diff options
| author | 2019-12-10 08:44:52 -0800 | |
|---|---|---|
| committer | 2019-12-10 17:35:55 +0000 | |
| commit | 734b4cb62f1d0d8aee6fa8c08ae7616d4129489f (patch) | |
| tree | aeba0f32d2d21c8372631ed62d7fe6e5cc3171ed /java/app_test.go | |
| parent | 4858e4171975e99c57587e42f811a52b510e773d (diff) | |
Add $ORIGIN to fuzzer-coverage sanitized .so's.
Build fuzzer-sanitized libraries with an $ORIGIN DT_RUNPATH. Android's linker
uses DT_RUNPATH, not DT_RPATH. When we deploy cc_fuzz targets and their
libraries to /data/fuzz/<arch>/lib, any transient shared library gets the
DT_RUNPATH from the shared library above it, and not the executable, meaning
that the lookup falls back to the system. Adding the $ORIGIN to the DT_RUNPATH
here means that transient shared libraries can be found colocated with their
parents.
This may have some interesting consequences if:
1. Your fuzz target depends on a shared library which has `sanitize.fuzzer:
false` (as the DT_RUNPATH won't have `$ORIGIN`, and so you may get missing
libraries).
2. A `SANITIZE_TARGET=fuzzer` platform has a shared object in two
different directories (like system vs. ndk) and is depending on the linker
implementation details to resolve this in some manner.
I don't believe either of these instances should reasonably happen in
practise.
Fixes: 145973404
Fixes: 145988908
Test: m example_fuzzer
Change-Id: I94cbf628fc1ce15c43283d72bdabd9817de1fef8
Diffstat (limited to 'java/app_test.go')
0 files changed, 0 insertions, 0 deletions