From 8c6637bab2a4a3caee28a5337f7c2fcedf43c246 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Wed, 8 May 2019 23:23:55 +0200 Subject: [PATCH 1/4] travis: make sure the fuzzers can be built in "local" mode --- travis-ci/managers/fuzzbuzz.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/travis-ci/managers/fuzzbuzz.sh b/travis-ci/managers/fuzzbuzz.sh index 0a296f75f8..4edf8948b5 100755 --- a/travis-ci/managers/fuzzbuzz.sh +++ b/travis-ci/managers/fuzzbuzz.sh @@ -6,7 +6,16 @@ set -u REPO_ROOT=${REPO_ROOT:-$(pwd)} +sudo apt-get update -y +sudo apt-get build-dep systemd -y +sudo apt-get install -y ninja-build python3-pip python3-setuptools +pip3 install meson + cd $REPO_ROOT +tools/oss-fuzz.sh +timeout --preserve-status 5 ./out/fuzz-unit-file +git clean -dxff + wget https://app.fuzzbuzz.io/releases/cli/latest/linux/fuzzbuzz chmod +x fuzzbuzz ./fuzzbuzz validate From 9c5c4677fa22c2fc87599c15ca972627ceb17bd7 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Thu, 9 May 2019 00:03:41 +0200 Subject: [PATCH 2/4] fuzzers: use -fsanitizer=fuzzer if clang supports it Closes https://github.com/systemd/systemd/issues/10645 --- meson.build | 19 +++++++++++++++++-- tools/oss-fuzz.sh | 4 ++-- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/meson.build b/meson.build index eaf0eddcb1..9506274239 100644 --- a/meson.build +++ b/meson.build @@ -303,7 +303,14 @@ else endif if want_libfuzzer - fuzzing_engine = meson.get_compiler('cpp').find_library('Fuzzer') + fuzzing_engine = meson.get_compiler('cpp').find_library('Fuzzer', required : false) + if fuzzing_engine.found() + add_project_arguments('-fsanitize-coverage=trace-pc-guard,trace-cmp', language : 'c') + elif cc.has_argument('-fsanitize=fuzzer-no-link') + add_project_arguments('-fsanitize=fuzzer-no-link', language : 'c') + else + error('Looks like neither libFuzzer nor -fsanitize=fuzzer-no-link is supported') + endif elif want_ossfuzz fuzzing_engine = meson.get_compiler('cpp').find_library('FuzzingEngine') elif want_fuzzbuzz @@ -2825,9 +2832,16 @@ foreach tuple : fuzzers dependencies = tuple[2] defs = tuple.length() >= 4 ? tuple[3] : [] incs = tuple.length() >= 5 ? tuple[4] : includes + link_args = [] - if fuzzer_build + if want_ossfuzz or want_fuzzbuzz dependencies += fuzzing_engine + elif want_libfuzzer + if fuzzing_engine.found() + dependencies += fuzzing_engine + else + link_args += ['-fsanitize=fuzzer'] + endif else sources += 'src/fuzz/fuzz-main.c' endif @@ -2845,6 +2859,7 @@ foreach tuple : fuzzers link_with : link_with, dependencies : dependencies, c_args : defs, + link_args: link_args, install : false) endforeach endif diff --git a/tools/oss-fuzz.sh b/tools/oss-fuzz.sh index 610bb9c235..6d9010ce16 100755 --- a/tools/oss-fuzz.sh +++ b/tools/oss-fuzz.sh @@ -10,7 +10,7 @@ export CXX=${CXX:-clang++} clang_version="$($CC --version | sed -nr 's/.*version ([^ ]+?) .*/\1/p' | sed -r 's/-$//')" SANITIZER=${SANITIZER:-address -fsanitize-address-use-after-scope} -flags="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=$SANITIZER -fsanitize-coverage=trace-pc-guard,trace-cmp" +flags="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=$SANITIZER" clang_lib="/usr/lib64/clang/${clang_version}/lib/linux" [ -d "$clang_lib" ] || clang_lib="/usr/lib/clang/${clang_version}/lib/linux" @@ -33,7 +33,7 @@ if [ -z "$FUZZING_ENGINE" ]; then fi meson $build -D$fuzzflag -Db_lundef=false -ninja -C $build fuzzers +ninja -v -C $build fuzzers # The seed corpus is a separate flat archive for each fuzzer, # with a fixed name ${fuzzer}_seed_corpus.zip. From 0cd158f643510452c755d1679a053a65a6013f5d Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Thu, 9 May 2019 18:21:38 +0200 Subject: [PATCH 3/4] README: bring the coverity badge back This reverts commit bf0e551c176fc7aec6b3413d3b311f3e6610df65. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 98e9a7458a..5ed7cfceac 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,7 @@ Count of open issues over time Count of open pull requests over time [![Semaphore CI Build Status](https://semaphoreci.com/api/v1/projects/28a5a3ca-3c56-4078-8b5e-7ed6ef912e14/443470/shields_badge.svg)](https://semaphoreci.com/systemd/systemd)
+[![Coverity Scan Status](https://scan.coverity.com/projects/350/badge.svg)](https://scan.coverity.com/projects/350)
[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/1369/badge)](https://bestpractices.coreinfrastructure.org/projects/1369)
[![Travis CI Build Status](https://travis-ci.org/systemd/systemd.svg?branch=master)](https://travis-ci.org/systemd/systemd)
[![Language Grade: C/C++](https://img.shields.io/lgtm/grade/cpp/g/systemd/systemd.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/systemd/systemd/context:cpp)
From a0603f8c281f090a6d134b522480cccccee59c24 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Tue, 14 May 2019 13:47:56 +0200 Subject: [PATCH 4/4] tests: make fuzzbuzz.sh compatible with Azure Pipelines again Now that https://github.com/systemd/systemd/pull/12542 is merged, fuzzbuzz.sh should be changed a little bit to make it work on Azure Pipelines. We can no longer assume that source repositories are added "automagically" by Travis CI or that PATH is set properly. --- travis-ci/managers/fuzzbuzz.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/travis-ci/managers/fuzzbuzz.sh b/travis-ci/managers/fuzzbuzz.sh index 4edf8948b5..74c22529ae 100755 --- a/travis-ci/managers/fuzzbuzz.sh +++ b/travis-ci/managers/fuzzbuzz.sh @@ -6,12 +6,14 @@ set -u REPO_ROOT=${REPO_ROOT:-$(pwd)} +sudo bash -c "echo 'deb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted universe multiverse' >>/etc/apt/sources.list" sudo apt-get update -y sudo apt-get build-dep systemd -y sudo apt-get install -y ninja-build python3-pip python3-setuptools pip3 install meson cd $REPO_ROOT +export PATH="$HOME/.local/bin/:$PATH" tools/oss-fuzz.sh timeout --preserve-status 5 ./out/fuzz-unit-file git clean -dxff