diff options
| author | pdknsk <pdknsk@gmail.com> | 2018-08-19 01:32:16 +0200 |
|---|---|---|
| committer | Abhishek Arya <inferno@chromium.org> | 2018-08-18 16:32:16 -0700 |
| commit | ebbaf4c93304f2e6aa0a68264159fa06462617ba (patch) | |
| tree | dd053544aef1312607d3ca0cbe86bff9960f37b9 /projects/firefox | |
| parent | 80ea4a427a7785263a191ce284acd9935719aef6 (diff) | |
| download | oss-fuzz-ebbaf4c93304f2e6aa0a68264159fa06462617ba.tar.gz | |
firefox: fixes and improvements (#1723)
* ignore libgcc
* dictionary/corpus for SdpParser and StunParser
* simpler ASAN_OPTIONS handling
* disable leak reports for now
* get execv error
* auto-sync libfuzzer
* disable coverage build
* add node.js repository for recent versions
* prepare profile
* remove unnecessary corpus size restriction
Diffstat (limited to 'projects/firefox')
| -rw-r--r-- | projects/firefox/Dockerfile | 2 | ||||
| -rwxr-xr-x | projects/firefox/build.sh | 27 | ||||
| -rw-r--r-- | projects/firefox/target.c | 22 |
3 files changed, 41 insertions, 10 deletions
diff --git a/projects/firefox/Dockerfile b/projects/firefox/Dockerfile index 7a63e6018..97af1a235 100644 --- a/projects/firefox/Dockerfile +++ b/projects/firefox/Dockerfile @@ -22,3 +22,5 @@ RUN apt-get update && \ RUN hg clone https://hg.mozilla.org/mozilla-central WORKDIR mozilla-central COPY build.sh target.c $SRC/ +# Recent node.js versions not available on Ubuntu. +RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - diff --git a/projects/firefox/build.sh b/projects/firefox/build.sh index e4c45adae..c5a2a10be 100755 --- a/projects/firefox/build.sh +++ b/projects/firefox/build.sh @@ -25,6 +25,8 @@ FUZZ_TARGETS=( # Firefox object (build) directory. OBJDIR=$WORK/obj-fuzz +[[ $SANITIZER = "coverage" ]] && exit 0 + # Firefox fuzzing build configuration. cat << EOF > mozconfig ac_add_options --disable-debug @@ -34,16 +36,16 @@ ac_add_options --disable-crashreporter ac_add_options --enable-fuzzing ac_add_options --enable-optimize=-O1 ac_add_options --enable-debug-symbols=-gline-tables-only +ac_add_options --enable-address-sanitizer mk_add_options MOZ_OBJDIR=${OBJDIR} mk_add_options MOZ_MAKE_FLAGS=-j$(nproc) -mk_add_options CFLAGS= -mk_add_options CXXFLAGS= EOF if [[ $SANITIZER = "address" ]] then cat << EOF >> mozconfig -ac_add_options --enable-address-sanitizer +mk_add_options CFLAGS= +mk_add_options CXXFLAGS= EOF fi @@ -57,6 +59,10 @@ export SHELL=/bin/bash # Set environment for rustc. source $HOME/.cargo/env +# Sync internal libFuzzer. +LLVM_REV=$($CC --version | egrep -1o "[0-9]{6}") +(cd tools/fuzzing/libfuzzer && ./clone_libfuzzer.sh $LLVM_REV) + # Build! Takes about 15 minutes on a 32 vCPU instance. ./mach build ./mach gtest buildbutdontrun @@ -83,6 +89,7 @@ cd $WORK/apt # Takes only 1-2 minutes on a 32 vCPU instance. PACKAGES=($(parallel apt-file search -lFN "{}" ::: ${REQUIRED_LIBRARIES[@]})) PACKAGES=(${PACKAGES[@]##libc6*}) +PACKAGES=(${PACKAGES[@]##libgcc*}) PACKAGES=(${PACKAGES[@]##libstdc++*}) apt-get -q download ${PACKAGES[@]} @@ -104,3 +111,17 @@ do -DFUZZ_TARGET=$FUZZ_TARGET \ $SRC/target.c -o $OUT/$FUZZ_TARGET done + +cd $SRC/mozilla-central + +# SdpParser +find media/webrtc/trunk/webrtc/test/fuzzers/corpora/sdp-corpus \ + -type f -exec zip -qju $OUT/SdpParser_seed_corpus.zip "{}" \; +cp media/webrtc/trunk/webrtc/test/fuzzers/corpora/sdp.tokens \ + $OUT/SdpParser.dict + +# StunParser +find media/webrtc/trunk/webrtc/test/fuzzers/corpora/stun-corpus \ + -type f -exec zip -qju $OUT/StunParser_seed_corpus.zip "{}" \; +cp media/webrtc/trunk/webrtc/test/fuzzers/corpora/stun.tokens \ + $OUT/StunParser.dict diff --git a/projects/firefox/target.c b/projects/firefox/target.c index dfec92a44..0e91e87be 100644 --- a/projects/firefox/target.c +++ b/projects/firefox/target.c @@ -60,22 +60,30 @@ int main(int argc, char* argv[]) { exit(1); } - // Temporary (or permanent?) work-around for a bug in the fuzzing interface. - // https://bugzilla.mozilla.org/show_bug.cgi?id=1466021#c9 char* options = getenv("ASAN_OPTIONS"); if (!options) { fprintf(stderr, "ASAN_OPTIONS not set ?!\n"); exit(1); } - char append[] = ":detect_stack_use_after_return=0"; - char* new_options = (char*)malloc(strlen(options) + sizeof(append)); - memcpy(new_options, options, strlen(options)); - memcpy(new_options + strlen(options), append, sizeof(append)); + + // Temporary (or permanent?) work-arounds for fuzzing interface bugs. + char* new_options = strdup(options); + char* ptr; + // https://bugzilla.mozilla.org/show_bug.cgi?id=1477846 + ptr = strstr(new_options, "detect_stack_use_after_return=1"); + if (ptr) ptr[30] = '0'; + // https://bugzilla.mozilla.org/show_bug.cgi?id=1477844 + ptr = strstr(new_options, "detect_leaks=1"); + if (ptr) ptr[13] = '0'; + if (setenv("ASAN_OPTIONS", new_options, 1)) { perror("Error setting ASAN_OPTIONS"); exit(1); } free(new_options); - return execv(ff_path, argv); + int ret = execv(ff_path, argv); + if (ret) + perror("execv"); + return ret; } |