Update build scripts for Botan (#200)

Botan's fuzzers now have builtin maximums where necessary, instead of relying on max len option. So the code to generate the .options files goes. Suggested by @kcc in #150 Use corpus for the common formats, seems to help with initial coverage at least. Disables Botan's pool allocator at build time, since it hides things from ASan. The fuzzer driver already tries to disable it at runtime in LLVMFuzzerInitialize, but the Clusterfuzz coverage report indicates that this init function is not ever called, and the pool allocator ends up being used.
google · Dec 17, 2016 · 89b7e9c · 89b7e9c
1 parent 6a1d6b0
commit 89b7e9c
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 13 deletions.
diff --git a/projects/botan/Dockerfile b/projects/botan/Dockerfile
@@ -18,5 +18,6 @@ FROM ossfuzz/base-libfuzzer
 MAINTAINER jack@randombit.net
 RUN apt-get install -y make python
 RUN git clone --depth 1 https://github.com/randombit/botan.git botan
+RUN git clone --depth 1 https://github.com/randombit/crypto-corpus.git crypto-corpus
 WORKDIR botan
 COPY build.sh $SRC/
diff --git a/projects/botan/build.sh b/projects/botan/build.sh
@@ -19,25 +19,18 @@ cd $SRC/botan
 
 # This assumes $CC is set to either 'clang' or 'gcc'
 ./configure.py --cc=$CC --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" \
-               --unsafe-fuzzer-mode --disable-shared
+               --unsafe-fuzzer-mode --disable-shared --disable-modules=locking_allocator
 make -j$(nproc) libbotan-1.11.a
 
 jigs=$(find $SRC/botan/src/extra_tests/fuzzers/jigs -name "*.cpp")
 
 for fuzzer_src in $jigs; do
-  fuzzer_name=$(basename $fuzzer_src .cpp)
+  fuzzer=$(basename $fuzzer_src .cpp)
   $CXX $CXXFLAGS -DUSE_LLVM_FUZZER -std=c++11 -I$SRC/botan/build/include \
-       -o $OUT/$fuzzer_name $fuzzer_src -L$SRC/botan -lbotan-1.11 -lFuzzingEngine
+       -o $OUT/$fuzzer $fuzzer_src -L$SRC/botan -lbotan-1.11 -lFuzzingEngine
 
-  max_len=1024 # default max_len
-  if [ $fuzzer_name = 'ecc_bp256' ] || [ $fuzzer_name = 'ecc_p256' ] || [ $fuzzer_name = 'redc_p256' ]; then
-      max_len=64
-  elif [ $fuzzer_name = 'ecc_p384' ] || [ $fuzzer_name = 'redc_p384' ]; then
-      max_len=96
-  elif [ $fuzzer_name = 'ecc_p521' ] || [ $fuzzer_name = 'redc_p521' ]; then
-      max_len=132
+  if [ -d "$SRC/crypto-corpus/${fuzzer}" ]; then
+    zip -j $OUT/${fuzzer}_seed_corpus.zip $SRC/crypto-corpus/${fuzzer}/*
   fi
-
-  echo -en "[libfuzzer]\nmax_len = $max_len\n" > $OUT/${fuzzer_name}.options
-
 done
+