1#!/bin/bash -eu
2# Copyright 2016 Google Inc.
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8#      http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16################################################################################
17
18set -o errexit
19set -o nounset
20
21readonly FUZZER_DICTIONARIES=(
22  test/core/end2end/fuzzers/hpack.dictionary
23)
24
25readonly FUZZER_TARGETS=(
26  test/core/json:json_fuzzer
27  test/core/uri:uri_fuzzer_test
28  test/core/http:request_fuzzer
29  test/core/http:response_fuzzer
30  test/core/nanopb:fuzzer_response
31  test/core/nanopb:fuzzer_serverlist
32  test/core/slice:percent_decode_fuzzer
33  test/core/slice:percent_encode_fuzzer
34  test/core/transport/chttp2:hpack_parser_fuzzer
35  test/core/end2end/fuzzers:client_fuzzer
36  test/core/end2end/fuzzers:server_fuzzer
37  test/core/security:ssl_server_fuzzer
38  test/core/security:alts_credentials_fuzzer
39)
40
41# build grpc
42# Temporary hack, see https://github.com/google/oss-fuzz/issues/383
43readonly NO_VPTR='--copt=-fno-sanitize=vptr --linkopt=-fno-sanitize=vptr'
44
45# Copied from envoy's build.sh
46# Copy $CFLAGS and $CXXFLAGS into Bazel command-line flags, for both
47# compilation and linking.
48#
49# Some flags, such as `-stdlib=libc++`, generate warnings if used on a C source
50# file. Since the build runs with `-Werror` this will cause it to break, so we
51# use `--conlyopt` and `--cxxopt` instead of `--copt`.
52#
53readonly EXTRA_BAZEL_FLAGS="$(
54for f in ${CFLAGS}; do
55  echo "--conlyopt=${f}" "--linkopt=${f}"
56done
57for f in ${CXXFLAGS}; do
58  echo "--cxxopt=${f}" "--linkopt=${f}"
59done
60if [ "$SANITIZER" = "undefined" ]
61then
62  # Bazel uses clang to link binary, which does not link clang_rt ubsan library for C++ automatically.
63  # See issue: https://github.com/bazelbuild/bazel/issues/8777
64  echo "--linkopt=$(find $(llvm-config --libdir) -name libclang_rt.ubsan_standalone_cxx-x86_64.a | head -1)"
65fi
66)"
67
68tools/bazel build \
69  --dynamic_mode=off \
70  --spawn_strategy=standalone \
71  --genrule_strategy=standalone \
72  ${NO_VPTR} \
73  --strip=never \
74  --linkopt=-lc++ \
75  --linkopt=-pthread \
76  --copt=${LIB_FUZZING_ENGINE} \
77  --linkopt=${LIB_FUZZING_ENGINE} \
78  ${EXTRA_BAZEL_FLAGS} \
79  ${FUZZER_TARGETS[@]} \
80  --verbose_failures
81
82# Profiling with coverage requires that we resolve+copy all Bazel symlinks and
83# also remap everything under proc/self/cwd to correspond to Bazel build paths.
84if [ "${SANITIZER}" = 'coverage' ]
85then
86  # The build invoker looks for sources in $SRC, but it turns out that we need
87  # to not be buried under src/, paths are expected at out/proc/self/cwd by
88  # the profiler.
89  readonly REMAP_PATH="${OUT}/proc/self/cwd"
90  mkdir -p "${REMAP_PATH}"
91  rsync -av "${SRC}"/grpc/src "${REMAP_PATH}"
92  rsync -av "${SRC}"/grpc/test "${REMAP_PATH}"
93  # Remove filesystem loop manually.
94  rm -rf "${SRC}"/grpc/bazel-grpc/external/grpc
95  # Clean up symlinks with a missing referrant.
96  find "${SRC}"/grpc/bazel-grpc/external -follow -type l -ls -delete || echo 'Symlink cleanup soft fail'
97  rsync -avLk "${SRC}"/grpc/bazel-grpc/external "${REMAP_PATH}"
98  # For .h, and some generated artifacts, we need bazel-out/. Need to heavily
99  # filter out the build objects from bazel-out/. Also need to resolve symlinks,
100  # since they don't make sense outside the build container.
101  readonly RSYNC_FILTER_ARGS=(
102    '--include=*.h'
103    '--include=*.cc'
104    '--include=*.hpp'
105    '--include=*.cpp'
106    '--include=*.c'
107    '--include=*/'
108    '--exclude=*'
109  )
110  rsync -avLk "${RSYNC_FILTER_ARGS[@]}" "${SRC}"/grpc/bazel-out "${REMAP_PATH}"
111  rsync -avLkR "${RSYNC_FILTER_ARGS[@]}" "${HOME}" "${OUT}"
112  rsync -avLkR "${RSYNC_FILTER_ARGS[@]}" /tmp "${OUT}"
113fi
114
115for target in "${FUZZER_TARGETS[@]}"; do
116  # replace : with /
117  fuzzer_name=${target/:/\/}
118  echo "Copying fuzzer $fuzzer_name"
119  cp "bazel-bin/$fuzzer_name" "$OUT/"
120done
121
122# Copy dictionaries and options files to $OUT/
123for dict in "${FUZZER_DICTIONARIES[@]}"; do
124  cp "${dict}" "${OUT}/"
125done
126
127cp ${SRC}/grpc/tools/fuzzer/options/*.options "${OUT}/"
128
129# We don't have a consistent naming convention between fuzzer files and corpus
130# directories so we resort to hard coding zipping corpuses
131zip "${OUT}/json_fuzzer_seed_corpus.zip" test/core/json/corpus/*
132zip "${OUT}/uri_fuzzer_test_seed_corpus.zip" test/core/uri/uri_corpus/*
133zip "${OUT}/request_fuzzer_seed_corpus.zip" test/core/http/request_corpus/*
134zip "${OUT}/response_fuzzer_seed_corpus.zip" test/core/http/response_corpus/*
135zip "${OUT}/fuzzer_response_seed_corpus.zip" test/core/nanopb/corpus_response/*
136zip "${OUT}/fuzzer_serverlist_seed_corpus.zip" test/core/nanopb/corpus_serverlist/*
137zip "${OUT}/percent_decode_fuzzer_seed_corpus.zip" test/core/slice/percent_decode_corpus/*
138zip "${OUT}/percent_encode_fuzzer_seed_corpus.zip" test/core/slice/percent_encode_corpus/*
139zip "${OUT}/hpack_parser_fuzzer_seed_corpus.zip" test/core/transport/chttp2/hpack_parser_corpus/*
140zip "${OUT}/client_fuzzer_seed_corpus.zip" test/core/end2end/fuzzers/client_fuzzer_corpus/*
141zip "${OUT}/server_fuzzer_seed_corpus.zip" test/core/end2end/fuzzers/server_fuzzer_corpus/*
142zip "${OUT}/ssl_server_fuzzer_seed_corpus.zip" test/core/security/corpus/ssl_server_corpus/*
143zip "${OUT}/alts_credentials_fuzzer_seed_corpus.zip" test/core/security/corpus/alts_credentials_corpus/*
144