mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-08 19:04:45 +00:00
Bug 1708409 - Include libFuzzer in xpcshell r=decoder
libFuzzer is already included in the firefox binary, so including it in libxul is problematic. Differential Revision: https://phabricator.services.mozilla.com/D113899
This commit is contained in:
parent
806ce6ffd1
commit
24ef473acb
@ -181,6 +181,10 @@ static int do_main(int argc, char* argv[], char* envp[]) {
|
||||
sandboxing::GetInitializedBrokerServices();
|
||||
#endif
|
||||
|
||||
#ifdef LIBFUZZER
|
||||
shellData.fuzzerDriver = fuzzer::FuzzerDriver;
|
||||
#endif
|
||||
|
||||
return gBootstrap->XRE_XPCShellMain(--argc, argv, envp, &shellData);
|
||||
}
|
||||
|
||||
|
@ -10,6 +10,9 @@ SOURCES += [
|
||||
"xpcshell.cpp",
|
||||
]
|
||||
|
||||
if CONFIG["LIBFUZZER"]:
|
||||
USE_LIBS += ["fuzzer"]
|
||||
|
||||
if CONFIG["MOZ_WIDGET_TOOLKIT"] == "cocoa":
|
||||
SOURCES += [
|
||||
"xpcshellMacUtils.mm",
|
||||
|
@ -37,6 +37,10 @@
|
||||
# include "BaseProfiler.h"
|
||||
#endif
|
||||
|
||||
#ifdef LIBFUZZER
|
||||
# include "FuzzerDefs.h"
|
||||
#endif
|
||||
|
||||
int main(int argc, char** argv, char** envp) {
|
||||
#ifdef MOZ_WIDGET_GTK
|
||||
// A default display may or may not be required for xpcshell tests, and so
|
||||
@ -75,6 +79,10 @@ int main(int argc, char** argv, char** envp) {
|
||||
|
||||
mozilla::Bootstrap::UniquePtr bootstrap = bootstrapResult.unwrap();
|
||||
|
||||
#ifdef LIBFUZZER
|
||||
shellData.fuzzerDriver = fuzzer::FuzzerDriver;
|
||||
#endif
|
||||
|
||||
int result = bootstrap->XRE_XPCShellMain(argc, argv, envp, &shellData);
|
||||
|
||||
#ifdef MOZ_GECKO_PROFILER
|
||||
|
@ -84,6 +84,7 @@
|
||||
// Fuzzing support for XPC runtime fuzzing
|
||||
#ifdef FUZZING_INTERFACES
|
||||
# include "xpcrtfuzzing/xpcrtfuzzing.h"
|
||||
# include "XREShellData.h"
|
||||
static bool fuzzDoDebug = !!getenv("MOZ_FUZZ_DEBUG");
|
||||
static bool fuzzHaveModule = !!getenv("FUZZER");
|
||||
#endif // FUZZING_INTERFACES
|
||||
@ -1361,11 +1362,16 @@ int XRE_XPCShellMain(int argc, char** argv, char** envp,
|
||||
{
|
||||
#ifdef FUZZING_INTERFACES
|
||||
if (fuzzHaveModule) {
|
||||
# ifdef LIBFUZZER
|
||||
// argv[0] was removed previously, but libFuzzer expects it
|
||||
argc++;
|
||||
argv--;
|
||||
|
||||
result = FuzzXPCRuntimeStart(&jsapi, &argc, &argv);
|
||||
result = FuzzXPCRuntimeStart(&jsapi, &argc, &argv,
|
||||
aShellData->fuzzerDriver);
|
||||
# elif __AFL_COMPILER
|
||||
MOZ_CRASH("AFL is unsupported for XPC runtime fuzzing integration");
|
||||
# endif
|
||||
} else {
|
||||
#endif
|
||||
// We are almost certainly going to run script here, so we need an
|
||||
|
@ -46,12 +46,8 @@ UNIFIED_SOURCES += [
|
||||
]
|
||||
|
||||
|
||||
if CONFIG["FUZZING_INTERFACES"]:
|
||||
if CONFIG["LIBFUZZER"]:
|
||||
UNIFIED_SOURCES += ["xpcrtfuzzing/xpcrtfuzzing.cpp"]
|
||||
USE_LIBS += [
|
||||
"static:fuzzer",
|
||||
]
|
||||
|
||||
|
||||
XPCOM_MANIFESTS += [
|
||||
"components.conf",
|
||||
|
@ -11,7 +11,6 @@
|
||||
|
||||
#include <stdio.h> // fflush, fprintf, fputs
|
||||
|
||||
#include "FuzzerDefs.h"
|
||||
#include "FuzzingInterface.h"
|
||||
#include "jsapi.h" // JS_ClearPendingException, JS_IsExceptionPending, JS_SetProperty
|
||||
|
||||
@ -38,7 +37,8 @@ static void CrashOnPendingException() {
|
||||
}
|
||||
}
|
||||
|
||||
int FuzzXPCRuntimeStart(AutoJSAPI* jsapi, int* argc, char*** argv) {
|
||||
int FuzzXPCRuntimeStart(AutoJSAPI* jsapi, int* argc, char*** argv,
|
||||
LibFuzzerDriver fuzzerDriver) {
|
||||
gFuzzModuleName = getenv("FUZZER");
|
||||
gJsapi = jsapi;
|
||||
|
||||
@ -48,11 +48,7 @@ int FuzzXPCRuntimeStart(AutoJSAPI* jsapi, int* argc, char*** argv) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef LIBFUZZER
|
||||
return fuzzer::FuzzerDriver(argc, argv, FuzzXPCRuntimeFuzz);
|
||||
#elif __AFL_COMPILER
|
||||
MOZ_CRASH("AFL is unsupported for XPC runtime fuzzing integration");
|
||||
#endif
|
||||
return fuzzerDriver(argc, argv, FuzzXPCRuntimeFuzz);
|
||||
}
|
||||
|
||||
int FuzzXPCRuntimeInit() {
|
||||
|
@ -10,10 +10,11 @@
|
||||
#define shell_xpcrtfuzzing_h
|
||||
|
||||
#include "mozilla/dom/ScriptSettings.h" // mozilla::dom::AutoJSAPI
|
||||
#include "FuzzerRegistry.h" // LibFuzzerDriver
|
||||
|
||||
// This is the entry point of the XPC runtime fuzzing code from the XPC shell
|
||||
int FuzzXPCRuntimeStart(mozilla::dom::AutoJSAPI* jsapi, int* argc,
|
||||
char*** argv);
|
||||
int FuzzXPCRuntimeStart(mozilla::dom::AutoJSAPI* jsapi, int* argc, char*** argv,
|
||||
LibFuzzerDriver);
|
||||
|
||||
// These are the traditional libFuzzer-style functions for initialization
|
||||
// and fuzzing iteration.
|
||||
|
@ -7,6 +7,10 @@
|
||||
#ifndef XREShellData_h
|
||||
#define XREShellData_h
|
||||
|
||||
#if defined(LIBFUZZER)
|
||||
# include "FuzzerRegistry.h" // LibFuzzerDriver
|
||||
#endif
|
||||
|
||||
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
|
||||
namespace sandbox {
|
||||
class BrokerServices;
|
||||
@ -27,6 +31,9 @@ struct XREShellData {
|
||||
FILE* outFile;
|
||||
FILE* errFile;
|
||||
#endif
|
||||
#if defined(LIBFUZZER)
|
||||
LibFuzzerDriver fuzzerDriver;
|
||||
#endif
|
||||
};
|
||||
|
||||
#endif // XREShellData_h
|
||||
|
Loading…
Reference in New Issue
Block a user