JVM projects can be fuzzed with libFuzzer engine only."
28    exit 1
29  fi
30  if [ "$SANITIZER" != "address" ] && [ "$SANITIZER" != "coverage" ] && [ "$SANITIZER" != "undefined" ]; then
31    echo "ERROR: JVM projects can be fuzzed with AddressSanitizer or UndefinedBehaviorSanitizer only."
32    exit 1
33  fi
34  if [ "$ARCHITECTURE" != "x86_64" ]; then
35    echo "ERROR: JVM projects can be fuzzed on x86_64 architecture only."
36    exit 1
37  fi
38fi
39
40if [ "$FUZZING_LANGUAGE" = "python" ]; then
41  if [ "$FUZZING_ENGINE" != "libfuzzer" ]; then
42    echo "ERROR: Python projects can be fuzzed with libFuzzer engine only."
43    exit 1
44  fi
45  if [ "$SANITIZER" != "address" ] && [ "$SANITIZER" != "undefined" ]; then
46    echo "ERROR: Python projects can be fuzzed with AddressSanitizer or UndefinedBehaviorSanitizer only."
47    exit 1
48  fi
49  if [ "$ARCHITECTURE" != "x86_64" ]; then
50    echo "ERROR: Python projects can be fuzzed on x86_64 architecture only."
51    exit 1
52  fi
53fi
54
55if [ -z "${SANITIZER_FLAGS-}" ]; then
56  FLAGS_VAR="SANITIZER_FLAGS_${SANITIZER}"
57  export SANITIZER_FLAGS=${!FLAGS_VAR-}
58fi
59
60if [[ $ARCHITECTURE == "i386" ]]; then
61    export CFLAGS="-m32 $CFLAGS"
62    cp -R /usr/i386/lib/* /usr/local/lib
63fi
64# JVM projects are fuzzed with Jazzer, which has libFuzzer built in.
65if [[ $FUZZING_ENGINE != "none" ]] && [[ $FUZZING_LANGUAGE != "jvm" ]]; then
66  # compile script might override environment, use . to call it.
67  . compile_${FUZZING_ENGINE}
68fi
69
70if [[ $SANITIZER_FLAGS = *sanitize=memory* ]]
71then
72  # Take all libraries from lib/msan and MSAN_LIBS_PATH
73  # export CXXFLAGS_EXTRA="-L/usr/msan/lib $CXXFLAGS_EXTRA"
74  cp -R /usr/msan/lib/* /usr/local/lib/
75
76  echo 'Building without MSan instrumented libraries.'
77fi
78
79# Coverage flag overrides.
80COVERAGE_FLAGS_VAR="COVERAGE_FLAGS_${SANITIZER}"
81if [[ -n ${!COVERAGE_FLAGS_VAR+x} ]]
82then
83  export COVERAGE_FLAGS="${!COVERAGE_FLAGS_VAR}"
84fi
85
86 # Don't need coverage instrumentation for engine-less, afl++ builds.
87if [ $FUZZING_ENGINE = "none" ] || [ $FUZZING_ENGINE = "afl" ]; then
88  export COVERAGE_FLAGS=
89fi
90
91# Rust does not support sanitizers and coverage flags via CFLAGS/CXXFLAGS, so
92# use RUSTFLAGS.
93# FIXME: Support code coverage once support is in.
94# See https://github.com/rust-lang/rust/issues/34701.
95if [ "$SANITIZER" != "undefined" ] && [ "$SANITIZER" != "coverage" ] && [ "$ARCHITECTURE" != 'i386' ]; then
96  export RUSTFLAGS="--cfg fuzzing -Zsanitizer=${SANITIZER} -Cdebuginfo=1 -Cforce-frame-pointers"
97else
98  export RUSTFLAGS="--cfg fuzzing -Cdebuginfo=1 -Cforce-frame-pointers"
99fi
100if [ "$SANITIZER" = "coverage" ]
101then
102    # link to C++ from comment in f5098035eb1a14aa966c8651d88ea3d64323823d
103    export RUSTFLAGS="$RUSTFLAGS -Zinstrument-coverage -C link-arg=-lc++"
104fi
105
106# Add Rust libfuzzer flags.
107# See https://github.com/rust-fuzz/libfuzzer/blob/master/build.rs#L12.
