Fuzzing build mode macro

[asraa]

Hi,

Envoy (https://github.com/envoyproxy/envoy) depends on the RE2 library, and, like RE2, fuzzes components continuously using libfuzzer. Some fuzzers depend on the behavior of the RE2 library, and expect that the RE2 library is processing some regex.

The FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is used in Envoy, but when fuzzers are compiled with this macro, we change the behavior of the RE2 library which uses this macro as well.

Is it possible to replace the macro in this library with a custom RE2_FUZZ macro that can be passed in as a flag in the oss-fuzz build? https://github.com/google/oss-fuzz/blob/master/projects/re2/build.sh. I don't see it used to build fuzzers in this repository, but maybe the macro should also be added when building the fuzzer in the makefile.

I would be willing to put out a fix PR for this here and in OSS-Fuzz.

[junyer]

The FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is used in Envoy, but when fuzzers are compiled with this macro, we change the behavior of the RE2 library which uses this macro as well.

I'm guessing that what you are seeing is that it breaks RE2::GlobalReplace() and lowers the counted repetition limit from 1000 to 100. :)

Is it possible to replace the macro in this library with a custom RE2_FUZZ macro

I would prefer to change those two cases from #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to something like #if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) && !defined(RE2_IS_BEING_FUZZED_INDIRECTLY). That way, projects fuzzing RE2 indirectly can define RE2_IS_BEING_FUZZED_INDIRECTLY.

@Dor1s, does that sound reasonable to you?

[Dor1s]

We certainly shouldn't remove of replace FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION, as it's pretty much a standard thing right now.

Honestly I'm surprised that having some re2 functionality limited under that macro affects Envoy fuzzing. @asraa have you noticed any real cases when re2 in fuzzing mode isn't good enough for Envoy fuzzing?

[asraa]

Ah, maybe the problem has a better solution then, since it doesn't affect our fuzzing functionality, but is more of a logistical issue. We are generating a corpus by writing out outputs from a unit test. The unit test relies on some behavior from RE2 (and yep, under fuzzing mode, RE2 limits the number of replaces), so the gtest that generates the corpus will fail. Right now, we just guard the EXPECT_EQ in that gtest to make sure it's not being executed in fuzzing mode.

Maybe what we want is to avoid gtest failures (somehow silence gtest?) in the genrule that's creating these entries.

[junyer]

Why is FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION defined for that test? Could you undefine it somehow?

[asraa]

That would be ideal, but I couldn't find a way. The define's passed through bazel CLI override any build target options. The genrule that's invoked to create the corpus will include that option.

There might be a more complex way like writing a wrapper script. Or better yet, just run the tests without invoking gtest to fail.

[junyer]

What if you add this at the top of the file?

#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
#undef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
#endif

[asraa]

What if you add this at the top of the file?

Thanks!! For some reason, I don't know why I never considered this. This works! I'll close this out.

[asraa]

Just re-opening for now. Realized that just undefining at the top of the file will undefine the macro for that compilation unit (the test file), but it won't re-build RE2 with the build macro. I'll see if there's a way to hard-code the undefine when we build the library.

[junyer]

Mea culpa, I don't know how I managed to confuse myself so badly there. :(

For Bazel, the nocopts attribute also works with preprocessor options, I believe. Assuming that Envoy is never interested in fuzzing RE2 directly, you can just patch our BUILD file. That's trivial when you have "vendored" RE2, but also doable via the patches attribute on the http_archive. (See https://docs.bazel.build/versions/master/repo/http.html for documentation.)

[junyer]

Ping, @asraa!

[asraa]

Thanks for keeping updated! Actually nocopts is deprecated, and from what I read about the migration to feature flags (bazelbuild/bazel#8706 (comment)), it looks like I might need to patch the re2 build to exclude a fuzzing feature flag, and pass it to everything but that. This didn't seem like the best option, and patching re2 to remove the unwanted FUZZING_BUILD_MODE statements seemed easier.

[junyer]

Ahh. Fair enough. I can't think of any other options, but hopefully Bazel folks can. I will go ahead and close this bug now.

P.S. Thanks for the rapid response!