blob: 8788e190eed6f3578c6d42b5bf31988c7a56c054 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
#!/bin/bash -eu
# Copyright 2019 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
################################################################################
# Case-sensitive names of internal Firefox fuzzing targets. Edit to add more.
FUZZ_TARGETS=(
# WebRTC
SdpParser
StunParser
# IPC
ContentParentIPC
CompositorManagerParentIPC
ContentSecurityPolicyParser
FeaturePolicyParser
# Image
ImageGIF
ImageICO
ImageBMP
# Demuxing
MediaADTS
MediaFlac
MediaMP3
MediaOgg
MediaWebM
# MediaWAV disabled due to frequent OOMs
)
# Firefox object (build) directory and configuration file.
export MOZ_OBJDIR=$WORK/obj-fuzz
export MOZCONFIG=$SRC/mozconfig.$SANITIZER
# Without this, a host tool used during Rust part of the build will fail
export ASAN_OPTIONS="detect_leaks=0"
# Install remaining dependencies.
export SHELL=/bin/bash
# Firefox might not be buildable on the latest Rust Nightly, so we should try
# to use the same version that we use in our CI.
RUST_NIGHTLY_VERSION=$(sed -n 's/^.*--channel.*\(nightly-[0-9-]*\).*$/\1/p' \
$SRC/mozilla-central/taskcluster/ci/toolchain/rust.yml
)
rustup toolchain install ${RUST_NIGHTLY_VERSION}
rustup default ${RUST_NIGHTLY_VERSION}-x86_64-unknown-linux-gnu
./mach --no-interactive bootstrap --application-choice browser
# Skip patches for now
rm tools/fuzzing/libfuzzer/patches/*.patch
touch tools/fuzzing/libfuzzer/patches/dummy.patch
# Update internal libFuzzer.
(cd tools/fuzzing/libfuzzer && ./clone_libfuzzer.sh HEAD)
# Build!
./mach build
./mach gtest buildbutdontrun
# Packages Firefox only to immediately extract the archive. Some files are
# replaced with gtest-variants, which is required by the fuzzing interface.
# Weighs in shy of 1GB afterwards. About double for coverage builds.
./mach package
tar -xf $MOZ_OBJDIR/dist/firefox*bz2 -C $OUT
cp -L $MOZ_OBJDIR/dist/bin/gtest/libxul.so $OUT/firefox
cp $OUT/firefox/dependentlibs.list $OUT/firefox/dependentlibs.list.gtest
# Get absolute paths of the required system libraries.
LIBRARIES=$({
xargs -I{} ldd $OUT/firefox/{} | gawk '/=> [/]/ {print $3}' | sort -u
} < $OUT/firefox/dependentlibs.list)
# Copy libraries. Less than 50MB total.
mkdir -p $OUT/lib
for LIBRARY in $LIBRARIES; do cp -L $LIBRARY $OUT/lib; done
# Build a wrapper binary for each target to set environment variables.
for FUZZ_TARGET in ${FUZZ_TARGETS[@]}
do
$CC $CFLAGS -O0 \
-DFUZZ_TARGET=$FUZZ_TARGET \
$SRC/target.c -o $OUT/$FUZZ_TARGET
done
cp $SRC/*.options $OUT
# SdpParser
find media/webrtc -iname "*.sdp" \
-type f -exec zip -qu $OUT/SdpParser_seed_corpus.zip "{}" \;
cp $SRC/fuzzdata/dicts/sdp.dict $OUT/SdpParser.dict
# StunParser
find media/webrtc -iname "*.stun" \
-type f -exec zip -qu $OUT/StunParser_seed_corpus.zip "{}" \;
cp $SRC/fuzzdata/dicts/stun.dict $OUT/StunParser.dict
# ContentParentIPC
cp $SRC/fuzzdata/settings/ipc/libfuzzer.content.blacklist.txt $OUT/firefox
# ImageGIF
zip -rj $OUT/ImageGIF_seed_corpus.zip $SRC/fuzzdata/samples/gif
cp $SRC/fuzzdata/dicts/gif.dict $OUT/ImageGIF.dict
# ImageICO
zip -rj $OUT/ImageICO_seed_corpus.zip $SRC/fuzzdata/samples/ico
# ImageBMP
zip -rj $OUT/ImageBMP_seed_corpus.zip $SRC/fuzzdata/samples/bmp
# MediaADTS
zip -rj $OUT/MediaADTS_seed_corpus.zip $SRC/fuzzdata/samples/aac
# MediaFlac
zip -rj $OUT/MediaFlac_seed_corpus.zip $SRC/fuzzdata/samples/flac
# MediaMP3
zip -rj $OUT/MediaMP3_seed_corpus.zip $SRC/fuzzdata/samples/mp3
# MediaOgg
zip -rj $OUT/MediaOgg_seed_corpus.zip $SRC/fuzzdata/samples/ogg
# MediaWebM
zip -rj $OUT/MediaWebM_seed_corpus.zip $SRC/fuzzdata/samples/webm
# MediaWAV
# zip -rj $OUT/MediaWAV_seed_corpus.zip $SRC/fuzzdata/samples/wav
|
