|
| 1 | +#!/usr/bin/env bash |
| 2 | +# This Source Code Form is subject to the terms of the Mozilla Public |
| 3 | +# License, v. 2.0. If a copy of the MPL was not distributed with this |
| 4 | +# file, You can obtain one at https://mozilla.org/MPL/2.0/. |
| 5 | + |
| 6 | +set -e |
| 7 | +set -x |
| 8 | +set -o pipefail |
| 9 | + |
| 10 | +# shellcheck source=recipes/linux/common.sh |
| 11 | +source .local/bin/common.sh |
| 12 | + |
| 13 | +# Clone nss/nspr |
| 14 | +retry hg clone https://hg.mozilla.org/projects/nspr |
| 15 | +retry hg clone https://hg.mozilla.org/projects/nss |
| 16 | + |
| 17 | +# Build nss with --fuzz=tsan |
| 18 | +pushd nss |
| 19 | +./build.sh -c -v --fuzz=tsan --disable-tests |
| 20 | +popd |
| 21 | + |
| 22 | +# Setup fuzzmanger |
| 23 | +get-tc-secret fuzzmanagerconf "$HOME/.fuzzmanagerconf" |
| 24 | + |
| 25 | +# Setup gcloud |
| 26 | +mkdir -p ~/.config/gcloud |
| 27 | +get-tc-secret ossfuzz-gutils ~/.config/gcloud/application_default_credentials.json raw |
| 28 | +echo -e "[Credentials]\ngs_service_key_file = /home/worker/.config/gcloud/application_default_credentials.json" > .boto |
| 29 | + |
| 30 | +# Clone corpora |
| 31 | +mkdir -p ./corpus/nss_tls-client-no_fuzzer_mode |
| 32 | +mkdir -p ./corpus/nss_dtls-client-no_fuzzer_mode |
| 33 | + |
| 34 | +pushd corpus/nss_tls-client-no_fuzzer_mode |
| 35 | +gsutil cp "gs://nss-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/nss_tls-client-no_fuzzer_mode/latest.zip" . |
| 36 | +unzip latest.zip |
| 37 | +rm -f latest.zip |
| 38 | +popd |
| 39 | + |
| 40 | +pushd corpus/nss_dtls-client-no_fuzzer_mode |
| 41 | +gsutil cp "gs://nss-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/nss_dtls-client-no_fuzzer_mode/latest.zip" . |
| 42 | +unzip latest.zip |
| 43 | +rm -f latest.zip |
| 44 | +popd |
| 45 | + |
| 46 | +# TSan setup |
| 47 | +export TSAN_OPTIONS="halt_on_error=1 suppressions=$PWD/nss/fuzz/config/tsan.suppressions" |
| 48 | + |
| 49 | +function check-for-crash() { |
| 50 | + local binary=$1 |
| 51 | + |
| 52 | + if [ -f crash-* ]; then |
| 53 | + zip -r testcase.zip crash-* |
| 54 | + collector --submit --stdout stdout.log --crashdata stderr.log \ |
| 55 | + --binary $binary --tool nss-tsan-fuzz \ |
| 56 | + --testcase testcase.zip |
| 57 | + rm -rf crash-* testcase.zip |
| 58 | + fi |
| 59 | +} |
| 60 | + |
| 61 | +# Run tls client target |
| 62 | +BINARY="dist/Debug/bin/nsstsan-tls-client" |
| 63 | +THREADS=$((2 + RANDOM % 25)) |
| 64 | +MAX_TIME=$((60 * 60 * 5)) |
| 65 | + |
| 66 | +timeout -k $((MAX_TIME + 300)) $((MAX_TIME + 300)) \ |
| 67 | + $BINARY run ./corpus/nss_tls-client-no_fuzzer_mode $THREADS $MAX_TIME \ |
| 68 | + > stdout.log 2> stderr.log || true |
| 69 | +check-for-crash $BINARY |
| 70 | + |
| 71 | +# Run dtls client target |
| 72 | +BINARY="dist/Debug/bin/nsstsan-dtls-client" |
| 73 | +THREADS=$((2 + RANDOM % 25)) |
| 74 | +MAX_TIME=$((60 * 60 * 5)) |
| 75 | + |
| 76 | +timeout -k $((MAX_TIME + 300)) $((MAX_TIME + 300)) \ |
| 77 | + $BINARY run ./corpus/nss_dtls-client-no_fuzzer_mode $THREADS $MAX_TIME \ |
| 78 | + > stdout.log 2> stderr.log || true |
| 79 | +check-for-crash $BINARY |
| 80 | + |
| 81 | +# Run database target |
| 82 | +BINARY="dist/Debug/bin/nsstsan-database" |
| 83 | +THREADS=$((2 + RANDOM % 25)) |
| 84 | +MAX_TIME=$((60 * 60 * 2)) |
| 85 | + |
| 86 | +mkdir nsstsandb && \ |
| 87 | + certutil -N -d sql:nsstsandb --empty-password |
| 88 | + |
| 89 | +timeout -k $((MAX_TIME + 300)) $((MAX_TIME + 300)) \ |
| 90 | + $BINARY run $THREADS $MAX_TIME > stdout.log 2> stderr.log || true |
| 91 | +check-for-crash $BINARY |
0 commit comments