Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions projects/connectedhomeip/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,20 @@ RUN cd $SRC/connectedhomeip && scripts/checkout_submodules.py --shallow --platfo
SHELL ["/bin/bash", "-c"]
RUN cd $SRC/connectedhomeip && . scripts/bootstrap.sh

# Work around the Fuzz Introspector build timeout (oss-fuzz#13153). base-builder's `compile` runs
# the introspector source analysis (tree-sitter parse of the whole tree + a per-harness call-graph
# pass) BEFORE build.sh. On connectedhomeip that is ~4h just to load ~32k files' trees, plus ~6h
# over the ~230 fuzz harnesses vendored under third_party -- together exceeding the build deadline.
# Because the analysis runs before build.sh, move third_party out of the source tree here (after
# bootstrap, which needs third_party/pigweed) so the analysis skips ~15k files and those ~230
# harnesses; build.sh moves it back before `gn gen`, so the actual asan/msan/coverage fuzz builds
# are unaffected. The stash dir is outside $SRC so the analysis (--target-dir=$SRC) never walks it.
# Also drop the dead all-clusters-minimal-app fuzz driver (a whole-application harness built by no
# target) so the analysis doesn't spend time on its Matter-wide call graph.
RUN cd $SRC/connectedhomeip && \
rm -f examples/all-clusters-minimal-app/linux/fuzzing-main.cpp && \
mv third_party /opt/chip-third-party-stash

# meson + packaging: GLib build deps for the MSAN dependency sysroot that build.sh builds when
# SANITIZER=memory (built there, not here -- the deps' configure/meson run instrumented binaries
# that need lowered ASLR, which only the privileged `compile` step provides).
Expand Down
8 changes: 8 additions & 0 deletions projects/connectedhomeip/build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,14 @@ fi

cd $SRC/connectedhomeip

# The Dockerfile moved third_party out of the source tree so Fuzz Introspector's analysis (which
# runs before build.sh) skips it and stays within the build deadline (see the Dockerfile / oss-fuzz
# #13153). Restore it now -- before `gn gen` -- so every build (asan/msan/coverage/introspector)
# compiles normally. The introspector analysis has already run by this point.
if [ -d /opt/chip-third-party-stash ] && [ ! -e third_party ]; then
mv /opt/chip-third-party-stash third_party
fi

# Preserve the OSS-Fuzz-provided toolchain settings. The pw_fuzzer / FuzzTest toolchain
# (//build/toolchain/pw_fuzzer) reads $CC/$CXX/$CFLAGS/$CXXFLAGS at `gn gen` time so its
# libFuzzer runtime matches OSS-Fuzz's instrumentation; Pigweed's activate.sh may change
Expand Down
7 changes: 3 additions & 4 deletions projects/envoy/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,7 @@
################################################################################


FROM gcr.io/oss-fuzz-base/base-builder@sha256:56905c98ae0083d14da0e7371184e694560a74750533f321ac0e9145af0e8d2e
# ! This project was pinned after a clang bump. Please remove the pin, Try to fix any build warnings and errors, as well as runtime errors
# see https://github.com/google/oss-fuzz/pull/12365
FROM gcr.io/oss-fuzz-base/base-builder


RUN apt-get update && apt-get -y install \
Expand All @@ -31,7 +29,8 @@ RUN apt-get update && apt-get -y install \
wget \
golang \
rsync \
python3
python3 \
libtinfo5

RUN git clone https://github.com/envoyproxy/envoy.git
WORKDIR $SRC/envoy/
Expand Down
4 changes: 4 additions & 0 deletions projects/envoy/WORKSPACE
Original file line number Diff line number Diff line change
Expand Up @@ -35,3 +35,7 @@ envoy_repo()
load("//bazel:toolchains.bzl", "envoy_toolchains")

envoy_toolchains()

load("//bazel:dependency_imports_extra.bzl", "envoy_dependency_imports_extra")

envoy_dependency_imports_extra()
49 changes: 32 additions & 17 deletions projects/envoy/build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,6 @@
#
################################################################################

# Overcome missing dependency declaration with path mapping issue. This is
# similar to the current abseil build (see
# https://github.com/google/oss-fuzz/pull/12858), to overcome the issue
# mentioned in https://github.com/bazelbuild/bazel/issues/23681.
export USE_BAZEL_VERSION=7.4.0

declare -r FUZZ_TARGET_QUERY='
let all_fuzz_tests = attr(tags, "fuzz_target", "test/...") in
$all_fuzz_tests - attr(tags, "no_fuzz", $all_fuzz_tests)
Expand Down Expand Up @@ -54,7 +48,7 @@ then
echo "--linkopt=-fsanitize=undefined"
elif [ "$SANITIZER" = "address" ]
then
echo "--copt=-D__SANITIZE_ADDRESS__" "--copt=-DADDRESS_SANITIZER=1" "--linkopt=-fsanitize=address"
echo "--copt=-D__SANITIZE_ADDRESS__" "--copt=-DADDRESS_SANITIZER=1" "--linkopt=-fsanitize=address" "--copt=-fno-sanitize-ignorelist"
fi
)"

Expand Down Expand Up @@ -95,28 +89,25 @@ then
echo " --per_file_copt=^.*test/.*\.cc\$@-fsanitize-coverage=0"

