Added memory sanitizer to fuzzers

2025-10-31 00:32:37 +01:00 · 2020-08-03 09:24:30 +02:00
parent 1f8636d762
commit 74e7dd053f
3 changed files with 29 additions and 24 deletions
--- a/.travis.yml
+++ b/.travis.yml
@@ -128,20 +128,6 @@ matrix:
    - env: SCRIPT=arduino VERSION=1.8.2 BOARD=arduino:samd:mkr1000
    - env: SCRIPT=platformio BOARD=uno
    - env: SCRIPT=platformio BOARD=esp01
-    - addons:
-        apt:
-          sources:
-            - sourceline: 'deb https://apt.llvm.org/xenial/ llvm-toolchain-xenial-9 main'
-              key_url: 'https://apt.llvm.org/llvm-snapshot.gpg.key'
-          packages: ['clang-9','llvm-9']
-      env: SCRIPT=fuzz CLANG=9 FUZZER=json
-    - addons:
-        apt:
-          sources:
-            - sourceline: 'deb https://apt.llvm.org/xenial/ llvm-toolchain-xenial-9 main'
-              key_url: 'https://apt.llvm.org/llvm-snapshot.gpg.key'
-          packages: ['clang-9','llvm-9']
-      env: SCRIPT=fuzz CLANG=9 FUZZER=msgpack
 cache:
  directories:
    - "~/.platformio"
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -2,7 +2,7 @@
 # Copyright Benoit Blanchon 2014-2020
 # MIT License

-cmake_minimum_required(VERSION 3.7)
+cmake_minimum_required(VERSION 3.0)

 project(ArduinoJson VERSION 6.16.0)

--- a/extras/fuzzing/CMakeLists.txt
+++ b/extras/fuzzing/CMakeLists.txt
@@ -22,22 +22,25 @@ target_link_libraries(json_reproducer
 	ArduinoJson
 )

-macro(add_fuzzer name)	
-	set(FUZZER "${name}_fuzzer")
+# Infer path of llvm-symbolizer from the path of clang
+string(REPLACE "clang++" "llvm-symbolizer" LLVM_SYMBOLIZER ${CMAKE_CXX_COMPILER})
+
+macro(add_fuzzer name mode)	
+	set(FUZZER "${name}_${mode}_fuzzer")
 	set(CORPUS_DIR "${CMAKE_CURRENT_SOURCE_DIR}/${name}_corpus")
 	set(SEED_CORPUS_DIR "${CMAKE_CURRENT_SOURCE_DIR}/${name}_seed_corpus")
 	add_executable("${FUZZER}"
-		"${FUZZER}.cpp"
+		"${name}_fuzzer.cpp"
 	)
 	target_link_libraries("${FUZZER}"
 		ArduinoJson
 	)
 	set_target_properties("${FUZZER}"
 		PROPERTIES 
-	    	COMPILE_FLAGS  
-				"-fprofile-instr-generate -fcoverage-mapping -fsanitize=address,undefined,fuzzer -fno-sanitize-recover=all"
+			COMPILE_FLAGS  
+				"-fprofile-instr-generate -fcoverage-mapping -fsanitize=${mode},fuzzer -fno-sanitize-recover=all"
 			LINK_FLAGS
-				"-fprofile-instr-generate -fcoverage-mapping -fsanitize=address,undefined,fuzzer -fno-sanitize-recover=all"
+				"-fprofile-instr-generate -fcoverage-mapping -fsanitize=${mode},fuzzer -fno-sanitize-recover=all"
 	)

 	add_test(
@@ -46,9 +49,25 @@ macro(add_fuzzer name)
 		COMMAND
 			"${FUZZER}" "${CORPUS_DIR}" "${SEED_CORPUS_DIR}" -max_total_time=5 -timeout=1
 	)
+
+	set_tests_properties("${FUZZER}"
+		PROPERTIES
+			ENVIRONMENT
+				ASAN_SYMBOLIZER_PATH=${LLVM_SYMBOLIZER}
+			ENVIRONMENT
+				LLVM_SYMBOLIZER_PATH=${LLVM_SYMBOLIZER}
+			ENVIRONMENT
+				MSAN_SYMBOLIZER_PATH=${LLVM_SYMBOLIZER}
+			ENVIRONMENT
+				UBSAN_SYMBOLIZER_PATH=${LLVM_SYMBOLIZER}
+	)
 endmacro()

-if (CMAKE_CXX_COMPILER_ID STREQUAL "Clang" AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL 6)
-	add_fuzzer(json)
-	add_fuzzer(msgpack)
+if (CMAKE_CXX_COMPILER_ID STREQUAL "Clang" AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 6)
+	add_fuzzer(json address)
+	add_fuzzer(json memory)
+	add_fuzzer(json undefined)
+	add_fuzzer(msgpack address)
+	add_fuzzer(msgpack memory)
+	add_fuzzer(msgpack undefined)
 endif()