Updated fuzzer scripts

Point to new Chromium location Also enable UBSan Change-Id: I4ba182e3c6a967ad89090b776d05762fa9ae6e40

Updated fuzzer scripts
Point to new Chromium location Also enable UBSan Change-Id: I4ba182e3c6a967ad89090b776d05762fa9ae6e40
af6c0e68 · Wouter van Oortmerssen · 7c3cb5ca · af6c0e68 · af6c0e68 · af6c0e68
Commit af6c0e68 authored Jul 16, 2018 by Wouter van Oortmerssen
4 changed files
--- a/tests/fuzzer/build_fuzzer.sh
+++ b/tests/fuzzer/build_fuzzer.sh
@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-git clone https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer
-clang++ -c -g -O2 -std=c++11 Fuzzer/*.cpp -IFuzzer
+git clone https://chromium.googlesource.com/chromium/llvm-project/compiler-rt/lib/fuzzer
+clang++ -c -g -O2 -std=c++11 fuzzer/*.cpp -Ifuzzer
 ar ruv libFuzzer.a Fuzzer*.o
-rm -rf Fuzzer *.o
+rm -rf fuzzer *.o
--- a/tests/fuzzer/build_run_parser_test.sh
+++ b/tests/fuzzer/build_run_parser_test.sh
@@ -14,7 +14,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-clang++ -fsanitize-coverage=edge -fsanitize=address -std=c++11 -stdlib=libstdc++ -I.. -I../../include flatbuffers_parser_fuzzer.cc ../../src/idl_parser.cpp ../../src/util.cpp libFuzzer.a -o fuzz_parser
+clang++ -fsanitize-coverage=edge -fsanitize=address -fsanitize=undefined \
+  -g -fno-omit-frame-pointer -std=c++11 -stdlib=libstdc++ \
+  -I.. -I../../include flatbuffers_parser_fuzzer.cc ../../src/idl_parser.cpp \
+  ../../src/util.cpp libFuzzer.a -o fuzz_parser
 mkdir -p parser_corpus
 cp ../*.json ../*.fbs parser_corpus
 ./fuzz_parser parser_corpus
--- a/tests/fuzzer/build_run_verifier_test.sh
+++ b/tests/fuzzer/build_run_verifier_test.sh
@@ -14,7 +14,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-clang++ -fsanitize-coverage=edge -fsanitize=address -std=c++11 -stdlib=libstdc++ -I.. -I../../include flatbuffers_verifier_fuzzer.cc libFuzzer.a -o fuzz_verifier
+clang++ -fsanitize-coverage=edge -fsanitize=address -fsanitize=undefined \
+  -g -fno-omit-frame-pointer -std=c++11 -stdlib=libstdc++ \
+  -I.. -I../../include flatbuffers_verifier_fuzzer.cc libFuzzer.a -o fuzz_verifier
 mkdir -p verifier_corpus
 cp ../*.mon verifier_corpus
 ./fuzz_verifier verifier_corpus
--- a/tests/test.cpp
+++ b/tests/test.cpp
@@ -1978,6 +1978,18 @@ void UninitializedVectorTest() {
  TEST_EQ(test_1->b(), 40);
 }

+// For testing any binaries, e.g. from fuzzing.
+void LoadVerifyBinaryTest() {
+  std::string binary;
+  if (flatbuffers::LoadFile((test_data_path +
+                             "fuzzer/your-filename-here").c_str(),
+                            true, &binary)) {
+    flatbuffers::Verifier verifier(
+          reinterpret_cast<const uint8_t *>(binary.data()), binary.size());
+    TEST_EQ(VerifyMonsterBuffer(verifier), true);
+  }
+}
+
 int main(int /*argc*/, const char * /*argv*/ []) {
  // clang-format off
  #if defined(FLATBUFFERS_MEMORY_LEAK_TRACKING) && \
@@ -2021,6 +2033,7 @@ int main(int /*argc*/, const char * /*argv*/ []) {
    ReflectionTest(flatbuf.data(), flatbuf.size());
    ParseProtoTest();
    UnionVectorTest();
+    LoadVerifyBinaryTest();
  #endif
  // clang-format on