From 3a1dd71c34e56ebf7d2deb58b8fc0dee373a0aec Mon Sep 17 00:00:00 2001
From: Baptistin BOILOT <baptistin.boilot@ledger.fr>
Date: Mon, 30 Dec 2024 17:58:24 +0100
Subject: [PATCH] build: support msan and asan for fuzzing locally

---
 tests/fuzzing/CMakeLists.txt | 9 ++++++++-
 tests/fuzzing/README.md      | 4 ++--
 tests/fuzzing/local_run.sh   | 2 +-
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/tests/fuzzing/CMakeLists.txt b/tests/fuzzing/CMakeLists.txt
index 466765889..f27ae3401 100644
--- a/tests/fuzzing/CMakeLists.txt
+++ b/tests/fuzzing/CMakeLists.txt
@@ -26,7 +26,14 @@ endif()
 
 # compatible with ClusterFuzzLite
 if (NOT DEFINED ENV{LIB_FUZZING_ENGINE})
-	set(COMPILATION_FLAGS -g -O0 -Wall -Wextra -fsanitize=fuzzer,address,undefined -fprofile-instr-generate -fcoverage-mapping)
+	set(COMPILATION_FLAGS -g -O0 -Wall -Wextra -fprofile-instr-generate -fcoverage-mapping)
+  if (SANITIZER MATCHES "address")
+    set(COMPILATION_FLAGS ${COMPILATION_FLAGS} -fsanitize=fuzzer,address,undefined)
+  elseif (SANITIZER MATCHES "memory")
+    set(COMPILATION_FLAGS ${COMPILATION_FLAGS} -fsanitize=fuzzer,memory,undefined -fsanitize-memory-track-origins -fsanitize=fuzzer-no-link)
+  else()
+    message(FATAL_ERROR "Unkown sanitizer type. It must be set to `address` or `memory`.")
+  endif()
 else()
 	set(COMPILATION_FLAGS "$ENV{LIB_FUZZING_ENGINE} $ENV{CFLAGS}")
   separate_arguments(COMPILATION_FLAGS)
diff --git a/tests/fuzzing/README.md b/tests/fuzzing/README.md
index 6db9fafe8..89db1e283 100644
--- a/tests/fuzzing/README.md
+++ b/tests/fuzzing/README.md
@@ -36,7 +36,7 @@ Once in the container, go into the `tests/fuzzing` folder to compile the fuzzer:
 cd tests/fuzzing
 
 # cmake initialization
-cmake -DBOLOS_SDK=/opt/ledger-secure-sdk -DCMAKE_C_COMPILER=/usr/bin/clang -Bbuild -S.
+cmake -DBOLOS_SDK=/opt/ledger-secure-sdk -DCMAKE_C_COMPILER=/usr/bin/clang -DSANITIZER=[address|memory] -B build -S .
 
 # Fuzzer compilation
 cmake --build build
@@ -48,7 +48,7 @@ cmake --build build
 ./build/fuzzer -max_len=8192
 ```
 
-If you want to do a fuzzing campain on more than one core and compute the coverage results, you can use the `local_run.sh` script within the container.
+If you want to do a fuzzing campain on more than one core and compute the coverage results, you can use the `local_run.sh` script within the container (it'll only run the address and UB sanitizers).
 
 ## Full usage based on `clusterfuzzlite` container
 
diff --git a/tests/fuzzing/local_run.sh b/tests/fuzzing/local_run.sh
index e76ee005b..cbc179247 100755
--- a/tests/fuzzing/local_run.sh
+++ b/tests/fuzzing/local_run.sh
@@ -4,7 +4,7 @@
 rm -rf build
 
 # Build the fuzzer
-cmake -B build -S . -DCMAKE_C_COMPILER=/usr/bin/clang
+cmake -B build -S . -DCMAKE_C_COMPILER=/usr/bin/clang -DSANITIZER=address
 cmake --build build
 
 # Create the corpus directory if it doesn't exist