OSS-fuzz needs some love

Andrew Bartlett abartlet at samba.org
Mon Sep 6 08:33:35 UTC 2021

On Sat, 2021-09-04 at 13:30 +0300, Uri Simchoni via samba-technical
> What I have so far is in 
> https://gitlab.com/samba-team/samba/-/merge_requests/2152
> I'll continue this in a few days hopefully.
> One fuzzer, namely fuzz_parse_lpq_entry, doesn't pass check_build, 
> whereas the others pass the check_build of oss-fuzz (at least in address 
> sanitizer and libfuzzer mode). Our check_build.sh stops as soon as it 
> reaches fuzz_parse_lpq_entry so IDK if it passes the rest (probably yes 
> because of the oss-fuzz result).
> The issue with fuzz_parse_lpq_entry seems to be that it references 
> libtracker-data.so without RPATH.

Remember that the way the system copies in the libraries that are
'needed' on the target is to use ldd.  If somehow the need for this
doesn't show up with ldd, it will be missed.

That might be due to our build rules or due to how libtracker-data.so
is brought in.  It also doesn't seem likely to be used by
fuzz_parse_lbq_entry so perhaps either the dependencies could be
trimmed or for fuzzing tracker support could be omitted (change the
configure options). 

Thanks so much for giving this a go!

Andrew Bartlett

Andrew Bartlett (he/him)        https://samba.org/~abartlet/
Samba Team Member (since 2001)  https://samba.org
Samba Developer, Catalyst IT    https://catalyst.net.nz/services/samba

More information about the samba-technical mailing list