OSS-fuzz needs some love

Uri Simchoni uri at samba.org
Sat Sep 4 10:30:41 UTC 2021 

What I have so far is in 
https://gitlab.com/samba-team/samba/-/merge_requests/2152

I'll continue this in a few days hopefully.

One fuzzer, namely fuzz_parse_lpq_entry, doesn't pass check_build, 
whereas the others pass the check_build of oss-fuzz (at least in address 
sanitizer and libfuzzer mode). Our check_build.sh stops as soon as it 
reaches fuzz_parse_lpq_entry so IDK if it passes the rest (probably yes 
because of the oss-fuzz result).

The issue with fuzz_parse_lpq_entry seems to be that it references 
libtracker-data.so without RPATH.

The changes I made to oss-fuzz code base to test this are in the 
attached patch set - the first patch does the actual upgrade, and the 
others are to support testing from local source on my machine.

Using those patches I basically follow the instructions from 
https://google.github.io/oss-fuzz/advanced-topics/reproducing/#reproducing-build-failures 
that is running from the oss-fuzz root dir:

python infra/helper.py build_image samba
python infra/helper.py build_fuzzers --sanitizer address --engine 
libfuzzer --architecture x86_64
python infra/helper.py check_build --sanitizer address --engine 
libfuzzer --architecture x86_64

Uri.

On 9/3/21 10:49 PM, Andrew Bartlett wrote:
> On Fri, 2021-09-03 at 22:11 +0300, Uri Simchoni wrote:
>> With the attached obvious patch, the oss-fuzz build succeeds on
>> their
>> stock image. Haven't actually *ran* the fuzzer binaries though.
> 
> If you could run some of the check_build steps that would be awesome.
> 
> https://google.github.io/oss-fuzz/advanced-topics/reproducing/#reproducing-build-failures
> 
>> What do you suppose I should do on the oss-fuzz side? Do I just issue
>> a
>> pull request, or do I have to be listed somewhere?
> 
> A pull request is all they need, you will have to do a CLA.  Do that
> once you get your change in master via the normal process.
> 
>> Regarding drop of 16.04 build, we don't seem to have one in CI, so I
>> can
>> just remove the old Python exception. Do note however that oss-fuzz
>> builds with clang, so we might want to have an Ubuntu 20.04+clang CI
>> job
>> to ensure that build doesn't fail when it gets to oss-fuzz.
> 
> See the samba-fuzz target in .gitlab-ci-main.yml.  That needs to match
> your change in what you attached.
> 
> In terms of the clang thing, as a second step we could change that
> target to more closely match oss-fuzz now it has a modern base.
> 
> Thanks so much!
> 
> Andrew Bartlett
> 
>> I hope that helps,
>> Uri.
>>
>> On 9/1/21 11:10 PM, Andrew Bartlett via samba-technical wrote:
>>> Looks like work needs to be done to confirm we build in oss-fuzz
>>> mode
>>> on 20.04, upgrade the Dockerfile on their side to say so, then on
>>> our
>>> side drop the 16.04 build (and the old python exception for the
>>> fuzzing
>>> case in buildtools/wafsamba/samba_python.py).
>>>
>>> Andrew Bartlett
>>>

-------------- next part --------------
From febb69d99a66febffdaf8741fbd56c324d4d23de Mon Sep 17 00:00:00 2001
From: Uri Simchoni <urisimchoni at gmail.com>
Date: Sat, 4 Sep 2021 07:55:02 +0300
Subject: [PATCH 1/3] projects/samba: use Ubuntu 20.04 image

Signed-off-by: Uri Simchoni <urisimchoni at gmail.com>
---
 projects/samba/Dockerfile | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/projects/samba/Dockerfile b/projects/samba/Dockerfile
index e2d7f54b..3d3ee35a 100644
--- a/projects/samba/Dockerfile
+++ b/projects/samba/Dockerfile
@@ -14,11 +14,7 @@
 #
 ################################################################################
 
-# Using Ubuntu 16.04 because of breakage on Ubuntu 20.04.
-# See https://github.com/google/oss-fuzz/issues/6291 for more details.
-FROM gcr.io/oss-fuzz-base/base-builder:xenial
-# Delete line above and uncomment line below to upgrade to 20.04.
-# FROM gcr.io/oss-fuzz-base/base-builder
+FROM gcr.io/oss-fuzz-base/base-builder
 
 RUN git clone https://gitlab.com/samba-team/samba samba
 RUN samba/lib/fuzzing/oss-fuzz/build_image.sh
-- 
2.31.1


From db31570c690711951f09e16dbb445005498c7f0c Mon Sep 17 00:00:00 2001
From: Uri Simchoni <urisimchoni at gmail.com>
Date: Sat, 4 Sep 2021 13:08:57 +0300
Subject: [PATCH 2/3] FOR-TESTING: work around podman issue

---
 infra/helper.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/infra/helper.py b/infra/helper.py
index f9b86a6b..34d36704 100755
--- a/infra/helper.py
+++ b/infra/helper.py
@@ -636,7 +636,8 @@ def build_fuzzers_impl(  # pylint: disable=too-many-arguments,too-many-locals,to
   if env_to_add:
     env += env_to_add
 
-  command = ['--cap-add', 'SYS_PTRACE'] + _env_to_docker_args(env)
+#  command = ['--cap-add', 'SYS_PTRACE'] + _env_to_docker_args(env)
+  command = _env_to_docker_args(env)
   if source_path:
     workdir = _workdir_from_dockerfile(project)
     if mount_path:
-- 
2.31.1


From 449faf79a5017891f0890aeeba130ce34199fa21 Mon Sep 17 00:00:00 2001
From: Uri Simchoni <urisimchoni at gmail.com>
Date: Sat, 4 Sep 2021 13:09:34 +0300
Subject: [PATCH 3/3] FOR-TESTING: build samba oss-fuzz image with local source
 tarball

To generate the tarball, use:

git archive --prefix=samba/ -o ~/samba-oss-fuzz.tgz HEAD

And then copy the tarball to projects/samba/
---
 projects/samba/Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/projects/samba/Dockerfile b/projects/samba/Dockerfile
index 3d3ee35a..0825aa1c 100644
--- a/projects/samba/Dockerfile
+++ b/projects/samba/Dockerfile
@@ -16,7 +16,8 @@
 
 FROM gcr.io/oss-fuzz-base/base-builder
 
-RUN git clone https://gitlab.com/samba-team/samba samba
+#RUN git clone https://gitlab.com/samba-team/samba samba
+ADD samba-oss-fuzz.tgz $SRC/
 RUN samba/lib/fuzzing/oss-fuzz/build_image.sh
 
 WORKDIR samba
-- 
2.31.1

More information about the samba-technical mailing list