From a1ac157ade3f2373c3b8d571500053c073e6c97e Mon Sep 17 00:00:00 2001
From: Benoit Blanchon <git@benoitblanchon.fr>
Date: Mon, 3 Aug 2020 09:24:30 +0200
Subject: [PATCH] Added memory sanitizer to fuzzers

---
 .travis.yml                   | 14 --------------
 extras/fuzzing/CMakeLists.txt | 35 +++++++++++++++++++++++++++--------
 2 files changed, 27 insertions(+), 22 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 822ea66c1..c95b7d379 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -128,20 +128,6 @@ matrix:
     - env: SCRIPT=arduino VERSION=1.8.2 BOARD=arduino:samd:mkr1000
     - env: SCRIPT=platformio BOARD=uno
     - env: SCRIPT=platformio BOARD=esp01
-    - addons:
-        apt:
-          sources:
-            - sourceline: 'deb https://apt.llvm.org/xenial/ llvm-toolchain-xenial-9 main'
-              key_url: 'https://apt.llvm.org/llvm-snapshot.gpg.key'
-          packages: ['clang-9','llvm-9']
-      env: SCRIPT=fuzz CLANG=9 FUZZER=json
-    - addons:
-        apt:
-          sources:
-            - sourceline: 'deb https://apt.llvm.org/xenial/ llvm-toolchain-xenial-9 main'
-              key_url: 'https://apt.llvm.org/llvm-snapshot.gpg.key'
-          packages: ['clang-9','llvm-9']
-      env: SCRIPT=fuzz CLANG=9 FUZZER=msgpack
 cache:
   directories:
     - "~/.platformio"
diff --git a/extras/fuzzing/CMakeLists.txt b/extras/fuzzing/CMakeLists.txt
index a6313470a..b1c6dd93a 100644
--- a/extras/fuzzing/CMakeLists.txt
+++ b/extras/fuzzing/CMakeLists.txt
@@ -22,22 +22,25 @@ target_link_libraries(json_reproducer
 	ArduinoJson
 )
 
-macro(add_fuzzer name)	
-	set(FUZZER "${name}_fuzzer")
+# Infer path of llvm-symbolizer from the path of clang
+string(REPLACE "clang++" "llvm-symbolizer" LLVM_SYMBOLIZER ${CMAKE_CXX_COMPILER})
+
+macro(add_fuzzer name mode)	
+	set(FUZZER "${name}_${mode}_fuzzer")
 	set(CORPUS_DIR "${CMAKE_CURRENT_SOURCE_DIR}/${name}_corpus")
 	set(SEED_CORPUS_DIR "${CMAKE_CURRENT_SOURCE_DIR}/${name}_seed_corpus")
 	add_executable("${FUZZER}"
-		"${FUZZER}.cpp"
+		"${name}_fuzzer.cpp"
 	)
 	target_link_libraries("${FUZZER}"
 		ArduinoJson
 	)
 	set_target_properties("${FUZZER}"
 		PROPERTIES 
-	    	COMPILE_FLAGS  
-				"-fprofile-instr-generate -fcoverage-mapping -fsanitize=address,undefined,fuzzer -fno-sanitize-recover=all"
+			COMPILE_FLAGS  
+				"-fprofile-instr-generate -fcoverage-mapping -fsanitize=${mode},fuzzer -fno-sanitize-recover=all"
 			LINK_FLAGS
-				"-fprofile-instr-generate -fcoverage-mapping -fsanitize=address,undefined,fuzzer -fno-sanitize-recover=all"
+				"-fprofile-instr-generate -fcoverage-mapping -fsanitize=${mode},fuzzer -fno-sanitize-recover=all"
 	)
 
 	add_test(
@@ -46,9 +49,25 @@ macro(add_fuzzer name)
 		COMMAND
 			"${FUZZER}" "${CORPUS_DIR}" "${SEED_CORPUS_DIR}" -max_total_time=5 -timeout=1
 	)
+
+	set_tests_properties("${FUZZER}"
+		PROPERTIES
+			ENVIRONMENT
+				ASAN_SYMBOLIZER_PATH=${LLVM_SYMBOLIZER}
+			ENVIRONMENT
+				LLVM_SYMBOLIZER_PATH=${LLVM_SYMBOLIZER}
+			ENVIRONMENT
+				MSAN_SYMBOLIZER_PATH=${LLVM_SYMBOLIZER}
+			ENVIRONMENT
+				UBSAN_SYMBOLIZER_PATH=${LLVM_SYMBOLIZER}
+	)
 endmacro()
 
 if (CMAKE_CXX_COMPILER_ID STREQUAL "Clang" AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL 6)
-	add_fuzzer(json)
-	add_fuzzer(msgpack)
+	add_fuzzer(json address)
+	add_fuzzer(json memory)
+	add_fuzzer(json undefined)
+	add_fuzzer(msgpack address)
+	add_fuzzer(msgpack memory)
+	add_fuzzer(msgpack undefined)
 endif()