1#!/bin/bash -eu 2# Copyright 2016 Google Inc. 3# 4# Licensed under the Apache License, Version 2.0 (the "License"); 5# you may not use this file except in compliance with the License. 6# You may obtain a copy of the License at 7# 8# http://www.apache.org/licenses/LICENSE-2.0 9# 10# Unless required by applicable law or agreed to in writing, software 11# distributed under the License is distributed on an "AS IS" BASIS, 12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13# See the License for the specific language governing permissions and 14# limitations under the License. 15# 16################################################################################ 17 18echo "---------------------------------------------------------------" 19 20if [ "$SANITIZER" = "dataflow" ] && [ "$FUZZING_ENGINE" != "dataflow" ]; then 21 echo "ERROR: 'dataflow' sanitizer can be used with 'dataflow' engine only." 22 exit 1 23fi 24 25if [ "$FUZZING_LANGUAGE" = "jvm" ]; then 26 if [ "$FUZZING_ENGINE" != "libfuzzer" ]; then 27 echo "ERROR: JVM projects can be fuzzed with libFuzzer engine only." 28 exit 1 29 fi 30 if [ "$SANITIZER" != "address" ] && [ "$SANITIZER" != "coverage" ] && [ "$SANITIZER" != "undefined" ]; then 31 echo "ERROR: JVM projects can be fuzzed with AddressSanitizer or UndefinedBehaviorSanitizer only." 32 exit 1 33 fi 34 if [ "$ARCHITECTURE" != "x86_64" ]; then 35 echo "ERROR: JVM projects can be fuzzed on x86_64 architecture only." 36 exit 1 37 fi 38fi 39 40if [ "$FUZZING_LANGUAGE" = "python" ]; then 41 if [ "$FUZZING_ENGINE" != "libfuzzer" ]; then 42 echo "ERROR: Python projects can be fuzzed with libFuzzer engine only." 43 exit 1 44 fi 45 if [ "$SANITIZER" != "address" ] && [ "$SANITIZER" != "undefined" ]; then 46 echo "ERROR: Python projects can be fuzzed with AddressSanitizer or UndefinedBehaviorSanitizer only." 47 exit 1 48 fi 49 if [ "$ARCHITECTURE" != "x86_64" ]; then 50 echo "ERROR: Python projects can be fuzzed on x86_64 architecture only." 51 exit 1 52 fi 53fi 54 55if [ -z "${SANITIZER_FLAGS-}" ]; then 56 FLAGS_VAR="SANITIZER_FLAGS_${SANITIZER}" 57 export SANITIZER_FLAGS=${!FLAGS_VAR-} 58fi 59 60if [[ $ARCHITECTURE == "i386" ]]; then 61 export CFLAGS="-m32 $CFLAGS" 62 cp -R /usr/i386/lib/* /usr/local/lib 63fi 64# JVM projects are fuzzed with Jazzer, which has libFuzzer built in. 65if [[ $FUZZING_ENGINE != "none" ]] && [[ $FUZZING_LANGUAGE != "jvm" ]]; then 66 # compile script might override environment, use . to call it. 67 . compile_${FUZZING_ENGINE} 68fi 69 70if [[ $SANITIZER_FLAGS = *sanitize=memory* ]] 71then 72 # Take all libraries from lib/msan and MSAN_LIBS_PATH 73 # export CXXFLAGS_EXTRA="-L/usr/msan/lib $CXXFLAGS_EXTRA" 74 cp -R /usr/msan/lib/* /usr/local/lib/ 75 76 echo 'Building without MSan instrumented libraries.' 77fi 78 79# Coverage flag overrides. 80COVERAGE_FLAGS_VAR="COVERAGE_FLAGS_${SANITIZER}" 81if [[ -n ${!COVERAGE_FLAGS_VAR+x} ]] 82then 83 export COVERAGE_FLAGS="${!COVERAGE_FLAGS_VAR}" 84fi 85 86 # Don't need coverage instrumentation for engine-less, afl++ builds. 87if [ $FUZZING_ENGINE = "none" ] || [ $FUZZING_ENGINE = "afl" ]; then 88 export COVERAGE_FLAGS= 89fi 90 91# Rust does not support sanitizers and coverage flags via CFLAGS/CXXFLAGS, so 92# use RUSTFLAGS. 93# FIXME: Support code coverage once support is in. 94# See https://github.com/rust-lang/rust/issues/34701. 95if [ "$SANITIZER" != "undefined" ] && [ "$SANITIZER" != "coverage" ] && [ "$ARCHITECTURE" != 'i386' ]; then 96 export RUSTFLAGS="--cfg fuzzing -Zsanitizer=${SANITIZER} -Cdebuginfo=1 -Cforce-frame-pointers" 97else 98 export RUSTFLAGS="--cfg fuzzing -Cdebuginfo=1 -Cforce-frame-pointers" 99fi 100if [ "$SANITIZER" = "coverage" ] 101then 102 # link to C++ from comment in f5098035eb1a14aa966c8651d88ea3d64323823d 103 export RUSTFLAGS="$RUSTFLAGS -Zinstrument-coverage -C link-arg=-lc++" 104fi 105 106# Add Rust libfuzzer flags. 