• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/bash -eu
2# Copyright 2021 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8#      http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16################################################################################
17
18$SRC/build_cryptofuzz.sh
19
20cd $SRC/bitcoin-core/
21
22# Build dependencies
23# This will also force static builds
24if [ "$ARCHITECTURE" = "i386" ]; then
25  export BUILD_TRIPLET="i686-pc-linux-gnu"
26else
27  export BUILD_TRIPLET="x86_64-pc-linux-gnu"
28fi
29(
30  cd depends
31  sed -i --regexp-extended '/.*rm -rf .*extract_dir.*/d' ./funcs.mk  # Keep extracted source
32  make HOST=$BUILD_TRIPLET DEBUG=1 NO_QT=1 NO_WALLET=1 NO_ZMQ=1 NO_UPNP=1 NO_NATPMP=1 boost_cxxflags="-std=c++17 -fvisibility=hidden -fPIC ${CXXFLAGS}" libevent_cflags="${CFLAGS}" -j$(nproc)
33)
34
35# Build the fuzz targets
36
37sed -i "s|PROVIDE_FUZZ_MAIN_FUNCTION|NEVER_PROVIDE_MAIN_FOR_OSS_FUZZ|g" "./configure.ac"
38./autogen.sh
39
40# Temporarily compile with O2 to work around clang-13 (and later) UBSan
41# -fsanitize=vptr,object-size false positive that only happens with -O1
42if [ "$SANITIZER" = "undefined" ]; then
43  export CFLAGS="$CFLAGS -O2"
44  export CXXFLAGS="$CXXFLAGS -O2"
45fi
46
47# OSS-Fuzz will provide CC, CXX, etc. So only set:
48# * --enable-fuzz, see https://github.com/bitcoin/bitcoin/blob/master/doc/fuzzing.md
49# * CONFIG_SITE, see https://github.com/bitcoin/bitcoin/blob/master/depends/README.md
50if [ "$SANITIZER" = "memory" ]; then
51  CONFIG_SITE="$PWD/depends/$BUILD_TRIPLET/share/config.site" ./configure --enable-fuzz SANITIZER_LDFLAGS="$LIB_FUZZING_ENGINE" --with-asm=no
52else
53  CONFIG_SITE="$PWD/depends/$BUILD_TRIPLET/share/config.site" ./configure --enable-fuzz SANITIZER_LDFLAGS="$LIB_FUZZING_ENGINE"
54fi
55
56
57if [ "$SANITIZER" = "memory" ]; then
58  # MemorySanitizer (MSAN) does not support tracking memory initialization done by
59  # using the Linux getrandom syscall. Avoid using getrandom by undefining
60  # HAVE_SYS_GETRANDOM. See https://github.com/google/sanitizers/issues/852 for
61  # details.
62  grep -v HAVE_SYS_GETRANDOM src/config/bitcoin-config.h > src/config/bitcoin-config.h.tmp
63  mv src/config/bitcoin-config.h.tmp src/config/bitcoin-config.h
64fi
65
66make -j$(nproc)
67
68WRITE_ALL_FUZZ_TARGETS_AND_ABORT="/tmp/a" "./src/test/fuzz/fuzz" || true
69readarray FUZZ_TARGETS < "/tmp/a"
70if [ -n "${OSS_FUZZ_CI-}" ]; then
71  # When running in CI, check the first targets only to save time and disk space
72  FUZZ_TARGETS=( ${FUZZ_TARGETS[@]:0:2} )
73fi
74
75# OSS-Fuzz requires a separate and self-contained binary for each fuzz target.
76# To inject the fuzz target name in the finished binary, compile the fuzz
77# executable with a "magic string" as the name of the fuzz target.
78#
79# An alternative to mocking the string in the finished binary would be to
80# replace the string in the source code and re-invoke 'make'. This is slower,
81# so use the hack.
82export MAGIC_STR="b5813eee2abc9d3358151f298b75a72264ffa119d2f71ae7fefa15c4b70b4bc5b38e87e3107a730f25891ea428b2b4fabe7a84f5bfa73c79e0479e085e4ff157"
83sed -i "s|.*std::getenv(\"FUZZ\").*|std::string fuzz_target{\"$MAGIC_STR\"};|g" "./src/test/fuzz/fuzz.cpp"
84sed -i "s|.find(fuzz_target)|.find(fuzz_target.c_str())|g"                      "./src/test/fuzz/fuzz.cpp"
85make -j$(nproc)
86
87# Replace the magic string with the actual name of each fuzz target
88for fuzz_target in ${FUZZ_TARGETS[@]}; do
89  python3 -c "c_str_target=b\"${fuzz_target}\x00\";c_str_magic=b\"$MAGIC_STR\";c=open('./src/test/fuzz/fuzz','rb').read();c=c.replace(c_str_magic, c_str_target+c_str_magic[len(c_str_target):]);open(\"$OUT/$fuzz_target\",'wb').write(c)"
90  chmod +x "$OUT/$fuzz_target"
91  (
92    cd assets/fuzz_seed_corpus
93    if [ -d "$fuzz_target" ]; then
94      zip --recurse-paths --quiet --junk-paths "$OUT/${fuzz_target}_seed_corpus.zip" "${fuzz_target}"
95    fi
96  )
97done
98