Bug 1708409 - Include libFuzzer in xpcshell r=decoder

libFuzzer is already included in the firefox binary, so including it in libxul is problematic. Differential Revision: https://phabricator.services.mozilla.com/D113899
2024-10-08 19:04:45 +00:00 · 2021-04-30 17:46:15 +00:00 · 2021-04-30 17:46:15 +00:00 · 24ef473acb
commit 24ef473acb
parent 806ce6ffd1
8 changed files with 36 additions and 15 deletions
--- a/browser/app/nsBrowserApp.cpp
+++ b/browser/app/nsBrowserApp.cpp
@ -181,6 +181,10 @@ static int do_main(int argc, char* argv[], char* envp[]) {
        sandboxing::GetInitializedBrokerServices();
 #endif

+#ifdef LIBFUZZER
+    shellData.fuzzerDriver = fuzzer::FuzzerDriver;
+#endif
+
    return gBootstrap->XRE_XPCShellMain(--argc, argv, envp, &shellData);
  }

--- a/js/xpconnect/shell/moz.build
+++ b/js/xpconnect/shell/moz.build
@ -10,6 +10,9 @@ SOURCES += [
    "xpcshell.cpp",
 ]

+if CONFIG["LIBFUZZER"]:
+    USE_LIBS += ["fuzzer"]
+
 if CONFIG["MOZ_WIDGET_TOOLKIT"] == "cocoa":
    SOURCES += [
        "xpcshellMacUtils.mm",
--- a/js/xpconnect/shell/xpcshell.cpp
+++ b/js/xpconnect/shell/xpcshell.cpp
@ -37,6 +37,10 @@
 #  include "BaseProfiler.h"
 #endif

+#ifdef LIBFUZZER
+#  include "FuzzerDefs.h"
+#endif
+
 int main(int argc, char** argv, char** envp) {
 #ifdef MOZ_WIDGET_GTK
  // A default display may or may not be required for xpcshell tests, and so
@ -75,6 +79,10 @@ int main(int argc, char** argv, char** envp) {

  mozilla::Bootstrap::UniquePtr bootstrap = bootstrapResult.unwrap();

+#ifdef LIBFUZZER
+  shellData.fuzzerDriver = fuzzer::FuzzerDriver;
+#endif
+
  int result = bootstrap->XRE_XPCShellMain(argc, argv, envp, &shellData);

 #ifdef MOZ_GECKO_PROFILER
--- a/js/xpconnect/src/XPCShellImpl.cpp
+++ b/js/xpconnect/src/XPCShellImpl.cpp
@ -84,6 +84,7 @@
 // Fuzzing support for XPC runtime fuzzing
 #ifdef FUZZING_INTERFACES
 #  include "xpcrtfuzzing/xpcrtfuzzing.h"
+#  include "XREShellData.h"
 static bool fuzzDoDebug = !!getenv("MOZ_FUZZ_DEBUG");
 static bool fuzzHaveModule = !!getenv("FUZZER");
 #endif  // FUZZING_INTERFACES
@ -1361,11 +1362,16 @@ int XRE_XPCShellMain(int argc, char** argv, char** envp,
      {
 #ifdef FUZZING_INTERFACES
        if (fuzzHaveModule) {
+#  ifdef LIBFUZZER
          // argv[0] was removed previously, but libFuzzer expects it
          argc++;
          argv--;

-          result = FuzzXPCRuntimeStart(&jsapi, &argc, &argv);
+          result = FuzzXPCRuntimeStart(&jsapi, &argc, &argv,
+                                       aShellData->fuzzerDriver);
+#  elif __AFL_COMPILER
+          MOZ_CRASH("AFL is unsupported for XPC runtime fuzzing integration");
+#  endif
        } else {
 #endif
          // We are almost certainly going to run script here, so we need an
--- a/js/xpconnect/src/moz.build
+++ b/js/xpconnect/src/moz.build
@ -46,12 +46,8 @@ UNIFIED_SOURCES += [
 ]


-if CONFIG["FUZZING_INTERFACES"]:
+if CONFIG["LIBFUZZER"]:
    UNIFIED_SOURCES += ["xpcrtfuzzing/xpcrtfuzzing.cpp"]
-    USE_LIBS += [
-        "static:fuzzer",
-    ]
-

 XPCOM_MANIFESTS += [
    "components.conf",
--- a/js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.cpp
+++ b/js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.cpp
@ -11,7 +11,6 @@

 #include <stdio.h>  // fflush, fprintf, fputs

-#include "FuzzerDefs.h"
 #include "FuzzingInterface.h"
 #include "jsapi.h"  // JS_ClearPendingException, JS_IsExceptionPending, JS_SetProperty

@ -38,7 +37,8 @@ static void CrashOnPendingException() {
  }
 }

-int FuzzXPCRuntimeStart(AutoJSAPI* jsapi, int* argc, char*** argv) {
+int FuzzXPCRuntimeStart(AutoJSAPI* jsapi, int* argc, char*** argv,
+                        LibFuzzerDriver fuzzerDriver) {
  gFuzzModuleName = getenv("FUZZER");
  gJsapi = jsapi;

@ -48,11 +48,7 @@ int FuzzXPCRuntimeStart(AutoJSAPI* jsapi, int* argc, char*** argv) {
    return ret;
  }

-#ifdef LIBFUZZER
-  return fuzzer::FuzzerDriver(argc, argv, FuzzXPCRuntimeFuzz);
-#elif __AFL_COMPILER
-  MOZ_CRASH("AFL is unsupported for XPC runtime fuzzing integration");
-#endif
+  return fuzzerDriver(argc, argv, FuzzXPCRuntimeFuzz);
 }

 int FuzzXPCRuntimeInit() {
--- a/js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.h
+++ b/js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.h
@ -10,10 +10,11 @@
 #define shell_xpcrtfuzzing_h

 #include "mozilla/dom/ScriptSettings.h"  // mozilla::dom::AutoJSAPI
+#include "FuzzerRegistry.h"              // LibFuzzerDriver

 // This is the entry point of the XPC runtime fuzzing code from the XPC shell
-int FuzzXPCRuntimeStart(mozilla::dom::AutoJSAPI* jsapi, int* argc,
-                        char*** argv);
+int FuzzXPCRuntimeStart(mozilla::dom::AutoJSAPI* jsapi, int* argc, char*** argv,
+                        LibFuzzerDriver);

 // These are the traditional libFuzzer-style functions for initialization
 // and fuzzing iteration.
--- a/xpcom/build/XREShellData.h
+++ b/xpcom/build/XREShellData.h
@ -7,6 +7,10 @@
 #ifndef XREShellData_h
 #define XREShellData_h

+#if defined(LIBFUZZER)
+#  include "FuzzerRegistry.h"  // LibFuzzerDriver
+#endif
+
 #if defined(XP_WIN) && defined(MOZ_SANDBOX)
 namespace sandbox {
 class BrokerServices;
@ -27,6 +31,9 @@ struct XREShellData {
  FILE* outFile;
  FILE* errFile;
 #endif
+#if defined(LIBFUZZER)
+  LibFuzzerDriver fuzzerDriver;
+#endif
 };

 #endif  // XREShellData_h