Closed Bug 1806369 Opened 3 years ago Closed 3 years ago

Avoid cloning/building libFuzzer, use Clang's version instead

Categories

(NSS :: Build, enhancement)

Product:
NSS
Platform:
x86_64
Linux
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: decoder, Assigned: decoder)

References

Details

(Keywords: sec-other)

Attachments

(1 file)

Bug 1806369 - Don't clone libFuzzer, rely on clang instead. r?djackson,truber
48 bytes, text/x-phabricator-request
Details | Review

It is generally not advisable to build libFuzzer yourself nowadays unless you have requirements that force you to (like mozilla-central requiring it for additional patches). The recommended way currently is to

  • compile all source files with -fsanitize=fuzzer-no-link which will automatically pick whatever combination of instrumentation is required and recommended for libFuzzer and

  • link with -fsanitize=fuzzer which will automatically link the libFuzzer runtime parts.

Doing so also ensures that the libFuzzer version matches the Clang version. Furthermore, newest libFuzzer builds now require the use of C++17, so it wouldn't even build in the NSS build system without further changes.

I have a patch to just use the libFuzzer version that ships with Clang. All of this only affects the non-oss fuzzing builds as oss-fuzz provides its own engine and configuration.

Keeping s-s until we have integrated all the recent fuzzing changes and made sure that everything runs smoothly on oss-fuzz.

Regressions: 1809627

https://hg.mozilla.org/projects/nss/rev/0a3c0801ffb55a8df551a0503a3f51f7ef7a223b

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: