From: Vincent Bernat <vincent@bernat.ch>
Date: Thu, 29 Dec 2022 22:25:05 +0000 (+0100)
Subject: build: better integration of fuzz-decode in build process
X-Git-Tag: 1.0.17~12
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0fa28337f74d87cb26338e43900fe70db62cc501;p=thirdparty%2Flldpd.git

build: better integration of fuzz-decode in build process

I need it to reproduce crashs. Get rid of `build.sh` which does not work
with OOT compilation. Move the needed bits inside README. Simplify some
of the flags used.
---

diff --git a/README.md b/README.md
index 37587451..8863d361 100644
--- a/README.md
+++ b/README.md
@@ -360,10 +360,12 @@ To enable code coverage, use:
 
 ### With libfuzzer
 
-```
-./tests/fuzzer/build.sh ASan
-./tests/fuzzer/build.sh run
-```
+Build with `--enable-fuzzer` and `--enable-sanitizers`, then run `./fuzz-decode fuzzer/corpus
+fuzzer/seed-corpus` in `tests` folder. For example:
+
+- using address sanitizer: `./configure --enable-fuzzer --enable-sanitizers=address CFLAGS="-O1 -fsanitize-address-use-after-scope" CC=clang`
+- using undefined-behaviour sanitizer: `./configure --enable-fuzzer --enable-sanitizers=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unsigned-integer-overflow,unreachable,vla-bound,vptr CFLAGS="-O1 -fno-sanitize-recover=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr" CC=clang`
+- using memory sanitizer : `./configure --enable-fuzzer --enable-sanitizers=memory CFLAGS="-O1 -fsanitize-memory-track-origins" CC=clang`
 
 ### With AFL
 
diff --git a/configure.ac b/configure.ac
index 4025244b..65e828aa 100644
--- a/configure.ac
+++ b/configure.ac
@@ -147,7 +147,7 @@ elif test x"$hardening" != x"no"; then
 fi
   ])
 
-#Fuzzer
+# Fuzzer
 AC_ARG_ENABLE([fuzzer],
   AS_HELP_STRING([--enable-fuzzer],
     [Enable fuzzing @<:@default=no@:>@]),
@@ -158,7 +158,7 @@ case "$enableval" in
     *) fuzzer="$enableval" ;;
 esac
 if test x"$fuzzer" != x; then
-  AC_SUBST([FUZZENGINE], ["$fuzzer"])
+  AC_SUBST([FUZZ_DECODE_ENGINE], ["$fuzzer"])
 fi
   ])
 
@@ -420,7 +420,7 @@ AC_SUBST([LLDP_CFLAGS])
 AC_SUBST([LLDP_CPPFLAGS])
 AC_SUBST([LLDP_LDFLAGS])
 AC_SUBST([LLDP_BIN_LDFLAGS])
-AM_CONDITIONAL([BUILD_FUZZER], [test x"$fuzzer" != x])
+AM_CONDITIONAL([ENABLE_FUZZ_DECODE], [test x"$fuzzer" != x])
 AM_CONDITIONAL([HAVE_CHECK], [test x"$have_check" = x"yes"])
 AM_CONDITIONAL([USE_SNMP], [test x"$with_snmp" = x"yes"])
 AM_CONDITIONAL([USE_XML], [test x"$with_xml" = x"yes"])
diff --git a/src/client/Makefile.am b/src/client/Makefile.am
index 23a3225c..89fb7161 100644
--- a/src/client/Makefile.am
+++ b/src/client/Makefile.am
@@ -23,7 +23,6 @@ lldpcli_LDADD    = \
 	$(top_builddir)/src/libcommon-daemon-client.la \
 	$(top_builddir)/src/lib/liblldpctl.la \
 	@READLINE_LIBS@
-lldpcli_CFLAGS   = $(AM_CFLAGS)
 lldpcli_LDFLAGS  = $(AM_LDFLAGS) $(LLDP_BIN_LDFLAGS)
 
 if USE_XML
diff --git a/tests/Makefile.am b/tests/Makefile.am
index b1e92f18..c3c0295b 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -3,12 +3,19 @@ AM_CPPFLAGS = $(LLDP_CPPFLAGS)
 AM_LDFLAGS = $(LLDP_LDFLAGS) $(LLDP_BIN_LDFLAGS)
 
 check_PROGRAMS = decode
-
 decode_SOURCES = decode.c \
 	$(top_srcdir)/src/daemon/lldpd.h \
 	pcap-hdr.h
 
