Merge pull request #3733 from evverx/move-from-oss-fuzz

oss-fuzz: make it possible to build the fuzzer without docker

Merge pull request #3733 from evverx/move-from-oss-fuzz
e50319aa · Christian Brauner · GitHub · 6a3b5795 · dec64820 · e50319aa
Unverified Commit e50319aa authored Mar 26, 2021 by Christian Brauner Committed by GitHub Mar 26, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 74 additions and 0 deletions

fuzz-lxc-config-read.c src/tests/fuzz-lxc-config-read.c +28 -0

oss-fuzz.sh src/tests/oss-fuzz.sh +46 -0

No files found.
--- a/src/tests/fuzz-lxc-config-read.c
+++ b/src/tests/fuzz-lxc-config-read.c
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include "conf.h"
+#include "confile.h"
+#include "lxctest.h"
+#include "utils.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+	int fd = -1;
+	char tmpf[] = "fuzz-lxc-config-read-XXXXXX";
+	struct lxc_conf *conf = NULL;
+
+	fd = lxc_make_tmpfile(tmpf, false);
+	lxc_test_assert_abort(fd >= 0);
+	lxc_write_nointr(fd, data, size);
+	close(fd);
+
+	conf = lxc_conf_init();
+	lxc_test_assert_abort(conf);
+	lxc_config_read(tmpf, conf, false);
+	lxc_conf_free(conf);
+
+	(void) unlink(tmpf);
+	return 0;
+}
--- a/src/tests/oss-fuzz.sh
+++ b/src/tests/oss-fuzz.sh
+#!/bin/bash
+
+set -ex
+
+export SANITIZER=${SANITIZER:-address}
+flags="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION"
+sanitizer_flags="-fsanitize=address -fsanitize-address-use-after-scope"
+coverage_flags="-fsanitize=fuzzer-no-link"
+
+export CC=${CC:-clang}
+export CFLAGS=${CFLAGS:-$flags $sanitizer_flags $coverage_flags}
+
+export CXX=${CXX:-clang++}
+export CXXFLAGS=${CXXFLAGS:-$flags $sanitizer_flags $coverage_flags}
+
+export OUT=${OUT:-$(pwd)/out}
+mkdir -p $OUT
+
+export LIB_FUZZING_ENGINE=${LIB_FUZZING_ENGINE:--fsanitize=fuzzer}
+
+# -fsanitize=... isn't compatible with -Wl,-no-undefined
+# https://github.com/google/sanitizers/issues/380
+sed -i 's/-Wl,-no-undefined *\\/\\/' src/lxc/Makefile.am
+
+# AFL++ and hoggfuzz are both incompatible with lto=thin apparently
+sed -i '/-flto=thin/d' configure.ac
+
+# turn off the libutil dependency
+sed -i 's/^AC_CHECK_LIB(util/#/' configure.ac
+
+./autogen.sh
+./configure \
+    --disable-tools \
+    --disable-commands \
+    --disable-apparmor \
+    --disable-openssl \
+    --disable-selinux \
+    --disable-seccomp \
+    --disable-capabilities
+
+make -j$(nproc)
+
+$CC -c -o fuzz-lxc-config-read.o $CFLAGS -Isrc -Isrc/lxc src/tests/fuzz-lxc-config-read.c
+$CXX $CXXFLAGS $LIB_FUZZING_ENGINE fuzz-lxc-config-read.o src/lxc/.libs/liblxc.a -o $OUT/fuzz-lxc-config-read
+
+zip -r $OUT/fuzz-lxc-config-read_seed_corpus.zip doc/examples