1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
# Copyright 2020 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
import("//build_overrides/build.gni")
import("//testing/libfuzzer/fuzzer_test.gni")
import("//third_party/libprotobuf-mutator/fuzzable_proto_library.gni")
config("include_config") {
include_dirs = [ "src/" ]
}
source_set("libprotobuf-mutator") {
testonly = true
configs += [ ":include_config" ]
public_configs = [ ":include_config" ]
sources = [
"src/src/binary_format.cc",
"src/src/libfuzzer/libfuzzer_macro.cc",
"src/src/libfuzzer/libfuzzer_mutator.cc",
"src/src/mutator.cc",
"src/src/text_format.cc",
"src/src/utf8_fix.cc",
]
# Allow users of LPM to use protobuf reflection and other features from
# protobuf_full.
public_deps = [ "//third_party/protobuf:protobuf_full" ]
}
# This protoc plugin, like the compiler, should only be built for the host
# architecture.
if (current_toolchain == host_toolchain) {
# This plugin will be needed to fuzz most protobuf code in Chromium. That's
# because production protobuf code must contain the line:
# "option optimize_for = LITE_RUNTIME", which instructs the proto compiler not
# to compile the proto using the full protobuf runtime. This allows Chromium
# not to depend on the full protobuf library, but prevents
# libprotobuf-mutator from fuzzing because the lite runtime lacks needed
# features (such as reflection). The plugin simply compiles a proto library
# as normal but ensures that is compiled with the full protobuf runtime.
executable("override_lite_runtime_plugin") {
sources = [ "protoc_plugin/protoc_plugin.cc" ]
deps = [ "//third_party/protobuf:protoc_lib" ]
public_configs = [ "//third_party/protobuf:protobuf_config" ]
}
# To use the plugin in a proto_library you want to fuzz, change the build
# target to fuzzable_proto_library (defined in
# //third_party/libprotobuf-mutator/fuzzable_proto_library.gni)
}
# The CQ will try building this target without "use_libfuzzer" if it is defined.
# That will cause the build to fail, so don't define it when "use_libfuzzer" is
# is false.
if (use_libfuzzer) {
# Test that override_lite_runtime_plugin is working when built. This target
# contains files that are optimized for LITE_RUNTIME and which import other
# files that are also optimized for LITE_RUNTIME.
openscreen_fuzzer_test("override_lite_runtime_plugin_test_fuzzer") {
sources = [ "protoc_plugin/test_fuzzer.cc" ]
deps = [
":libprotobuf-mutator",
":override_lite_runtime_plugin_test_fuzzer_proto",
]
}
}
# Proto library for override_lite_runtime_plugin_test_fuzzer
fuzzable_proto_library("override_lite_runtime_plugin_test_fuzzer_proto") {
sources = [
"protoc_plugin/imported.proto",
"protoc_plugin/imported_publicly.proto",
"protoc_plugin/test_fuzzer_input.proto",
]
}
# Avoid CQ complaints on platforms we don't care about (ie: iOS).
# Also prevent people from using this to include protobuf_full into a production
# build of Chrome.
if (use_libfuzzer) {
# Component that can provide protobuf_full to non-testonly targets
static_library("protobuf_full") {
public_deps = [ "//third_party/protobuf:protobuf_full" ]
}
}
|
