From d4fef0982f703e5825dd7d0aabfa972286598519 Mon Sep 17 00:00:00 2001 From: linderd <19273958+linderd@users.noreply.github.com> Date: Sun, 3 Dec 2023 16:38:02 +0100 Subject: [PATCH] fix msan-problems in fuzzer-environment --- .clusterfuzzlite/Dockerfile | 2 +- .clusterfuzzlite/build.sh | 2 +- CMakeLists.txt | 2 +- regress/parser-libfuzzer/common.c | 2 ++ regress/parser-libfuzzer/run_test.sh | 1 + 5 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.clusterfuzzlite/Dockerfile b/.clusterfuzzlite/Dockerfile index 316c26ea..5ac96f08 100644 --- a/.clusterfuzzlite/Dockerfile +++ b/.clusterfuzzlite/Dockerfile @@ -1,7 +1,7 @@ FROM gcr.io/oss-fuzz-base/base-builder:v1 ENV CLUSTERFUZZLITE=TRUE -RUN apt-get update && apt-get install -y bison libssl-dev libevent-dev libsystemd-dev +RUN apt-get update && apt-get install -y bison libssl-dev libevent-dev COPY . $SRC/openiked-portable WORKDIR openiked-portable COPY .clusterfuzzlite/build.sh $SRC/ diff --git a/.clusterfuzzlite/build.sh b/.clusterfuzzlite/build.sh index 6bb324cc..47728c2f 100755 --- a/.clusterfuzzlite/build.sh +++ b/.clusterfuzzlite/build.sh @@ -1,7 +1,7 @@ #!/bin/bash -eu # build project -cmake -S . -B build -DCMAKE_BUILD_TYPE=Release -DCLUSTERFUZZ=ON +cmake -S . -B build -DCMAKE_BUILD_TYPE=DEBUG -DCLUSTERFUZZ=ON cmake --build build # copy binary and dict to $OUT diff --git a/CMakeLists.txt b/CMakeLists.txt index a90fc8f7..418997f1 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -409,7 +409,7 @@ if(CLUSTERFUZZ) add_subdirectory(regress/parser-libfuzzer) if (NOT DEFINED ENV{CLUSTERFUZZLITE}) set(CMAKE_C_COMPILER clang) - string(APPEND CMAKE_C_FLAGS " -g -O1 -fsanitize=fuzzer-no-link") + string(APPEND CMAKE_C_FLAGS " -g -O0 -fsanitize=fuzzer-no-link") endif() endif() add_subdirectory(compat) diff --git a/regress/parser-libfuzzer/common.c b/regress/parser-libfuzzer/common.c index 7871d208..2030e75e 100644 --- a/regress/parser-libfuzzer/common.c +++ b/regress/parser-libfuzzer/common.c @@ -12,6 +12,7 @@ #include #include +#include #include "iked.h" #include "types.h" @@ -162,6 +163,7 @@ ssize_t ikev2_nat_detection(struct iked *env, struct iked_message *msg, void *ptr, size_t len, u_int type, int frompeer) { + bzero(ptr, len); return (0); } diff --git a/regress/parser-libfuzzer/run_test.sh b/regress/parser-libfuzzer/run_test.sh index 9560e07d..d77855d4 100644 --- a/regress/parser-libfuzzer/run_test.sh +++ b/regress/parser-libfuzzer/run_test.sh @@ -1,6 +1,7 @@ #!/bin/sh # script to run the parser-fuzzer for 5 minutes with the right options +# use repo github.com/openiked/openiked-fuzzing/corpus/test_libfuzzer as corpus for faster results # ASAN-option to help finding the source of memory leaks export ASAN_OPTIONS=fast_unwind_on_malloc=0