108export CUSTOM_LIBFUZZER_PATH="$LIB_FUZZING_ENGINE_DEPRECATED"
109export CUSTOM_LIBFUZZER_STD_CXX=c++
110
111export CFLAGS="$CFLAGS $SANITIZER_FLAGS $COVERAGE_FLAGS"
112export CXXFLAGS="$CFLAGS $CXXFLAGS_EXTRA"
113
114if [ "$FUZZING_LANGUAGE" = "python" ]; then
115  sanitizer_with_fuzzer_lib_dir=`python3 -c "import atheris; import os; print(atheris.path())"`
116  sanitizer_with_fuzzer_output_lib=$OUT/sanitizer_with_fuzzer.so
117  if [ "$SANITIZER" = "address" ]; then
118    cp $sanitizer_with_fuzzer_lib_dir/asan_with_fuzzer.so $sanitizer_with_fuzzer_output_lib
119  elif [ "$SANITIZER" = "undefined" ]; then
120    cp $sanitizer_with_fuzzer_lib_dir/ubsan_with_fuzzer.so $sanitizer_with_fuzzer_output_lib
121  fi
122
123  # Disable leak checking as it is unsupported.
124  export CFLAGS="$CFLAGS -fno-sanitize=function,leak,vptr,"
125  export CXXFLAGS="$CXXFLAGS -fno-sanitize=function,leak,vptr"
126fi
127
128# Copy latest llvm-symbolizer in $OUT for stack symbolization.
129cp $(which llvm-symbolizer) $OUT/
130
131# Copy Jazzer to $OUT if needed.
132if [ "$FUZZING_LANGUAGE" = "jvm" ]; then
133  cp $(which jazzer_agent_deploy.jar) $(which jazzer_driver) $OUT/
134  jazzer_driver_with_sanitizer=$OUT/jazzer_driver_with_sanitizer
135  if [ "$SANITIZER" = "address" ]; then
136    cp $(which jazzer_driver_asan) $jazzer_driver_with_sanitizer
137  elif [ "$SANITIZER" = "undefined" ]; then
138    cp $(which jazzer_driver_ubsan) $jazzer_driver_with_sanitizer
139  elif [ "$SANITIZER" = "coverage" ]; then
140    # Coverage builds require no instrumentation.
141    cp $(which jazzer_driver) $jazzer_driver_with_sanitizer
142  fi
143
144  # Disable leak checking since the JVM triggers too many false positives.
145  export CFLAGS="$CFLAGS -fno-sanitize=leak"
146  export CXXFLAGS="$CXXFLAGS -fno-sanitize=leak"
147fi
148
149echo "---------------------------------------------------------------"
150echo "CC=$CC"
151echo "CXX=$CXX"
152echo "CFLAGS=$CFLAGS"
153echo "CXXFLAGS=$CXXFLAGS"
154echo "RUSTFLAGS=$RUSTFLAGS"
155echo "---------------------------------------------------------------"
156
157BUILD_CMD="bash -eux $SRC/build.sh"
158
159# Set +u temporarily to continue even if GOPATH and OSSFUZZ_RUSTPATH are undefined.
160set +u
161# We need to preserve source code files for generating a code coverage report.
162# We need exact files that were compiled, so copy both $SRC and $WORK dirs.
163COPY_SOURCES_CMD="cp -rL --parents $SRC $WORK /usr/include /usr/local/include $GOPATH $OSSFUZZ_RUSTPATH /rustc $OUT"
164set -u
165
166if [ "$FUZZING_LANGUAGE" = "rust" ]; then
167  # Copy rust std lib to its path with a hash.
168  export rustch=`rustc --version --verbose | grep commit-hash | cut -d' ' -f2`
169  mkdir -p /rustc/$rustch/
170  cp -r /rust/rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/ /rustc/$rustch/
171fi
172
173if [ "${BUILD_UID-0}" -ne "0" ]; then
174  adduser -u $BUILD_UID --disabled-password --gecos '' builder
175  chown -R builder $SRC $OUT $WORK
176  su -c "$BUILD_CMD" builder
177  if [ "$SANITIZER" = "coverage" ]; then
178    # Some directories have broken symlinks (e.g. honggfuzz), ignore the errors.
179    su -c "$COPY_SOURCES_CMD" builder 2>/dev/null || true
180  fi
181else
182  $BUILD_CMD
183  if [ "$SANITIZER" = "coverage" ]; then
184    # Some directories have broken symlinks (e.g. honggfuzz), ignore the errors.
185    $COPY_SOURCES_CMD 2>/dev/null || true
186  fi
187fi
188
189if [[ "$FUZZING_ENGINE" = "dataflow" ]]; then
190  # Remove seed corpus as it can be huge but is not needed for a dataflow build.
191  rm -f $OUT/*.zip
192fi
193