107# See https://github.com/rust-fuzz/libfuzzer/blob/master/build.rs#L12. 108export CUSTOM_LIBFUZZER_PATH="$LIB_FUZZING_ENGINE_DEPRECATED" 109export CUSTOM_LIBFUZZER_STD_CXX=c++ 110 111export CFLAGS="$CFLAGS $SANITIZER_FLAGS $COVERAGE_FLAGS" 112export CXXFLAGS="$CFLAGS $CXXFLAGS_EXTRA" 113 114if [ "$FUZZING_LANGUAGE" = "python" ]; then 115 sanitizer_with_fuzzer_lib_dir=`python3 -c "import atheris; import os; print(atheris.path())"` 116 sanitizer_with_fuzzer_output_lib=$OUT/sanitizer_with_fuzzer.so 117 if [ "$SANITIZER" = "address" ]; then 118 cp $sanitizer_with_fuzzer_lib_dir/asan_with_fuzzer.so $sanitizer_with_fuzzer_output_lib 119 elif [ "$SANITIZER" = "undefined" ]; then 120 cp $sanitizer_with_fuzzer_lib_dir/ubsan_with_fuzzer.so $sanitizer_with_fuzzer_output_lib 121 fi 122 123 # Disable leak checking as it is unsupported. 124 export CFLAGS="$CFLAGS -fno-sanitize=function,leak,vptr," 125 export CXXFLAGS="$CXXFLAGS -fno-sanitize=function,leak,vptr" 126fi 127 128# Copy latest llvm-symbolizer in $OUT for stack symbolization. 129cp $(which llvm-symbolizer) $OUT/ 130 131# Copy Jazzer to $OUT if needed. 132if [ "$FUZZING_LANGUAGE" = "jvm" ]; then 133 cp $(which jazzer_agent_deploy.jar) $(which jazzer_driver) $OUT/ 134 jazzer_driver_with_sanitizer=$OUT/jazzer_driver_with_sanitizer 135 if [ "$SANITIZER" = "address" ]; then 136 cp $(which jazzer_driver_asan) $jazzer_driver_with_sanitizer 137 elif [ "$SANITIZER" = "undefined" ]; then 138 cp $(which jazzer_driver_ubsan) $jazzer_driver_with_sanitizer 139 elif [ "$SANITIZER" = "coverage" ]; then 140 # Coverage builds require no instrumentation. 141 cp $(which jazzer_driver) $jazzer_driver_with_sanitizer 142 fi 143 144 # Disable leak checking since the JVM triggers too many false positives. 145 export CFLAGS="$CFLAGS -fno-sanitize=leak" 146 export CXXFLAGS="$CXXFLAGS -fno-sanitize=leak" 147fi 148 149echo "---------------------------------------------------------------" 150echo "CC=$CC" 151echo "CXX=$CXX" 152echo "CFLAGS=$CFLAGS" 153echo "CXXFLAGS=$CXXFLAGS" 154echo "RUSTFLAGS=$RUSTFLAGS" 155echo "---------------------------------------------------------------" 156 157BUILD_CMD="bash -eux $SRC/build.sh" 158 159# Set +u temporarily to continue even if GOPATH and OSSFUZZ_RUSTPATH are undefined. 160set +u 161# We need to preserve source code files for generating a code coverage report. 162# We need exact files that were compiled, so copy both $SRC and $WORK dirs. 163COPY_SOURCES_CMD="cp -rL --parents $SRC $WORK /usr/include /usr/local/include $GOPATH $OSSFUZZ_RUSTPATH /rustc $OUT" 164set -u 165 166if [ "$FUZZING_LANGUAGE" = "rust" ]; then 167 # Copy rust std lib to its path with a hash. 168 export rustch=`rustc --version --verbose | grep commit-hash | cut -d' ' -f2` 169 mkdir -p /rustc/$rustch/ 170 cp -r /rust/rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/ /rustc/$rustch/ 171fi 172 173if [ "${BUILD_UID-0}" -ne "0" ]; then 174 adduser -u $BUILD_UID --disabled-password --gecos '' builder 175 chown -R builder $SRC $OUT $WORK 176 su -c "$BUILD_CMD" builder 177 if [ "$SANITIZER" = "coverage" ]; then 178 # Some directories have broken symlinks (e.g. honggfuzz), ignore the errors. 179 su -c "$COPY_SOURCES_CMD" builder 2>/dev/null || true 180 fi 181else 182 $BUILD_CMD 183 if [ "$SANITIZER" = "coverage" ]; then 184 # Some directories have broken symlinks (e.g. honggfuzz), ignore the errors. 185 $COPY_SOURCES_CMD 2>/dev/null || true 186 fi 187fi 188 189if [[ "$FUZZING_ENGINE" = "dataflow" ]]; then 190 # Remove seed corpus as it can be huge but is not needed for a dataflow build. 191 rm -f $OUT/*.zip 192fi 193