FROM debian RUN apt-get update RUN apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages wget gnupg # Unfortunately, this key isn't available over HTTPS. RUN wget -O /tmp/llvm-snapshot.gpg.key http://apt.llvm.org/llvm-snapshot.gpg.key RUN apt-key add /tmp/llvm-snapshot.gpg.key RUN bash -c 'echo "deb http://apt.llvm.org/jessie/ llvm-toolchain-jessie-3.9 main" >> /etc/apt/sources.list' RUN bash -c 'echo "deb-src http://apt.llvm.org/jessie/ llvm-toolchain-jessie-3.9 main" >> /etc/apt/sources.list' RUN apt-get update RUN apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages clang-3.9 clang-3.9-doc libclang-common-3.9-dev libclang-3.9-dev libclang1-3.9 libclang1-3.9-dbg libllvm-3.9-ocaml-dev libllvm3.9 libllvm3.9-dbg lldb-3.9 llvm-3.9 llvm-3.9-dev llvm-3.9-doc llvm-3.9-examples llvm-3.9-runtime clang-format-3.9 python-clang-3.9 libfuzzer-3.9-dev ENV CFLAGS="-O1 -g -fsanitize=address,bool,float-cast-overflow,integer-divide-by-zero,return,returns-nonnull-attribute,shift-exponent,signed-integer-overflow,unreachable,vla-bound -fno-sanitize-recover=all -funsigned-char -fno-omit-frame-pointer -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1" ENV CXXFLAGS="-O1 -g -fsanitize=address,bool,float-cast-overflow,integer-divide-by-zero,return,returns-nonnull-attribute,shift-exponent,signed-integer-overflow,unreachable,vla-bound -fno-sanitize-recover=all -funsigned-char -fno-omit-frame-pointer -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1" ENV LDFLAGS="-g -fsanitize=address,bool,float-cast-overflow,integer-divide-by-zero,return,returns-nonnull-attribute,shift-exponent,signed-integer-overflow,unreachable,vla-bound" ENV CC="/usr/bin/clang-3.9" ENV CXX="/usr/bin/clang++-3.9" ENV ASAN_OPTIONS="exitcode=1,handle_segv=1,detect_leaks=1,leak_check_at_exit=1,allocator_may_return_null=1,detect_odr_violation=0" ENV ASAN_SYMBOLIZER_PATH="/usr/lib/llvm-3.9/bin/llvm-symbolizer" RUN bash -c 'echo "export CFLAGS=\"${CFLAGS}\"" >> /root/.bashrc' RUN bash -c 'echo "export CXXFLAGS=\"${CXXFLAGS}\"" >> /root/.bashrc' RUN bash -c 'echo "export LDFLAGS=\"${LDFLAGS}\"" >> /root/.bashrc' RUN bash -c 'echo "export CC=\"${CC}\"" >> /root/.bashrc' RUN bash -c 'echo "export CXX=\"${CXX}\"" >> /root/.bashrc' RUN bash -c 'echo "export CXXFLAGS=\"${CXXFLAGS}\"" >> /root/.bashrc' RUN bash -c 'echo "export ASAN_OPTIONS=\"${ASAN_OPTIONS}\"" >> /root/.bashrc' RUN bash -c 'echo "export ASAN_SYMBOLIZER_PATH=\"${ASAN_SYMBOLIZER_PATH}\"" >> /root/.bashrc' RUN bash -c 'echo "echo Use \"docker cp /path/to/input :/path/inside/container\" to stage files for testing" >> /root/.bashrc' # Only the last ENTRYPOINT or CMD is honored, so this can be overridden. ENTRYPOINT /bin/bash RUN apt-get update # //third_party/jpeg:jpeg_fuzzer is basically libjpeg-turbo wrapper RUN apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages git make autoconf libtool nasm WORKDIR /fuzzing RUN git clone https://github.com/libjpeg-turbo/libjpeg-turbo.git WORKDIR /fuzzing/libjpeg-turbo RUN autoreconf -fiv WORKDIR /fuzzing/libjpeg-turbo/build RUN sh /fuzzing/libjpeg-turbo/configure RUN make RUN bash -c 'echo "#!/bin/bash" > /fuzzing/repro.sh' RUN bash -c 'echo "echo REPRO_START:\$(git -C /fuzzing/libjpeg-turbo branch) $(git -C /fuzzing/libjpeg-turbo rev-parse HEAD)" >> /fuzzing/repro.sh' RUN bash -c 'echo "/fuzzing/libjpeg-turbo/build/djpeg -outfile /tmp/output \$1" >> /fuzzing/repro.sh' RUN bash -c 'echo "echo REPRO_END" >> /fuzzing/repro.sh' RUN bash -c 'chmod 755 /fuzzing/repro.sh' RUN bash -c 'echo "echo \"Repro: /fuzzing/repro.sh \"" >> /root/.bashrc'