OSS-fuzz needs some love
Uri Simchoni
uri at samba.org
Mon Sep 6 08:42:20 UTC 2021
On 9/6/21 11:33 AM, Andrew Bartlett wrote:
> On Sat, 2021-09-04 at 13:30 +0300, Uri Simchoni via samba-technical
> wrote:
>> What I have so far is in
>> https://gitlab.com/samba-team/samba/-/merge_requests/2152
>>
>> I'll continue this in a few days hopefully.
>>
>> One fuzzer, namely fuzz_parse_lpq_entry, doesn't pass check_build,
>> whereas the others pass the check_build of oss-fuzz (at least in address
>> sanitizer and libfuzzer mode). Our check_build.sh stops as soon as it
>> reaches fuzz_parse_lpq_entry so IDK if it passes the rest (probably yes
>> because of the oss-fuzz result).
>>
>> The issue with fuzz_parse_lpq_entry seems to be that it references
>> libtracker-data.so without RPATH.
>
> Remember that the way the system copies in the libraries that are
> 'needed' on the target is to use ldd. If somehow the need for this
> doesn't show up with ldd, it will be missed.
>
> That might be due to our build rules or due to how libtracker-data.so
> is brought in. It also doesn't seem likely to be used by
> fuzz_parse_lbq_entry so perhaps either the dependencies could be
> trimmed or for fuzzing tracker support could be omitted (change the
> configure options).
>
> Thanks so much for giving this a go!
>
> Andrew Bartlett
>
I thnk I got it - libtracker-sparkle-2.0.so.0 has a RUNPATH on
/usr/lib/x86_64-linux-gnu/tracker-2.0 - presumably to ensure it gets the
libtracker-data from the same build. Removing the RUNPATH (chrpath -d)
seems to do the trick, but I've yet to verify this full cycle.
Thanks,
Uri.
More information about the samba-technical
mailing list