2022-01-22 01:05:11 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
set -eux
|
|
|
|
|
|
|
|
|
|
SANITIZER=${SANITIZER:-address}
|
|
|
|
|
flags="-O1 -fno-omit-frame-pointer -g -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=$SANITIZER -fsanitize=fuzzer-no-link"
|
|
|
|
|
|
|
|
|
|
export CC=${CC:-clang}
|
|
|
|
|
export CFLAGS=${CFLAGS:-$flags}
|
|
|
|
|
|
|
|
|
|
export CXX=${CXX:-clang++}
|
|
|
|
|
export CXXFLAGS=${CXXFLAGS:-$flags}
|
|
|
|
|
|
|
|
|
|
cd "$(dirname -- "$0")/.."
|
|
|
|
|
|
|
|
|
|
export OUT=${OUT:-"$(pwd)/out"}
|
|
|
|
|
mkdir -p "$OUT"
|
|
|
|
|
|
|
|
|
|
export LIB_FUZZING_ENGINE=${LIB_FUZZING_ENGINE:--fsanitize=fuzzer}
|
|
|
|
|
|
2022-04-11 00:23:02 +00:00
|
|
|
# libelf is compiled with _FORTIFY_SOURCE by default and it
|
|
|
|
|
# isn't compatible with MSan. It was borrowed
|
|
|
|
|
# from https://github.com/google/oss-fuzz/pull/7422
|
|
|
|
|
if [[ "$SANITIZER" == memory ]]; then
|
|
|
|
|
CFLAGS+=" -U_FORTIFY_SOURCE"
|
|
|
|
|
CXXFLAGS+=" -U_FORTIFY_SOURCE"
|
|
|
|
|
fi
|
|
|
|
|
|
2022-04-10 23:02:56 +00:00
|
|
|
# The alignment check is turned off by default on OSS-Fuzz/CFLite so it should be
|
|
|
|
|
# turned on explicitly there. It was borrowed from
|
|
|
|
|
# https://github.com/google/oss-fuzz/pull/7092
|
|
|
|
|
if [[ "$SANITIZER" == undefined ]]; then
|
|
|
|
|
additional_ubsan_checks=alignment
|
|
|
|
|
UBSAN_FLAGS="-fsanitize=$additional_ubsan_checks -fno-sanitize-recover=$additional_ubsan_checks"
|
|
|
|
|
CFLAGS+=" $UBSAN_FLAGS"
|
|
|
|
|
CXXFLAGS+=" $UBSAN_FLAGS"
|
|
|
|
|
fi
|
|
|
|
|
|
2022-01-22 01:05:11 +00:00
|
|
|
# Ideally libbelf should be built using release tarballs available
|
|
|
|
|
# at https://sourceware.org/elfutils/ftp/. Unfortunately sometimes they
|
|
|
|
|
# fail to compile (for example, elfutils-0.185 fails to compile with LDFLAGS enabled
|
|
|
|
|
# due to https://bugs.gentoo.org/794601) so let's just point the script to
|
|
|
|
|
# commits referring to versions of libelf that actually can be built
|
ci: no longer remove elfutils while building the fuzzer
Without it coverage reports can't be built
```
[2022-01-31 00:05:36,094 DEBUG] Generating file view html index file as: "/out/report/linux/file_view_index.html".
Traceback (most recent call last):
File "/opt/code_coverage/coverage_utils.py", line 829, in <module>
sys.exit(Main())
File "/opt/code_coverage/coverage_utils.py", line 823, in Main
return _CmdPostProcess(args)
File "/opt/code_coverage/coverage_utils.py", line 780, in _CmdPostProcess
processor.PrepareHtmlReport()
File "/opt/code_coverage/coverage_utils.py", line 577, in PrepareHtmlReport
self.GenerateFileViewHtmlIndexFile(per_file_coverage_summary,
File "/opt/code_coverage/coverage_utils.py", line 450, in GenerateFileViewHtmlIndexFile
self.GetCoverageHtmlReportPathForFile(file_path),
File "/opt/code_coverage/coverage_utils.py", line 422, in GetCoverageHtmlReportPathForFile
assert os.path.isfile(
AssertionError: "/tmp/tmp.UYax4l19Gh/lib/system.h" is not a file.
```
It's a follow-up to 393a058d061d49d
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
2022-01-31 00:08:34 +00:00
|
|
|
rm -rf elfutils
|
|
|
|
|
git clone git://sourceware.org/git/elfutils.git
|
2022-01-22 01:05:11 +00:00
|
|
|
(
|
ci: no longer remove elfutils while building the fuzzer
Without it coverage reports can't be built
```
[2022-01-31 00:05:36,094 DEBUG] Generating file view html index file as: "/out/report/linux/file_view_index.html".
