X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fsystemd.git;a=blobdiff_plain;f=travis-ci%2Fmanagers%2Ffuzzit.sh;h=71858b4be87c3ddbec2ba06fed489a344368af03;hp=72769276f231d7f22ecd01c2206aeda4c1a46499;hb=f789e0b4f891800557c74c385d0f61a0164cb16f;hpb=e87e6962fd58c0ac52f924c34311447d0fd7d51e

diff --git a/travis-ci/managers/fuzzit.sh b/travis-ci/managers/fuzzit.sh
index 72769276f23..71858b4be87 100755
--- a/travis-ci/managers/fuzzit.sh
+++ b/travis-ci/managers/fuzzit.sh
@@ -14,21 +14,32 @@ pip3 install meson
 
 cd $REPO_ROOT
 export PATH="$HOME/.local/bin/:$PATH"
-export SANITIZER=address,undefined
+
+# We use a subset of https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html#available-checks instead of "undefined"
+# because that's how the fuzzers are built on OSS-Fuzz: https://github.com/google/oss-fuzz/blob/a3c935fe9ca7f82bafa520731525e1cc38acf650/infra/base-images/base-builder/Dockerfile#L33-L34
+# and we know they don't fail there. We can turn on everything else later after the issues mentioned in
+# https://github.com/systemd/systemd/pull/12771#issuecomment-502139157 are sorted out at least.
+# TODO: "null" should probably be added too. On OSS-Fuzz it was turned off in https://github.com/google/oss-fuzz/pull/674
+# TODO: figure out what to do about unsigned-integer-overflow: https://github.com/google/oss-fuzz/issues/910
+export SANITIZER="address -fsanitize=bool,array-bounds,float-divide-by-zero,function,integer-divide-by-zero,return,shift,signed-integer-overflow,unsigned-integer-overflow,vla-bound,vptr -fno-sanitize-recover=bool,array-bounds,float-divide-by-zero,function,integer-divide-by-zero,return,shift,signed-integer-overflow,vla-bound,vptr"
 tools/oss-fuzz.sh
 
-export FUZZING_TYPE=${1:-sanity}
+FUZZING_TYPE=${1:-sanity}
 if [ "$TRAVIS_PULL_REQUEST" = "false" ]; then
-    export FUZZIT_BRANCH="${TRAVIS_BRANCH}"
+    FUZZIT_BRANCH="${TRAVIS_BRANCH}"
 else
-    export FUZZIT_BRANCH="PR-${TRAVIS_PULL_REQUEST}"
+    FUZZIT_BRANCH="PR-${TRAVIS_PULL_REQUEST}"
 fi
 
 # Because we want Fuzzit to run on every pull-request and Travis/Azure doesnt support encrypted keys
 # on pull-request we use a write-only key which is ok for now. maybe there will be a better solution in the future
-export FUZZIT_API_KEY=7c1bd82fe0927ffe1b4bf1e2e86cc812b28dfe08a7080a7bf498e98715884a163402ee37ba95d4b1637247deffcea43e
-export FUZZIT_ADDITIONAL_FILES="./out/src/shared/libsystemd-shared-242.so"
-export FUZZIT_ARGS="--type ${FUZZING_TYPE} --branch ${FUZZIT_BRANCH} --revision ${TRAVIS_COMMIT} --asan_options quarantine_size_mb=10 --ubsan_options=print_stacktrace=1:print_summary=1:halt_on_error=1"
+FUZZIT_API_KEY=7c1bd82fe0927ffe1b4bf1e2e86cc812b28dfe08a7080a7bf498e98715884a163402ee37ba95d4b1637247deffcea43e
+FUZZIT_ADDITIONAL_FILES="./out/src/shared/libsystemd-shared-242.so"
+
+# ASan options are borrowed almost verbatim from OSS-Fuzz
+ASAN_OPTIONS=redzone=32:print_summary=1:handle_sigill=1:allocator_release_to_os_interval_ms=500:print_suppressions=0:strict_memcmp=1:allow_user_segv_handler=0:allocator_may_return_null=1:use_sigaltstack=1:handle_sigfpe=1:handle_sigbus=1:detect_stack_use_after_return=1:alloc_dealloc_mismatch=0:detect_leaks=1:print_scariness=1:max_uar_stack_size_log=16:handle_abort=1:check_malloc_usable_size=0:quarantine_size_mb=64:detect_odr_violation=0:handle_segv=1:fast_unwind_on_fatal=0
+UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1:silence_unsigned_overflow=1
+FUZZIT_ARGS="--type ${FUZZING_TYPE} --branch ${FUZZIT_BRANCH} --revision ${TRAVIS_COMMIT} --asan_options ${ASAN_OPTIONS} --ubsan_options ${UBSAN_OPTIONS}"
 wget -O fuzzit https://bin.fuzzit.dev/fuzzit-1.1
 chmod +x fuzzit