oss-fuzz: Add comment on why we build with --auto-features=disabled

author Daan De Meyer <daan.j.demeyer@gmail.com>

Mon, 19 May 2025 15:43:48 +0000 (17:43 +0200)

committer Daan De Meyer <daan.j.demeyer@gmail.com>

Tue, 20 May 2025 08:29:59 +0000 (10:29 +0200)
author Daan De Meyer <daan.j.demeyer@gmail.com>
Mon, 19 May 2025 15:43:48 +0000 (17:43 +0200)
committer Daan De Meyer <daan.j.demeyer@gmail.com>
Tue, 20 May 2025 08:29:59 +0000 (10:29 +0200)
diff --git a/tools/oss-fuzz.sh b/tools/oss-fuzz.sh

index 05f9191fb66f712c18cae1fb12d68a8f55de1481..3cd5cec6703adf0d69f674eaf18e17a41bb702f9 100755 (executable)
--- a/tools/oss-fuzz.sh
+++ b/tools/oss-fuzz.sh
@@ -32,6 +32,12 @@ meson_args=("-Db_lundef=false")
  if [ -z "$FUZZING_ENGINE" ]; then
      meson_args+=("-Dllvm-fuzz=true")
  else
+    # The situation with runtime dependencies on oss-fuzz is complicated as the execution environment differs
+    # from the build environment
+    # (https://google.github.io/oss-fuzz/further-reading/fuzzer-environment/#runtime-dependencies). Because
+    # statically linking isn't viable for us for various reasons, we do a build with most features disabled
+    # to link against as few libraries as possible. The libraries we do end up linking against happen (by
+    # chance) to be installed in the oss-fuzz execution environment.
      meson_args+=("-Doss-fuzz=true" "--auto-features=disabled" "-Dnspawn=enabled" "-Dresolve=true")
  
      apt-get update
author	Daan De Meyer <daan.j.demeyer@gmail.com>
	Mon, 19 May 2025 15:43:48 +0000 (17:43 +0200)
committer	Daan De Meyer <daan.j.demeyer@gmail.com>
	Tue, 20 May 2025 08:29:59 +0000 (10:29 +0200)