7 # This should help to protect the systemd organization on Fuzzit from forks
8 # that are activated on Travis CI.
9 [[ "$TRAVIS_REPO_SLUG" = "systemd/systemd" ]] ||
exit 0
11 REPO_ROOT
=${REPO_ROOT:-$(pwd)}
13 sudo bash
-c "echo 'deb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted universe multiverse' >>/etc/apt/sources.list"
14 sudo apt-get update
-y
15 sudo apt-get build-dep systemd
-y
16 sudo apt-get
install -y ninja-build python3-pip python3-setuptools
20 export PATH
="$HOME/.local/bin/:$PATH"
22 # We use a subset of https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html#available-checks instead of "undefined"
23 # because our fuzzers crash with "pointer-overflow" and "float-cast-overflow":
24 # https://github.com/systemd/systemd/pull/12771#issuecomment-502139157
25 # https://github.com/systemd/systemd/pull/12812#issuecomment-502780455
26 # TODO: figure out what to do about unsigned-integer-overflow: https://github.com/google/oss-fuzz/issues/910
27 export SANITIZER
="address -fsanitize=alignment,array-bounds,bool,bounds,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,nonnull-attribute,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,unsigned-integer-overflow,vla-bound,vptr -fno-sanitize-recover=alignment,array-bounds,bool,bounds,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,nonnull-attribute,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr"
30 FUZZING_TYPE
=${1:-regression}
31 if [ "$TRAVIS_PULL_REQUEST" = "false" ]; then
32 FUZZIT_BRANCH
="${TRAVIS_BRANCH}"
34 FUZZIT_BRANCH
="PR-${TRAVIS_PULL_REQUEST}"
37 # Because we want Fuzzit to run on every pull-request and Travis/Azure doesnt support encrypted keys
38 # on pull-request we use a write-only key which is ok for now. maybe there will be a better solution in the future
39 export FUZZIT_API_KEY
=af6992074353998676713818cc6435ef4a750439932dab58b51e9354d6742c54d740a3cd9fc1fc001db82f51734a24bc
40 FUZZIT_ADDITIONAL_FILES
="./out/src/shared/libsystemd-shared-*.so"
42 # ASan options are borrowed almost verbatim from OSS-Fuzz
43 ASAN_OPTIONS
=redzone
=32:print_summary
=1:handle_sigill
=1:allocator_release_to_os_interval_ms
=500:print_suppressions
=0:strict_memcmp
=1:allow_user_segv_handler
=0:allocator_may_return_null
=1:use_sigaltstack
=1:handle_sigfpe
=1:handle_sigbus
=1:detect_stack_use_after_return
=1:alloc_dealloc_mismatch
=0:detect_leaks
=1:print_scariness
=1:max_uar_stack_size_log
=16:handle_abort
=1:check_malloc_usable_size
=0:quarantine_size_mb
=64:detect_odr_violation
=0:handle_segv
=1:fast_unwind_on_fatal
=0
44 UBSAN_OPTIONS
=print_stacktrace
=1:print_summary
=1:halt_on_error
=1:silence_unsigned_overflow
=1
45 FUZZIT_ARGS
="--type ${FUZZING_TYPE} --branch ${FUZZIT_BRANCH} --revision ${TRAVIS_COMMIT} -e ASAN_OPTIONS=${ASAN_OPTIONS} -e UBSAN_OPTIONS=${UBSAN_OPTIONS}"
46 wget
-O fuzzit https
://github.com
/fuzzitdev
/fuzzit
/releases
/latest
/download
/fuzzit_Linux_x86_64
49 find out
/ -maxdepth 1 -name 'fuzz-*' -executable -type f
-exec basename '{}' \
; |
xargs --verbose -n1 -I%FUZZER
% .
/fuzzit create job
${FUZZIT_ARGS} %FUZZER
%-asan-ubsan out
/%FUZZER
% ${FUZZIT_ADDITIONAL_FILES}
51 export SANITIZER
="memory -fsanitize-memory-track-origins"
52 FUZZIT_ARGS
="--type ${FUZZING_TYPE} --branch ${FUZZIT_BRANCH} --revision ${TRAVIS_COMMIT}"
55 find out
/ -maxdepth 1 -name 'fuzz-*' -executable -type f
-exec basename '{}' \
; |
xargs --verbose -n1 -I%FUZZER
% .
/fuzzit create job
${FUZZIT_ARGS} %FUZZER
%-msan out
/%FUZZER
% ${FUZZIT_ADDITIONAL_FILES}