diff options
author | Franziskus Kiefer <franziskuskiefer@gmail.com> | 2017-03-08 09:22:41 +0100 |
---|---|---|
committer | Franziskus Kiefer <franziskuskiefer@gmail.com> | 2017-03-08 09:22:41 +0100 |
commit | 2fe896a59b52ab6e42009c4eb9f67a1e5bdc86ea (patch) | |
tree | 275c23df9c56ae3eadcba34980d5e7e455bcfa3a /fuzz/config | |
parent | 271fa081c5bdbdd87c6497cd1619f4cb3ec663d4 (diff) | |
download | nss-hg-2fe896a59b52ab6e42009c4eb9f67a1e5bdc86ea.tar.gz |
Bug 1177759 - re-org fuzz dir, r=ttaubert
Differential Revision: https://nss-review.dev.mozaws.net/D242
Diffstat (limited to 'fuzz/config')
-rwxr-xr-x | fuzz/config/clone_corpus.sh | 4 | ||||
-rwxr-xr-x | fuzz/config/clone_libfuzzer.sh | 46 | ||||
-rwxr-xr-x | fuzz/config/git-copy.sh | 32 |
3 files changed, 82 insertions, 0 deletions
diff --git a/fuzz/config/clone_corpus.sh b/fuzz/config/clone_corpus.sh new file mode 100755 index 000000000..9c17d2062 --- /dev/null +++ b/fuzz/config/clone_corpus.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +d=$(dirname $0) +$d/git-copy.sh https://github.com/mozilla/nss-fuzzing-corpus master $d/corpus diff --git a/fuzz/config/clone_libfuzzer.sh b/fuzz/config/clone_libfuzzer.sh new file mode 100755 index 000000000..9b9e096a9 --- /dev/null +++ b/fuzz/config/clone_libfuzzer.sh @@ -0,0 +1,46 @@ +#!/bin/sh + +d=$(dirname $0) +$d/git-copy.sh https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer b96a41ac6bbc3824fc7c7977662bebacac8f0983 $d/libFuzzer + +# [https://llvm.org/bugs/show_bug.cgi?id=31318] +# This prevents a known buffer overrun that won't be fixed as the affected code +# will go away in the near future. Until that is we have to patch it as we seem +# to constantly run into it. +cat <<EOF | patch -p0 -d $d +diff --git libFuzzer/FuzzerLoop.cpp libFuzzer/FuzzerLoop.cpp +--- libFuzzer/FuzzerLoop.cpp ++++ libFuzzer/FuzzerLoop.cpp +@@ -476,6 +476,9 @@ + uint8_t dummy; + ExecuteCallback(&dummy, 0); + ++ // Number of counters might have changed. ++ PrepareCounters(&MaxCoverage); ++ + for (const auto &U : *InitialCorpus) { + if (size_t NumFeatures = RunOne(U)) { + CheckExitOnSrcPosOrItem(); +EOF + +# Latest Libfuzzer uses __sanitizer_dump_coverage(), a symbol to be introduced +# with LLVM 4.0. To keep our code working with LLVM 3.x to simplify development +# of fuzzers we'll just provide it ourselves. +cat <<EOF | patch -p0 -d $d +diff --git libFuzzer/FuzzerTracePC.cpp libFuzzer/FuzzerTracePC.cpp +--- libFuzzer/FuzzerTracePC.cpp ++++ libFuzzer/FuzzerTracePC.cpp +@@ -33,6 +33,12 @@ + ATTRIBUTE_INTERFACE + uintptr_t __sancov_trace_pc_pcs[fuzzer::TracePC::kNumPCs]; + ++#if defined(__clang_major__) && (__clang_major__ == 3) ++void __sanitizer_dump_coverage(const uintptr_t *pcs, uintptr_t len) { ++ // SanCov in LLVM 4.x will provide this symbol. Make 3.x work. ++} ++#endif ++ + namespace fuzzer { + + TracePC TPC; +EOF diff --git a/fuzz/config/git-copy.sh b/fuzz/config/git-copy.sh new file mode 100755 index 000000000..1389ddabd --- /dev/null +++ b/fuzz/config/git-copy.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +if [ $# -lt 3 ]; then + echo "Usage: $0 <repo> <branch> <directory>" 1>&2 + exit 2 +fi + +REPO=$1 +COMMIT=$2 +DIR=$3 + +echo "Copy '$COMMIT' from '$REPO' to '$DIR'" +if [ -f $DIR/.git-copy ]; then + CURRENT=$(cat $DIR/.git-copy) + if [ $(echo -n $COMMIT | wc -c) != "40" ]; then + ACTUAL=$(git ls-remote $REPO $COMMIT | cut -c 1-40 -) + else + ACTUAL=$COMMIT + fi + if [ CURRENT = ACTUAL ]; then + echo "Up to date." + fi +fi + +mkdir -p $DIR +git -C $DIR init -q +git -C $DIR fetch -q --depth=1 $REPO $COMMIT:git-copy-tmp +git -C $DIR reset --hard git-copy-tmp +git -C $DIR show-ref HEAD | cut -c 1-40 - > $DIR/.git-copy +rm -rf $DIR/.git |