Traceback (most recent call last):
File "/opt/code_coverage/coverage_utils.py", line 829, in <module>
sys.exit(Main())
File "/opt/code_coverage/coverage_utils.py", line 823, in Main
return _CmdPostProcess(args)
File "/opt/code_coverage/coverage_utils.py", line 780, in _CmdPostProcess
processor.PrepareHtmlReport()
File "/opt/code_coverage/coverage_utils.py", line 577, in PrepareHtmlReport
self.GenerateFileViewHtmlIndexFile(per_file_coverage_summary,
File "/opt/code_coverage/coverage_utils.py", line 450, in GenerateFileViewHtmlIndexFile
self.GetCoverageHtmlReportPathForFile(file_path),
File "/opt/code_coverage/coverage_utils.py", line 422, in GetCoverageHtmlReportPathForFile
assert os.path.isfile(
AssertionError: "/tmp/tmp.UYax4l19Gh/lib/system.h" is not a file.
```
It's a follow-up to 393a058d061d49d
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
2022-01-31 00:08:34 +00:00
|
|
|
cd elfutils
|
ci: point elfutils to a commit where a couple bugs are fixed
Fixes
```
./out/bpf-object-fuzzer: Running 1 inputs 1 time(s) each.
Running: CORPUS/036ff286c13e4590646c7ef59435ec642432da8e
elf_begin.c:232:20: runtime error: member access within misaligned address 0x000001655e71 for type 'Elf64_Shdr', which requires 8 byte alignment
0x000001655e71: note: pointer points here
00 00 00 7f 45 4c 46 02 02 01 00 00 00 07 fb 00 1d 00 00 6c 69 63 65 42 fb 00 41 00 57 03 00 20
^
#0 0x574d51 in get_shnum /home/libbpf/elfutils/libelf/elf_begin.c:232:20
#1 0x574d51 in file_read_elf /home/libbpf/elfutils/libelf/elf_begin.c:296:19
#2 0x569c2c in __libelf_read_mmaped_file /home/libbpf/elfutils/libelf/elf_begin.c:559:14
#3 0x58e812 in elf_memory /home/libbpf/elfutils/libelf/elf_memory.c:49:10
#4 0x4905b4 in bpf_object__elf_init /home/libbpf/src/libbpf.c:1255:9
#5 0x4905b4 in bpf_object_open /home/libbpf/src/libbpf.c:7104:8
#6 0x49144e in bpf_object__open_mem /home/libbpf/src/libbpf.c:7171:20
#7 0x483018 in LLVMFuzzerTestOneInput /home/libbpf/fuzz/bpf-object-fuzzer.c:16:8
#8 0x439389 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/libbpf/out/bpf-object-fuzzer+0x439389)
#9 0x419e2f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/libbpf/out/bpf-object-fuzzer+0x419e2f)
#10 0x421aee in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/libbpf/out/bpf-object-fuzzer+0x421aee)
#11 0x410f96 in main (/home/libbpf/out/bpf-object-fuzzer+0x410f96)
#12 0x7f153e21255f in __libc_start_call_main (/lib64/libc.so.6+0x2d55f)
#13 0x7f153e21260b in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x2d60b)
#14 0x410fe4 in _start (/home/libbpf/out/bpf-object-fuzzer+0x410fe4)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior elf_begin.c:232:20 in
```
and
```
./out/bpf-object-fuzzer: Running 1 inputs 1 time(s) each.
Running: CORPUS/446b578d82c47fe177de6fd675f4cb6bae8d1ea9
elf_begin.c:485:40: runtime error: addition of unsigned offset to 0x000002277e70 overflowed to 0x0000021d7e6f
#0 0x5748f1 in file_read_elf /home/libbpf/elfutils/libelf/elf_begin.c:485:40
#1 0x569c2c in __libelf_read_mmaped_file /home/libbpf/elfutils/libelf/elf_begin.c:559:14
#2 0x58e812 in elf_memory /home/libbpf/elfutils/libelf/elf_memory.c:49:10
#3 0x4905b4 in bpf_object__elf_init /home/libbpf/src/libbpf.c:1255:9
#4 0x4905b4 in bpf_object_open /home/libbpf/src/libbpf.c:7104:8
#5 0x49144e in bpf_object__open_mem /home/libbpf/src/libbpf.c:7171:20
#6 0x483018 in LLVMFuzzerTestOneInput /home/libbpf/fuzz/bpf-object-fuzzer.c:16:8
#7 0x439389 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/libbpf/out/bpf-object-fuzzer+0x439389)
#8 0x419e2f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/libbpf/out/bpf-object-fuzzer+0x419e2f)
#9 0x421aee in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/libbpf/out/bpf-object-fuzzer+0x421aee)
#10 0x410f96 in main (/home/libbpf/out/bpf-object-fuzzer+0x410f96)
#11 0x7f753e38255f in __libc_start_call_main (/lib64/libc.so.6+0x2d55f)
#12 0x7f753e38260b in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x2d60b)
#13 0x410fe4 in _start (/home/libbpf/out/bpf-object-fuzzer+0x410fe4)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior elf_begin.c:485:40 in
```
2022-04-09 23:50:29 +00:00
|
|
|
