Browse Source

ossfuzz: Move to C++ for curl_fuzzer.

Automake gets confused if you want to use C++ static libraries with C
code - basically we need to involve the clang++ linker. The easiest way
of achieving this is to rename the C code as C++ code. This gets us a
bit further along the path and ought to be compatible with Google's
version of clang.
master
Max Dymond 4 years ago
committed by Daniel Stenberg
parent
commit
57001ce3bb
10 changed files with 29 additions and 17 deletions
  1. +1
    -0
      .gitignore
  2. +5
    -0
      .travis.yml
  3. +1
    -0
      configure.ac
  4. +6
    -6
      tests/fuzz/Makefile.am
  5. +5
    -5
      tests/fuzz/Makefile.inc
  6. +2
    -0
      tests/fuzz/README
  7. +6
    -3
      tests/fuzz/curl_fuzzer.cc
  8. +1
    -1
      tests/fuzz/curl_fuzzer.h
  9. +1
    -1
      tests/fuzz/standalone_fuzz_target_runner.cc
  10. +1
    -1
      tests/fuzz/testinput.h

+ 1
- 0
.gitignore View File

@ -55,3 +55,4 @@ test-driver
scripts/_curl
curl_fuzzer
curl_fuzzer_seed_corpus.zip
libstandaloneengine.a

+ 5
- 0
.travis.yml View File

@ -145,7 +145,12 @@ script:
- |
if [ "$T" = "fuzzer" ]; then
export CC=clang
export CXX=clang++
export CFLAGS="-fsanitize=address"
# Specifically use libstdc++ for travis as libc++ is not installed.
# This is ok because we're not compiling against libFuzzer.
export CXXFLAGS="-fsanitize=address -stdlib=libstdc++"
./configure --disable-shared --enable-debug --enable-maintainer-mode
make
cd tests/fuzz


+ 1
- 0
configure.ac View File

@ -52,6 +52,7 @@ CURL_CHECK_OPTION_RT
XC_CHECK_PATH_SEPARATOR
AX_CODE_COVERAGE
AC_PROG_CXX
#
# save the configure arguments


+ 6
- 6
tests/fuzz/Makefile.am View File

@ -30,12 +30,12 @@ AUTOMAKE_OPTIONS = foreign nostdinc
# $(top_builddir)/lib is for libcurl's generated lib/curl_config.h file
# $(top_srcdir)/lib for libcurl's lib/curl_setup.h and other "borrowed" files
AM_CFLAGS = -I$(top_srcdir)/include \
-I$(top_builddir)/lib \
-I$(top_srcdir)/lib \
-I$(top_srcdir)/tests/fuzz
AM_CXXFLAGS = -I$(top_srcdir)/include \
-I$(top_builddir)/lib \
-I$(top_srcdir)/lib \
-I$(top_srcdir)/tests/fuzz
LIBS = -lpthread -lstdc++ -lm
LIBS = -lpthread -lm
# Run e.g. "make all LIB_FUZZING_ENGINE=/path/to/libFuzzer.a"
# to link the fuzzer(s) against a real fuzzing engine.
@ -53,4 +53,4 @@ checksrc:
@PERL@ $(top_srcdir)/lib/checksrc.pl $(srcdir)/*.c
noinst_PROGRAMS = $(FUZZPROGS)
noinst_LIBRARIES = $(FUZZLIBS)
noinst_LIBRARIES = $(FUZZLIBS)

+ 5
- 5
tests/fuzz/Makefile.inc View File

@ -1,15 +1,15 @@
FUZZPROGS = curl_fuzzer
FUZZLIBS = libstandaloneengine.a
curl_fuzzer_SOURCES = curl_fuzzer.c
curl_fuzzer_CFLAGS = $(AM_CFLAGS)
curl_fuzzer_SOURCES = curl_fuzzer.cc
curl_fuzzer_CXXFLAGS = $(AM_CXXFLAGS)
libstandaloneengine_a_SOURCES = standalone_fuzz_target_runner.c
libstandaloneengine_a_CFLAGS = $(AM_CFLAGS)
libstandaloneengine_a_SOURCES = standalone_fuzz_target_runner.cc
libstandaloneengine_a_CXXFLAGS = $(AM_CXXFLAGS)
# Some more targets.
zip:
zip -q -r curl_fuzzer_seed_corpus.zip curl_fuzz_data
check: all
./curl_fuzzer curl_fuzz_data/*
./curl_fuzzer curl_fuzz_data/*

+ 2
- 0
tests/fuzz/README View File

@ -8,7 +8,9 @@ Building the fuzz target
From the CURL root directory:
export CC=clang-5.0
export CXX=clang++-5.0
export CFLAGS="-fsanitize=address -fsanitize-address-use-after-scope -fsanitize-coverage=trace-pc-guard,trace-cmp"
export CXXFLAGS="-fsanitize=address -fsanitize-address-use-after-scope -fsanitize-coverage=trace-pc-guard,trace-cmp -stdlib=libc++"
./configure --disable-shared --enable-debug --enable-maintainer-mode
make -sj


tests/fuzz/curl_fuzzer.c → tests/fuzz/curl_fuzzer.cc View File


+ 1
- 1
tests/fuzz/curl_fuzzer.h View File

@ -21,6 +21,7 @@
***************************************************************************/
#include <curl/curl.h>
#include <testinput.h>
/**
* TLV types.
@ -107,7 +108,6 @@ typedef struct fuzz_data
} FUZZ_DATA;
/* Function prototypes */
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
uint32_t to_u32(uint8_t b[4]);
uint16_t to_u16(uint8_t b[2]);
int fuzz_initialize_fuzz_data(FUZZ_DATA *fuzz,


tests/fuzz/standalone_fuzz_target_runner.c → tests/fuzz/standalone_fuzz_target_runner.cc View File


tests/fuzz/standalone_fuzz_target_runner.h → tests/fuzz/testinput.h View File


Loading…
Cancel
Save