Bug 1177759 - re-org fuzz dir, r=ttaubert

Differential Revision: https://nss-review.dev.mozaws.net/D242

3 files changed, 82 insertions, 0 deletions

diff --git a/fuzz/config/clone_corpus.sh b/fuzz/config/clone_corpus.sh
new file mode 100755
index 000000000..9c17d2062
--- /dev/null
+++ b/fuzz/config/clone_corpus.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+d=$(dirname $0)
+$d/git-copy.sh https://github.com/mozilla/nss-fuzzing-corpus master $d/corpus
diff --git a/fuzz/config/clone_libfuzzer.sh b/fuzz/config/clone_libfuzzer.sh
new file mode 100755
index 000000000..9b9e096a9
--- /dev/null
+++ b/fuzz/config/clone_libfuzzer.sh
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+d=$(dirname $0)
+$d/git-copy.sh https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer b96a41ac6bbc3824fc7c7977662bebacac8f0983 $d/libFuzzer
+
+# [https://llvm.org/bugs/show_bug.cgi?id=31318]
+# This prevents a known buffer overrun that won't be fixed as the affected code
+# will go away in the near future. Until that is we have to patch it as we seem
+# to constantly run into it.
+cat <<EOF | patch -p0 -d $d
+diff --git libFuzzer/FuzzerLoop.cpp libFuzzer/FuzzerLoop.cpp
+--- libFuzzer/FuzzerLoop.cpp
++++ libFuzzer/FuzzerLoop.cpp
+@@ -476,6 +476,9 @@
+   uint8_t dummy;
+   ExecuteCallback(&dummy, 0);
+
++  // Number of counters might have changed.
++  PrepareCounters(&MaxCoverage);
++
+   for (const auto &U : *InitialCorpus) {
+     if (size_t NumFeatures = RunOne(U)) {
+       CheckExitOnSrcPosOrItem();
+EOF
+
+# Latest Libfuzzer uses __sanitizer_dump_coverage(), a symbol to be introduced
+# with LLVM 4.0. To keep our code working with LLVM 3.x to simplify development
+# of fuzzers we'll just provide it ourselves.
+cat <<EOF | patch -p0 -d $d
+diff --git libFuzzer/FuzzerTracePC.cpp libFuzzer/FuzzerTracePC.cpp
+--- libFuzzer/FuzzerTracePC.cpp
++++ libFuzzer/FuzzerTracePC.cpp
+@@ -33,6 +33,12 @@
+ ATTRIBUTE_INTERFACE
+ uintptr_t __sancov_trace_pc_pcs[fuzzer::TracePC::kNumPCs];
+
++#if defined(__clang_major__) && (__clang_major__ == 3)
++void __sanitizer_dump_coverage(const uintptr_t *pcs, uintptr_t len) {
++  // SanCov in LLVM 4.x will provide this symbol. Make 3.x work.
++}
++#endif
++
+ namespace fuzzer {
+
+ TracePC TPC;
+EOF
diff --git a/fuzz/config/git-copy.sh b/fuzz/config/git-copy.sh
new file mode 100755
index 000000000..1389ddabd
--- /dev/null
+++ b/fuzz/config/git-copy.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+set -e
+
+if [ $# -lt 3 ]; then
+  echo "Usage: $0 <repo> <branch> <directory>" 1>&2
+  exit 2
+fi
+
+REPO=$1
+COMMIT=$2
+DIR=$3
+
+echo "Copy '$COMMIT' from '$REPO' to '$DIR'"
+if [ -f $DIR/.git-copy ]; then
+  CURRENT=$(cat $DIR/.git-copy)
+  if [ $(echo -n $COMMIT | wc -c) != "40" ]; then
+    ACTUAL=$(git ls-remote $REPO $COMMIT | cut -c 1-40 -)
+  else
+    ACTUAL=$COMMIT
+  fi
+  if [ CURRENT = ACTUAL ]; then
+    echo "Up to date."
+  fi
+fi
+
+mkdir -p $DIR
+git -C $DIR init -q
+git -C $DIR fetch -q --depth=1 $REPO $COMMIT:git-copy-tmp
+git -C $DIR reset --hard git-copy-tmp
+git -C $DIR show-ref HEAD | cut -c 1-40 - > $DIR/.git-copy
+rm -rf $DIR/.git