2 # SPDX-License-Identifier: LGPL-2.1-or-later
6 export LC_CTYPE
=C.UTF-8
9 export CXX
=${CXX:-clang++}
10 clang_version
="$($CC --version | sed -nr 's/.*version ([^ ]+?) .*/\1/p' | sed -r 's/-$//')"
12 SANITIZER
=${SANITIZER:-address -fsanitize-address-use-after-scope}
13 flags
="-O1 -fno-omit-frame-pointer -g -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=$SANITIZER"
15 clang_lib
="/usr/lib64/clang/${clang_version}/lib/linux"
16 [ -d "$clang_lib" ] || clang_lib
="/usr/lib/clang/${clang_version}/lib/linux"
18 export CFLAGS
=${CFLAGS:-$flags}
19 export CXXFLAGS
=${CXXFLAGS:-$flags}
20 export LDFLAGS
=${LDFLAGS:--L${clang_lib}}
22 export WORK
=${WORK:-$(pwd)}
23 export OUT
=${OUT:-$(pwd)/out}
30 if [ -z "$FUZZING_ENGINE" ]; then
31 fuzzflag
="llvm-fuzz=true"
33 fuzzflag
="oss-fuzz=true"
36 apt-get
install -y gperf
m4 gettext python3-pip \
37 libcap-dev libmount-dev \
38 pkg-config wget python3-jinja2 zipmerge zstd
40 if [[ "$ARCHITECTURE" == i386
]]; then
41 apt-get
install -y pkg-config
:i386 libcap-dev
:i386 libmount-dev
:i386
44 pip3
install -r .github
/workflows
/requirements.txt
--require-hashes
46 # https://github.com/google/oss-fuzz/issues/6868
47 ORIG_PYTHONPATH
=$
(python3
-c 'import sys;print(":".join(sys.path[1:]))')
48 export PYTHONPATH
="$ORIG_PYTHONPATH:/usr/lib/python3/dist-packages/"
50 if [[ "$SANITIZER" == undefined
]]; then
51 additional_ubsan_checks
=pointer-overflow
,alignment
52 UBSAN_FLAGS
="-fsanitize=$additional_ubsan_checks -fno-sanitize-recover=$additional_ubsan_checks"
53 CFLAGS
="$CFLAGS $UBSAN_FLAGS"
54 CXXFLAGS
="$CXXFLAGS $UBSAN_FLAGS"
57 if [[ "$SANITIZER" == introspector
]]; then
58 # fuzz-introspector passes -fuse-ld=gold and -flto using CFLAGS/LDFLAGS and due to
59 # https://github.com/mesonbuild/meson/issues/6377#issuecomment-575977919 and
60 # https://github.com/mesonbuild/meson/issues/6377 it doesn't mix well with meson.
61 # It's possible to build systemd with duct tape there using something like
62 # https://github.com/google/oss-fuzz/pull/7583#issuecomment-1104011067 but
63 # apparently even with gold and lto some parts of systemd are missing from
64 # reports (presumably due to https://github.com/google/oss-fuzz/issues/7598).
65 # Let's just fail here for now to make it clear that fuzz-introspector isn't supported.
70 if ! meson setup
"$build" "-D$fuzzflag" -Db_lundef=false
; then
71 cat "$build/meson-logs/meson-log.txt"
75 ninja
-v -C "$build" fuzzers
77 # Compressed BCD files are kept in test/test-bcd so let's unpack them
78 # and put them all in the seed corpus.
80 for i
in test
/test-bcd
/*.zst
; do
81 unzstd
"$i" -o "$bcd/$(basename "${i%.zst}")";
83 zip -jqr "$OUT/fuzz-bcd_seed_corpus.zip" "$bcd"
87 wget
-O "$hosts" https
://raw.githubusercontent.com
/StevenBlack
/hosts
/master
/hosts
88 zip -jq "$OUT/fuzz-etc-hosts_seed_corpus.zip" "$hosts"
91 # The seed corpus is a separate flat archive for each fuzzer,
92 # with a fixed name ${fuzzer}_seed_corpus.zip.
93 for d
in test
/fuzz
/fuzz-
*; do
94 fuzzer
="$(basename "$d")"
95 # Include the build-generated corpora if any as well
96 readarray
-t generated
< <(find "$build/test/fuzz" -maxdepth 1 -name "${fuzzer}*" -type f
)
97 zip -jqr "$OUT/${fuzzer}_seed_corpus.zip" "$d" "${generated[@]}"
100 # get fuzz-dns-packet corpus
101 df
="$build/dns-fuzzing"
102 git clone
--depth 1 https
://github.com
/CZ-NIC
/dns-fuzzing
"$df"
103 zip -jqr "$OUT/fuzz-dns-packet_seed_corpus.zip" "$df/packet"
105 install -Dt "$OUT/src/shared/" \
106 "$build"/src
/shared
/libsystemd-shared-
*.so \
107 "$build"/src
/core
/libsystemd-core-
*.so
109 # Most i386 libraries have to be brought to the runtime environment somehow. Ideally they
110 # should be linked statically but since it isn't possible another way to keep them close
111 # to the fuzz targets is used here. The dependencies are copied to "$OUT/src/shared" and
112 # then 'rpath' is tweaked to make it possible for the linker to find them there. "$OUT/src/shared"
113 # is chosen because the runtime search path of all the fuzz targets already points to it
114 # to load "libsystemd-shared" and "libsystemd-core". Stuff like that should be avoided on
115 # x86_64 because it tends to break coverage reports, fuzz-introspector, CIFuzz and so on.
116 if [[ "$ARCHITECTURE" == i386
]]; then
117 for lib_path
in $
(ldd
"$OUT"/src
/shared
/libsystemd-shared-
*.so |
awk '/=> \/lib/ { print $3 }'); do
118 lib_name
=$
(basename "$lib_path")
119 cp "$lib_path" "$OUT/src/shared"
120 patchelf
--set-rpath \
$ORIGIN "$OUT/src/shared/$lib_name"
122 patchelf
--set-rpath \
$ORIGIN "$OUT"/src
/shared
/libsystemd-shared-
*.so
125 wget
-O "$OUT/fuzz-json.dict" https
://raw.githubusercontent.com
/rc0r
/afl-fuzz
/master
/dictionaries
/json.dict
127 find "$build" -maxdepth 1 -type f
-executable -name "fuzz-*" -exec mv {} "$OUT" \
;
128 find src
-type f
-name "fuzz-*.dict" -exec cp {} "$OUT" \
;
129 cp src
/fuzz
/*.options
"$OUT"
131 if [[ "$MERGE_WITH_OSS_FUZZ_CORPORA" == "yes" ]]; then
132 for f
in "$OUT/"fuzz-
*; do
133 [[ -x "$f" ]] ||
continue
134 fuzzer
=$
(basename "$f")
136 if wget
-O "$t" "https://storage.googleapis.com/systemd-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/systemd_${fuzzer}/public.zip"; then
137 zipmerge
"$OUT/${fuzzer}_seed_corpus.zip" "$t"