-LDADD = $(top_builddir)/src/daemon/liblldpd.la @check_LIBS@ @libevent_LDFLAGS@
+if ENABLE_FUZZ_DECODE
+noinst_PROGRAMS = fuzz-decode
+fuzz_decode_CFLAGS = $(AM_CFLAGS) -DFUZZ_DECODE
+fuzz_decode_LDADD = $(FUZZ_DECODE_ENGINE) $(LDADD)
+fuzz_decode_SOURCES = decode.c \
+	$(top_srcdir)/src/daemon/lldpd.h
+endif
+
+LDADD = $(top_builddir)/src/daemon/liblldpd.la @libevent_LDFLAGS@
 if ENABLE_SYSTEMTAP
 LDADD += $(top_builddir)/src/daemon/probes.o
 endif
@@ -63,11 +70,4 @@ check_PROGRAMS += $(TESTS)
 
 endif
 
-if BUILD_FUZZER
-noinst_PROGRAMS = fuzz-decode
-fuzz_decode_CFLAGS = -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fPIE
-fuzz_decode_SOURCES = decode.c $(top_srcdir)/src/daemon/lldpd.h
-fuzz_decode_LDADD = $(LDADD) $(FUZZENGINE)
-endif
-
 MOSTLYCLEANFILES = *.pcap
diff --git a/tests/decode.c b/tests/decode.c
index 85e5a070..22b0aa05 100644
--- a/tests/decode.c
+++ b/tests/decode.c
@@ -27,19 +27,6 @@
 
 #define BUFSIZE 2000
 
-static void
-usage(void)
-{
-	fprintf(stderr, "Usage:   %s PCAP\n", "decode");
-	fprintf(stderr, "Version: %s\n", PACKAGE_STRING);
-
-	fprintf(stderr, "\n");
-
-	fprintf(stderr, "Decode content of PCAP files and display a summary\n");
-	fprintf(stderr, "on standard output. Only the first packet is decoded.\n");
-	exit(1);
-}
-
 char *
 tohex(char *str, size_t len)
 {
@@ -103,7 +90,7 @@ decode(char *frame, int size, struct lldpd_hardware *hardware,
 	return decoded;
 }
 
-#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+#ifdef FUZZ_DECODE
 
 #  define kMinInputLength 30
 #  define kMaxInputLength 1500
@@ -128,6 +115,19 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 
 #else
 
+static void
+usage(void)
+{
+	fprintf(stderr, "Usage:   %s PCAP\n", "decode");
+	fprintf(stderr, "Version: %s\n", PACKAGE_STRING);
+
+	fprintf(stderr, "\n");
+
+	fprintf(stderr, "Decode content of PCAP files and display a summary\n");
+	fprintf(stderr, "on standard output. Only the first packet is decoded.\n");
+	exit(1);
+}
+
 int
 main(int argc, char **argv)
 {
diff --git a/tests/fuzzer/build.sh b/tests/fuzzer/build.sh
deleted file mode 100755
index 0011142a..00000000
--- a/tests/fuzzer/build.sh
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/bin/bash -eu
-
-build() {
-   export CFLAGS="$1"
-
-   ./autogen.sh
-   ./configure CC="${CC:-clang}" CFLAGS="$CFLAGS" LDFLAGS="$CFLAGS" \
-      --enable-fuzzer=yes --disable-shared --disable-hardening --enable-pie
-
-   make -j$(nproc)
-   mkdir -p tests/fuzzer/corpus
-}
-
-run() {
-   cd tests
-   ./fuzz-decode fuzzer/corpus fuzzer/seed-corpus
-}
-
-help() {
-   echo "use: ./$0 ASan | UBSan | MSan | Run"
-}
-
-case $1 in
-   ASan) build "-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link" ;;
-   UBSan) build "-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unsigned-integer-overflow,unreachable,vla-bound,vptr -fno-sanitize-recover=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr -fsanitize=fuzzer-no-link" ;;
-   MSan) build "-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=memory -fsanitize-memory-track-origins -fsanitize=fuzzer-no-link" ;;
-   run) run ${2:-} ;;
-   *) help ;;
-esac