Improvements of OSS-Fuzz integration #33724
Description
Is your feature request related to a problem? Please describe.
Please describe the problem you are trying to solve.
This feature is not related to a problem.
Describe the solution you'd like
Please describe the desired behavior.
This feature asks for tighter integration with continuous fuzzing via OSS-Fuzz. In this PR google/oss-fuzz#3860 (comment) I integrated NodeJS with fuzzing and so far it was used to capture this bug #33640
However, the current integration could be improved and it would be desirable to cover more of NodeJS with fuzzers, as briefly discussed with @bnoordhuis in the above PR. Specifically, there are two core parts where the integration with OSS-Fuzz can improve: (1) integrating the build procedure with the OSS-Fuzz environment more closely with the NodeJS environment and (2) building more fuzzers.
Regarding part 1 then the current strategy (build.sh here https://github.com/google/oss-fuzz/pull/3860/files) compiles the NodeJS core in an awkward manner by first running make without any proper OSS-Fuzz flags and then re-comiling the .cc files of node/src with the proper OSS-Fuzz flags, in order to create a static archive.
The OSS-Fuzz environment sets the following environment variables when compiling the fuzzers to something similar to this:
export CC=clang
export CXX=clang++
export CFLAGS="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link"
export CXXFLAGS="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link -stdlib=libc++"
export LIB_FUZZING_ENGINE="-fsanitize=fuzzer"
It would be nice if the build process of NodeJS can integrate a fuzzing part which enables us to compile with the OSS-Fuzz variables (CFLAGS, CXXFLAGS and LIB_FUZZING_ENGINE) above. The LIB_FUZZING_ENGINE variable is only used for linking the final fuzzer and should not be used on any of the compiled libraries. Also note that to get the fuzzers compiled properly they should be compiled against static libraries. As I see the desired goal is, therefore, to have the files in node/src be compiled with the CFLAGS and CXXFLAGS variables above.
Regarding part 2 then I can certainly start writing more fuzzers and covering more of the NodeJS code, but if you have any suggestions of good APIs for fuzzing then here would be a good place to write I think.