Improvements of OSS-Fuzz integration

[DavidKorczynski]

Is your feature request related to a problem? Please describe.
Please describe the problem you are trying to solve.

This feature is not related to a problem.

Describe the solution you'd like
Please describe the desired behavior.

This feature asks for tighter integration with continuous fuzzing via OSS-Fuzz. In this PR google/oss-fuzz#3860 (comment) I integrated NodeJS with fuzzing and so far it was used to capture this bug #33640
However, the current integration could be improved and it would be desirable to cover more of NodeJS with fuzzers, as briefly discussed with @bnoordhuis in the above PR. Specifically, there are two core parts where the integration with OSS-Fuzz can improve: (1) integrating the build procedure with the OSS-Fuzz environment more closely with the NodeJS environment and (2) building more fuzzers.

Regarding part 1 then the current strategy (build.sh here https://github.com/google/oss-fuzz/pull/3860/files) compiles the NodeJS core in an awkward manner by first running make without any proper OSS-Fuzz flags and then re-comiling the .cc files of node/src with the proper OSS-Fuzz flags, in order to create a static archive.
The OSS-Fuzz environment sets the following environment variables when compiling the fuzzers to something similar to this:

export CC=clang
export CXX=clang++
export CFLAGS="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link"
export CXXFLAGS="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link -stdlib=libc++"
export LIB_FUZZING_ENGINE="-fsanitize=fuzzer"

It would be nice if the build process of NodeJS can integrate a fuzzing part which enables us to compile with the OSS-Fuzz variables (CFLAGS, CXXFLAGS and LIB_FUZZING_ENGINE) above. The LIB_FUZZING_ENGINE variable is only used for linking the final fuzzer and should not be used on any of the compiled libraries. Also note that to get the fuzzers compiled properly they should be compiled against static libraries. As I see the desired goal is, therefore, to have the files in node/src be compiled with the CFLAGS and CXXFLAGS variables above.

Regarding part 2 then I can certainly start writing more fuzzers and covering more of the NodeJS code, but if you have any suggestions of good APIs for fuzzing then here would be a good place to write I think.

[bnoordhuis]

W.r.t. part 1: it should be fairly straightforward to add a flag to configure.py that gets forwarded to the gyp build files, where the appropriate defines and compiler flags are then added.

a7ae7aa is a recent example. It also demonstrates how you can remove already defined flags with 'cflags!': [ '-fomit-frame-pointer' ] (note the exclamation mark.)

Use cflags_cc for C++-only flags and defines for, er, defines.

LIB_FUZZING_ENGINE is set by Google's fuzzing build service? You probably want to pass that on as a flag from configure.py to the gyp files in the same way.

Do you want to open a pull request? If you can't get it to work, don't worry - just open the pull request and we'll step through it.

[DavidKorczynski]

W.r.t. part 1: it should be fairly straightforward to add a flag to configure.py that gets forwarded to the gyp build files, where the appropriate defines and compiler flags are then added.

a7ae7aa is a recent example. It also demonstrates how you can remove already defined flags with 'cflags!': [ '-fomit-frame-pointer' ] (note the exclamation mark.)

Use cflags_cc for C++-only flags and defines for, er, defines.

Perfect!

LIB_FUZZING_ENGINE is set by Google's fuzzing build service? You probably want to pass that on as a flag from configure.py to the gyp files in the same way.

Yes it's set by Google's service.

Do you want to open a pull request? If you can't get it to work, don't worry - just open the pull request and we'll step through it.

Okay awesome and yup sounds good - I will get the above up and running and then open a PR! Thanks for the detailed assistance.