git checkout 83251d4091241acddbdcf16f814e3bc6ef3df49a
|
2022-01-22 01:05:11 +00:00
|
|
|
git log --oneline -1
|
|
|
|
|
|
|
|
|
|
# ASan isn't compatible with -Wl,--no-undefined: https://github.com/google/sanitizers/issues/380
|
|
|
|
|
find -name Makefile.am | xargs sed -i 's/,--no-undefined//'
|
|
|
|
|
|
|
|
|
|
# ASan isn't compatible with -Wl,-z,defs either:
|
|
|
|
|
# https://clang.llvm.org/docs/AddressSanitizer.html#usage
|
|
|
|
|
sed -i 's/^\(ZDEFS_LDFLAGS=\).*/\1/' configure.ac
|
|
|
|
|
|
2022-04-09 23:42:44 +00:00
|
|
|
if [[ "$SANITIZER" == undefined ]]; then
|
|
|
|
|
# That's basicaly what --enable-sanitize-undefined does to turn off unaligned access
|
|
|
|
|
# elfutils heavily relies on on i386/x86_64 but without changing compiler flags along the way
|
|
|
|
|
sed -i 's/\(check_undefined_val\)=[0-9]/\1=1/' configure.ac
|
|
|
|
|
fi
|
2022-01-22 01:05:11 +00:00
|
|
|
|
|
|
|
|
autoreconf -i -f
|
|
|
|
|
if ! ./configure --enable-maintainer-mode --disable-debuginfod --disable-libdebuginfod \
|
|
|
|
|
CC="$CC" CFLAGS="-Wno-error $CFLAGS" CXX="$CXX" CXXFLAGS="-Wno-error $CXXFLAGS" LDFLAGS="$CFLAGS"; then
|
|
|
|
|
cat config.log
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
make -C config -j$(nproc) V=1
|
|
|
|
|
make -C lib -j$(nproc) V=1
|
|
|
|
|
make -C libelf -j$(nproc) V=1
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
make -C src BUILD_STATIC_ONLY=y V=1 clean
|
ci: no longer remove elfutils while building the fuzzer
Without it coverage reports can't be built
```
[2022-01-31 00:05:36,094 DEBUG] Generating file view html index file as: "/out/report/linux/file_view_index.html".
Traceback (most recent call last):
File "/opt/code_coverage/coverage_utils.py", line 829, in <module>
sys.exit(Main())
File "/opt/code_coverage/coverage_utils.py", line 823, in Main
return _CmdPostProcess(args)
File "/opt/code_coverage/coverage_utils.py", line 780, in _CmdPostProcess
processor.PrepareHtmlReport()
File "/opt/code_coverage/coverage_utils.py", line 577, in PrepareHtmlReport
self.GenerateFileViewHtmlIndexFile(per_file_coverage_summary,
File "/opt/code_coverage/coverage_utils.py", line 450, in GenerateFileViewHtmlIndexFile
self.GetCoverageHtmlReportPathForFile(file_path),
File "/opt/code_coverage/coverage_utils.py", line 422, in GetCoverageHtmlReportPathForFile
assert os.path.isfile(
AssertionError: "/tmp/tmp.UYax4l19Gh/lib/system.h" is not a file.
```
It's a follow-up to 393a058d061d49d
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
2022-01-31 00:08:34 +00:00
|
|
|
make -C src -j$(nproc) CFLAGS="-I$(pwd)/elfutils/libelf $CFLAGS" BUILD_STATIC_ONLY=y V=1
|
2022-01-22 01:05:11 +00:00
|
|
|
|
|
|
|
|
$CC $CFLAGS -Isrc -Iinclude -Iinclude/uapi -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -c fuzz/bpf-object-fuzzer.c -o bpf-object-fuzzer.o
|
ci: no longer remove elfutils while building the fuzzer
Without it coverage reports can't be built
```
[2022-01-31 00:05:36,094 DEBUG] Generating file view html index file as: "/out/report/linux/file_view_index.html".
Traceback (most recent call last):
File "/opt/code_coverage/coverage_utils.py", line 829, in <module>
sys.exit(Main())
File "/opt/code_coverage/coverage_utils.py", line 823, in Main
return _CmdPostProcess(args)
File "/opt/code_coverage/coverage_utils.py", line 780, in _CmdPostProcess
processor.PrepareHtmlReport()
File "/opt/code_coverage/coverage_utils.py", line 577, in PrepareHtmlReport
self.GenerateFileViewHtmlIndexFile(per_file_coverage_summary,
File "/opt/code_coverage/coverage_utils.py", line 450, in GenerateFileViewHtmlIndexFile
self.GetCoverageHtmlReportPathForFile(file_path),
File "/opt/code_coverage/coverage_utils.py", line 422, in GetCoverageHtmlReportPathForFile
assert os.path.isfile(
AssertionError: "/tmp/tmp.UYax4l19Gh/lib/system.h" is not a file.
```
It's a follow-up to 393a058d061d49d
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
2022-01-31 00:08:34 +00:00
|
|
|
$CXX $CXXFLAGS $LIB_FUZZING_ENGINE bpf-object-fuzzer.o src/libbpf.a "$(pwd)/elfutils/libelf/libelf.a" -l:libz.a -o "$OUT/bpf-object-fuzzer"
|
2022-01-22 01:05:11 +00:00
|
|
|
|
|
|
|
|
cp fuzz/bpf-object-fuzzer_seed_corpus.zip "$OUT"
|