You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

140 lines
4.1 KiB

#!/bin/bash -eu
# Copyright 2019 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
################################################################################
# Case-sensitive names of internal Firefox fuzzing targets. Edit to add more.
FUZZ_TARGETS=(
# WebRTC
SdpParser
StunParser
# IPC
ContentParentIPC
CompositorManagerParentIPC
ContentSecurityPolicyParser
FeaturePolicyParser
# Image
ImageGIF
ImageICO
ImageBMP
# Demuxing
MediaADTS
MediaFlac
MediaMP3
MediaOgg
MediaWebM
# MediaWAV disabled due to frequent OOMs
)
# Firefox object (build) directory and configuration file.
export MOZ_OBJDIR=$WORK/obj-fuzz
export MOZCONFIG=$SRC/mozconfig.$SANITIZER
# Without this, a host tool used during Rust part of the build will fail
export ASAN_OPTIONS="detect_leaks=0"
# Install remaining dependencies.
export SHELL=/bin/bash
# Firefox might not be buildable on the latest Rust Nightly, so we should try
# to use the same version that we use in our CI.
RUST_NIGHTLY_VERSION=$(sed -n 's/^.*--channel.*\(nightly-[0-9-]*\).*$/\1/p' \
$SRC/mozilla-central/taskcluster/ci/toolchain/rust.yml
)
rustup toolchain install ${RUST_NIGHTLY_VERSION}
rustup default ${RUST_NIGHTLY_VERSION}-x86_64-unknown-linux-gnu
./mach --no-interactive bootstrap --application-choice browser
# Skip patches for now
rm tools/fuzzing/libfuzzer/patches/*.patch
touch tools/fuzzing/libfuzzer/patches/dummy.patch
# Update internal libFuzzer.
(cd tools/fuzzing/libfuzzer && ./clone_libfuzzer.sh HEAD)
# Build!
./mach build
./mach gtest buildbutdontrun
# Packages Firefox only to immediately extract the archive. Some files are
# replaced with gtest-variants, which is required by the fuzzing interface.
# Weighs in shy of 1GB afterwards. About double for coverage builds.
./mach package
tar -xf $MOZ_OBJDIR/dist/firefox*bz2 -C $OUT
cp -L $MOZ_OBJDIR/dist/bin/gtest/libxul.so $OUT/firefox
cp $OUT/firefox/dependentlibs.list $OUT/firefox/dependentlibs.list.gtest
# Get absolute paths of the required system libraries.
LIBRARIES=$({
xargs -I{} ldd $OUT/firefox/{} | gawk '/=> [/]/ {print $3}' | sort -u
} < $OUT/firefox/dependentlibs.list)
# Copy libraries. Less than 50MB total.
mkdir -p $OUT/lib
for LIBRARY in $LIBRARIES; do cp -L $LIBRARY $OUT/lib; done
# Build a wrapper binary for each target to set environment variables.
for FUZZ_TARGET in ${FUZZ_TARGETS[@]}
do
$CC $CFLAGS -O0 \
-DFUZZ_TARGET=$FUZZ_TARGET \
$SRC/target.c -o $OUT/$FUZZ_TARGET
done
cp $SRC/*.options $OUT
# SdpParser
find media/webrtc -iname "*.sdp" \
-type f -exec zip -qu $OUT/SdpParser_seed_corpus.zip "{}" \;
cp $SRC/fuzzdata/dicts/sdp.dict $OUT/SdpParser.dict
# StunParser
find media/webrtc -iname "*.stun" \
-type f -exec zip -qu $OUT/StunParser_seed_corpus.zip "{}" \;
cp $SRC/fuzzdata/dicts/stun.dict $OUT/StunParser.dict
# ContentParentIPC
cp $SRC/fuzzdata/settings/ipc/libfuzzer.content.blacklist.txt $OUT/firefox
# ImageGIF
zip -rj $OUT/ImageGIF_seed_corpus.zip $SRC/fuzzdata/samples/gif
cp $SRC/fuzzdata/dicts/gif.dict $OUT/ImageGIF.dict
# ImageICO
zip -rj $OUT/ImageICO_seed_corpus.zip $SRC/fuzzdata/samples/ico
# ImageBMP
zip -rj $OUT/ImageBMP_seed_corpus.zip $SRC/fuzzdata/samples/bmp
# MediaADTS
zip -rj $OUT/MediaADTS_seed_corpus.zip $SRC/fuzzdata/samples/aac
# MediaFlac
zip -rj $OUT/MediaFlac_seed_corpus.zip $SRC/fuzzdata/samples/flac
# MediaMP3
zip -rj $OUT/MediaMP3_seed_corpus.zip $SRC/fuzzdata/samples/mp3
# MediaOgg
zip -rj $OUT/MediaOgg_seed_corpus.zip $SRC/fuzzdata/samples/ogg
# MediaWebM
zip -rj $OUT/MediaWebM_seed_corpus.zip $SRC/fuzzdata/samples/webm
# MediaWAV
# zip -rj $OUT/MediaWAV_seed_corpus.zip $SRC/fuzzdata/samples/wav