diff options
| author | Haibo Huang <hhb@google.com> | 2019-09-24 16:40:01 -0700 |
|---|---|---|
| committer | Haibo Huang <hhb@google.com> | 2019-09-24 16:40:01 -0700 |
| commit | 8b63fe958bc5aea0a2721e9746f6e12e9453fffe (patch) | |
| tree | b7da7abb06b3fdc15d6bb074d5194d103bf016f4 | |
| parent | 4a6b9207ec21221dc351b287d087a082dc55f277 (diff) | |
| parent | 97060c44dec9c25b8c74a4ee05a217bd68f119fe (diff) | |
| download | oss-fuzz-ndk-sysroot-r21.tar.gz | |
Upgrade oss-fuzz to 97060c44dec9c25b8c74a4ee05a217bd68f119feplatform-tools-29.0.5ndk-sysroot-r21
Test: None
Change-Id: Ice113437769207d0db1493d9bb105baac207f6a6
| -rw-r--r-- | METADATA | 12 | ||||
| -rw-r--r-- | docs/further-reading/fuzzer_environment.md | 8 | ||||
| -rw-r--r-- | projects/envoy/Dockerfile | 6 | ||||
| -rwxr-xr-x | projects/php/build.sh | 6 | ||||
| -rwxr-xr-x | projects/proxygen/build.sh | 4 |
5 files changed, 27 insertions, 9 deletions
@@ -1,7 +1,5 @@ name: "OSS-Fuzz" -description: - "OSS-Fuzz: Continuous Fuzzing for Open Source Software" - +description: "OSS-Fuzz: Continuous Fuzzing for Open Source Software" third_party { url { type: HOMEPAGE @@ -11,7 +9,11 @@ third_party { type: GIT value: "https://github.com/google/oss-fuzz.git" } - version: "8f82af5a61c127d816022692a390b9380a4492ad" - last_upgrade_date { year: 2019 month: 9 day: 23 } + version: "97060c44dec9c25b8c74a4ee05a217bd68f119fe" license_type: NOTICE + last_upgrade_date { + year: 2019 + month: 9 + day: 24 + } } diff --git a/docs/further-reading/fuzzer_environment.md b/docs/further-reading/fuzzer_environment.md index 64b16c7ff..233cb25d3 100644 --- a/docs/further-reading/fuzzer_environment.md +++ b/docs/further-reading/fuzzer_environment.md @@ -39,6 +39,14 @@ All build artifacts needed during fuzz target execution should be inside the Everything else is ignored (e.g. artifacts in `$WORK`, `$SRC`, etc) and hence is not available in the execution environment. +We strongly recommend static linking because it just works. +However dynamic linking can work if shared objects are included in the `$OUT` directory and are loaded relative +to `'$ORIGIN'`, the path of the binary (see the discussion of `'$ORIGIN'` [here](http://man7.org/linux/man-pages/man8/ld.so.8.html)). +A fuzzer can be instructed to load libraries relative to `'$ORIGIN'` during compilation (i.e. `-Wl,-rpath,'$ORIGIN/lib'` ) +or afterwards using `chrpath -r '$ORIGIN/lib' $OUT/$fuzzerName` ([example](https://github.com/google/oss-fuzz/blob/09aa9ac556f97bd4e31928747eca0c8fed42509f/projects/php/build.sh#L40)). Note that `'$ORIGIN'` should be surronded +by single quotes because it is not an environment variable like `$OUT` that can be retrieved during execution of `build.sh`. +Its value is retrieved during execution of the binary. You can verify that you did this correctly using `ldd <fuzz_target_name>` and the `check_build` command in `infra/helper.py`. + You should ensure that the fuzz target works correctly by using `run_fuzzer` command (see instructions [here]({{ site.baseurl }}/getting-started/new-project-guide/#testing-locally)). diff --git a/projects/envoy/Dockerfile b/projects/envoy/Dockerfile index 095786dc0..e507358bf 100644 --- a/projects/envoy/Dockerfile +++ b/projects/envoy/Dockerfile @@ -25,7 +25,6 @@ RUN apt-get update && apt-get -y install \ curl \ autoconf \ libtool \ - cmake \ wget \ golang \ python @@ -35,6 +34,11 @@ RUN echo "deb [arch=amd64] http://storage.googleapis.com/bazel-apt stable jdk1.8 RUN curl https://bazel.build/bazel-release.pub.gpg | apt-key add - RUN apt-get update && apt-get install -y bazel +# Install cmake +RUN wget https://github.com/Kitware/CMake/releases/download/v3.14.5/cmake-3.14.5-Linux-x86_64.sh; \ + chmod +x cmake-3.14.5-Linux-x86_64.sh; \ + ./cmake-3.14.5-Linux-x86_64.sh --skip-license --prefix="/usr/local" + RUN git clone https://github.com/envoyproxy/envoy.git WORKDIR $SRC/envoy/ COPY build.sh $SRC/ diff --git a/projects/php/build.sh b/projects/php/build.sh index cde4e9e0b..6ebbe95a6 100755 --- a/projects/php/build.sh +++ b/projects/php/build.sh @@ -29,7 +29,11 @@ make -j$(nproc) sapi/cli/php sapi/fuzzer/generate_unserialize_dict.php cp sapi/fuzzer/dict/unserialize $OUT/php-fuzz-unserialize.dict -FUZZERS="php-fuzz-json php-fuzz-exif php-fuzz-mbstring php-fuzz-unserialize" +# Generate initial corpus for parser fuzzer +sapi/cli/php sapi/fuzzer/generate_parser_corpus.php +cp sapi/fuzzer/dict/parser $OUT/php-fuzz-parser.dict + +FUZZERS="php-fuzz-json php-fuzz-exif php-fuzz-mbstring php-fuzz-unserialize php-fuzz-parser" for fuzzerName in $FUZZERS; do cp sapi/fuzzer/$fuzzerName $OUT/ # for loading missing libs like libonig diff --git a/projects/proxygen/build.sh b/projects/proxygen/build.sh index cec0359a6..dd3729f7d 100755 --- a/projects/proxygen/build.sh +++ b/projects/proxygen/build.sh @@ -28,7 +28,7 @@ cp /usr/lib/x86_64-linux-gnu/libunwind.so.8 $OUT/lib/ ./build.sh -m --no-install-dependencies --build-for-fuzzing # Patch rpath so fuzzers can find libunwind -find ./_build/proxygen/fuzzers -type f -executable -exec patchelf --set-rpath "$OUT/lib" {} \; +find ./_build/proxygen/fuzzers -type f -executable -exec patchelf --set-rpath '$ORIGIN/lib' {} \; # Copy fuzzers over to the destination -find ./_build/proxygen/fuzzers -type f -executable -exec cp {} $OUT/ \;
\ No newline at end of file +find ./_build/proxygen/fuzzers -type f -executable -exec cp {} $OUT/ \; |