# External dependencies. Disable all instrumentation.
echo " --per_file_copt=^.*com_google_protobuf.*\.cc\$@-fsanitize-coverage=0,-fno-sanitize=all"
echo " --per_file_copt=^.*com_google_absl.*\.cc\$@-fsanitize-coverage=0,-fno-sanitize=all"
echo " --per_file_copt=^.*com_github_grpc_grpc.*\.cc\$@-fsanitize-coverage=0,-fno-sanitize=all"
echo " --per_file_copt=^.*boringssl.*\.cc\$@-fsanitize-coverage=0,-fno-sanitize=all"
echo " --per_file_copt=^.*com_googlesource_code_re2.*\.cc\$@-fsanitize-coverage=0,-fno-sanitize=all"
echo " --per_file_copt=^.*upb.*\.cpp\$@-fsanitize-coverage=0,-fno-sanitize=all"
echo " --per_file_copt=^.*org_brotli.*\.cpp\$@-fsanitize-coverage=0,-fno-sanitize=all"
echo " --per_file_copt=^.*com_github_jbeder_yaml_cpp.*\.cpp\$@-fsanitize-coverage=0,-fno-sanitize=all"
echo " --per_file_copt=^.*proxy_wasm_cpp_host/.*\.cc\$@-fsanitize-coverage=0,-fno-sanitize=all"
echo " --per_file_copt=^.*com_github_google_libprotobuf_mutator/.*\.cc\$@-fsanitize-coverage=0,-fno-sanitize=all"
echo " --per_file_copt=^.*com_github_google_libprotobuf_mutator/.*\.cc\$@-fsanitize-coverage=0"
echo " --per_file_copt=^.*com_googlesource_googleurl/.*\.cc\$@-fsanitize-coverage=0,-fno-sanitize=all"
echo " --per_file_copt=^.*com_lightstep_tracer_cpp/.*\.cc\$@-fsanitize-coverage=0,-fno-sanitize=all"

# External dependency which needs to be compiled with sanitizers. Disable
# coverage instrumentation.
# External dependencies which need to be compiled with sanitizers (to avoid ASan container poisoning shadow memory mismatches). Disable coverage instrumentation.
echo " --per_file_copt=^.*com_google_protobuf.*\.cc\$@-fsanitize-coverage=0"
echo " --per_file_copt=^.*com_google_absl.*\.cc\$@-fsanitize-coverage=0"
echo " --per_file_copt=^.*com_github_grpc_grpc.*\.cc\$@-fsanitize-coverage=0"
echo " --per_file_copt=^.*com_google_cel_cpp.*\.cpp\$@-fsanitize-coverage=0"
echo " --per_file_copt=^.*antlr4_runtimes.*\.cpp\$@-fsanitize-coverage=0"
echo " --per_file_copt=^.*googletest.*\.cc\$@-fsanitize-coverage=0"

# All protobuf code and code in bazel-out
echo " --per_file_copt=^.*\.pb\.cc\$@-fsanitize-coverage=0,-fno-sanitize=all"
echo " --per_file_copt=^.*bazel-out/.*\.cc\$@-fsanitize-coverage=0,-fno-sanitize=all"
echo " --per_file_copt=^.*\.pb\.cc\$@-fsanitize-coverage=0"
echo " --per_file_copt=^.*bazel-out/.*\.cc\$@-fsanitize-coverage=0"
fi
)"

Expand Down Expand Up @@ -170,6 +161,30 @@ for oss_fuzz_archive in $(find bazel-bin/ -name '*_oss_fuzz.tar'); do
tar -xvf "${oss_fuzz_archive}" -C "${OUT}"
done

# Explicitly copy LLVM toolchain C++ runtime shared libraries into $OUT/lib so they are available at runtime.
mkdir -p "${OUT}/lib"
find $(bazel info output_base) \( -name "libc++.so*" -o -name "libc++abi.so*" -o -name "libunwind.so*" \) -exec cp -a {} "${OUT}/lib/" \; 2>/dev/null || true
if [ -d "${OUT}/lib" ]; then
(cd "${OUT}/lib" && \
[ -f libc++.so.1.0 ] && [ ! -e libc++.so.1 ] && ln -sf libc++.so.1.0 libc++.so.1; \
[ -f libc++abi.so.1.0 ] && [ ! -e libc++abi.so.1 ] && ln -sf libc++abi.so.1.0 libc++abi.so.1; \
[ -f libunwind.so.1.0 ] && [ ! -e libunwind.so.1 ] && ln -sf libunwind.so.1.0 libunwind.so.1) || true
fi

# 1. Fix inter-library dependencies among prebuilt toolchain shared libraries in $OUT/lib
if [ -d "${OUT}/lib" ]; then
for so in "${OUT}"/lib/*.so*; do
[ -e "$so" ] && patchelf --set-rpath '$ORIGIN' "$so" 2>/dev/null || true
done
fi

# 2. Ensure all extracted fuzz targets can locate shared libraries in $OUT/lib at runtime
for f in "${OUT}"/*; do
if [ -f "$f" ] && [ -x "$f" ] && file "$f" | grep -q "ELF"; then
patchelf --set-rpath '$ORIGIN/lib:$ORIGIN' "$f" 2>/dev/null || true
fi
done

# Cleanup bazel- symlinks to avoid oss-fuzz trying to copy out of the build
# cache.
rm -f bazel-*
2 changes: 1 addition & 1 deletion projects/openexr/project.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ homepage: "https://openexr.com"
language: c++
primary_contact: "twodeecoda@gmail.com"
auto_ccs:
- "cary@ilm.com"
- "seabeepea@gmail.com"
- "twodeecoda@gmail.com"
- "kdt3rd@gmail.com"
main_repo: 'https://github.com/AcademySoftwareFoundation/openexr'
Expand Down
2 changes: 1 addition & 1 deletion projects/xpdf/fuzz_JBIG2.cc
Original file line number Diff line number Diff line change
Expand Up @@ -78,8 +78,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
currentObj.getStream()->reset();
}
currentObj.free();
}
currentObj.free();
}
}
catch (...)
Expand Down
Loading