Commit 60729287 authored by Jonathan Foote's avatar Jonathan Foote

Initial integration with google/oss-fuzz

Implements initial support for continuous fuzzing with [google/oss-fuzz](http://github.com/google/oss-fuzz). Changes:

- Removes `--with-santize-coverage` config flag: the clang6 `-fsanitize=fuzzer-no-link` replaces this
- Adds `--with-oss-fuzz` config flag: links `-lFuzzingEngine` into fuzz targets
- Adds logic to `make check` that runs the fuzz targets with a single seed input to ensure they exit successfully
parent 98b428ad
......@@ -524,6 +524,7 @@ AX_CODE_COVERAGE
AX_SANITIZER
AS_IF([test -n "$sanitize_CFLAGS"], [CFLAGS="$CFLAGS $sanitize_CFLAGS"])
AM_CONDITIONAL([SANITIZE_FUZZER], [test "$with_sanitize_fuzzer" != "no"])
AM_CONDITIONAL([OSS_FUZZ], [test "$with_oss_fuzz" != "no"])
AS_IF([test "$enable_documentation" = "yes"],[
......@@ -580,8 +581,8 @@ result_msg_base=" $PACKAGE $VERSION
Ed25519 support: ${enable_ed25519}
Code coverage: ${enable_code_coverage}
Sanitizer: ${with_sanitize}
Sanitizer coverage: ${with_sanitize_coverage}
LibFuzzer: ${with_sanitize_fuzzer}
oss-fuzz: ${with_oss_fuzz}
"
result_msg_esc=$(echo -n "$result_msg_base" | sed '$!s/$/\\n/' | tr -d '\n')
......
......@@ -13,14 +13,13 @@
# with this program. If not, see <http://www.gnu.org/licenses/>.
#
# Processes --with-sanitize= and --with-sanitize-coverage= flags, checks
# Processes --with-sanitize and --with-oss-fuzz flags, checks
# if the options are supported by the compiler, and sets the following
# variables accordingly:
#
# - sanitize_enabled yes|no
# - sanitize_coverage_enabled yes|no
# - sanitize_fuzzer_enabled yes|no
# - sanitize_CFLAGS -fsanitize=... -fsanitize-coverage=...
# - sanitize_CFLAGS -fsanitize=...
#
AC_DEFUN([AX_SANITIZER], [
......@@ -30,20 +29,16 @@ AC_DEFUN([AX_SANITIZER], [
[],
[with_sanitize=no]
)
AC_ARG_WITH([sanitize-coverage],
[AS_HELP_STRING([--with-sanitize-coverage], [Compile with sanitizer coverage [default=no]])],
[],
[with_sanitize_coverage=no]
)
AC_ARG_WITH([sanitize-fuzzer],
[AS_HELP_STRING([--with-sanitize-fuzzer], [Compile with sanitizer fuzzer (require clang >= 6.0) [default=no]])], [
# Enable SanitizerCoverage if needed by libFuzzer
AS_IF([test "$with_sanitize_coverage" = "no"],[
AC_MSG_NOTICE([Enabling sanitizer coverage because it's required for sanitizer fuzzer])
with_sanitize_coverage=yes
])],
[AS_HELP_STRING([--with-sanitize-fuzzer], [Compile with sanitizer fuzzer (require clang >= 6.0) [default=no]])],
[],
[with_sanitize_fuzzer=no]
)
AC_ARG_WITH([oss-fuzz],
[AS_HELP_STRING([--with-oss-fuzz], [Link for oss-fuzz environment [default=no]])],
[],
[with_oss_fuzz=no]
)
# Using -fsanitize=fuzzer requires clang >= 6.0
AS_IF([test "$with_sanitize_fuzzer" != "no"],[
......@@ -55,15 +50,9 @@ AC_DEFUN([AX_SANITIZER], [
# Default values
AS_IF([test "$with_sanitize" = "yes"], [ with_sanitize=address ])
AS_IF([test "$with_sanitize_fuzzer" = "yes"], [ with_sanitize_fuzzer=fuzzer-no-link ])
AS_IF([test "$with_sanitize_coverage" = "yes"], [ with_sanitize_coverage=edge,indirect-calls,trace-pc-guard ])
# Either --with-sanitize or --with-sanitize-fuzzer is needed for --with-sanitize-coverage
AS_IF([test "$with_sanitize" = "no" -a "$with_sanitize_fuzzer" = "no" -a "$with_sanitize_coverage" != "no"],[
AC_MSG_ERROR([--with-sanitize-coverage cannot be used without --with-sanitize or --with-sanitize-fuzzer])])
# Construct output variables
sanitize_enabled=no
sanitize_coverage_enabled=no
sanitize_fuzzer_enable=no
sanitize_CFLAGS=
AS_IF([test "$with_sanitize" != "no" -o "$with_sanitize_fuzzer" != "no"], [
......@@ -80,10 +69,6 @@ AC_DEFUN([AX_SANITIZER], [
sanitize_CFLAGS="-fsanitize=${with_sanitize_fuzzer}"
sanitize_fuzzer_enabled=yes
])])
AS_IF([test "$with_sanitize_coverage" != "no"], [
sanitize_CFLAGS="$sanitize_CFLAGS -fsanitize-coverage=${with_sanitize_coverage}"
sanitize_coverage_enabled=yes
])
# Test compiler support
save_CFLAGS="$CFLAGS"
......
......@@ -22,6 +22,17 @@ zscanner_libfuzzer_LDADD = $(top_builddir)/src/zscanner/libzscanner.la
if SANITIZE_FUZZER
packet_libfuzzer_LDFLAGS = -fsanitize=fuzzer
zscanner_libfuzzer_LDFLAGS = -fsanitize=fuzzer
# Ensure that fuzzers execute successfully with a benign input
TESTS = check/check_fuzzers.test
EXTRA_DIST = check/check_fuzzers.test
if OSS_FUZZ
packet_libfuzzer_LDADD += -lFuzzingEngine
zscanner_libfuzzer_LDADD += -lFuzzingEngine
endif
else
packet_libfuzzer_SOURCES += main.c
zscanner_libfuzzer_SOURCES += main.c
......
#!/bin/bash
# Ensures that fuzzers execute successfully with benign input
# Designed to run from tests-fuzz directory
set -e
./packet_libfuzzer check/sample-seed.pkt
./zscanner_libfuzzer check/sample-seed.pkt
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment