search

trailofbits / ruzzy

A coverage-guided fuzzer for pure Ruby code and Ruby C extensions
GNU Affero General Public License v3.0
80 stars 5 forks source link

Use apt clang instead of manually installing clang #12

Closed mschwager closed 9 months ago

mschwager commented 9 months ago

Using -lstdc++ fixes issues like:

$ ruby -e 'require "ruzzy"; print Ruzzy::ASAN_PATH'
<internal:/usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb>:85:in `require': /var/lib/gems/3.1.0/gems/ruzzy-0.6.0/lib/cruzzy/cruzzy.so: undefined symbol: _ZNSt6thread6_StateD2Ev - /var/lib/gems/3.1.0/gems/ruzzy-0.6.0/lib/cruzzy/cruzzy.so (LoadError)
    from <internal:/usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb>:85:in `require'
    from /var/lib/gems/3.1.0/gems/ruzzy-0.6.0/lib/ruzzy.rb:7:in `<module:Ruzzy>'
    from /var/lib/gems/3.1.0/gems/ruzzy-0.6.0/lib/ruzzy.rb:6:in `<top (required)>'
    from <internal:/usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb>:160:in `require'
    from <internal:/usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb>:160:in `rescue in require'
    from <internal:/usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb>:149:in `require'
    from -e:1:in `<main>'
<internal:/usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb>:85:in `require': cannot load such file -- ruzzy (LoadError)
    from <internal:/usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb>:85:in `require'
    from -e:1:in `<main>'

Changing the dummy code was necessary because older versions of clang do not set detect_stack_use_after_return=1 by default. Instead of adding this to the environment, I decided to use different ASAN violation code so we don't require ASAN_OPTIONS modification.

There's some debate as to whether we should use -lstdc++ or -lc++. I'm not sure what the right answer is, but -lstdc++ works for me while -lc++ doesn't. These links may help give some context or recommendations: