Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Undefined references to C++ standard library symbols #94

Closed
securitykernel opened this issue Apr 4, 2022 · 13 comments
Closed

Undefined references to C++ standard library symbols #94

securitykernel opened this issue Apr 4, 2022 · 13 comments

Comments

@securitykernel
Copy link
Contributor

On dependent packages, the docs state:

You should not make any assumptions on the availability of dependent packages in the execution environment and the built fuzzers should have dependencies statically linked.

What is the expected way of pulling the static libraries of dependent packages? Can I use apt packages or do I have to build them on my own using the provided CXX and CXXFLAGS? For example, I have a C++ project that uses Boost and Botan. When trying to link the packages from apt with my fuzz target, I get undefined references to C++ standard libary functions.

[ 50%] Building CXX object CMakeFiles/test_fuzzer.dir/test_fuzzer.cc.o
/usr/local/bin/clang++ -DBOOST_ALL_NO_LIB  -O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link -stdlib=libc++ -std=c++17 -MD -MT CMakeFiles/test_fuzzer.dir/test_fuzzer.cc.o -MF CMakeFiles/test_fuzzer.dir/test_fuzzer.cc.o.d -o CMakeFiles/test_fuzzer.dir/test_fuzzer.cc.o -c /src/cflite-example/test_fuzzer.cc
[100%] Linking CXX executable /builds/2286933411/build-out/test_fuzzer
/usr/local/bin/cmake -E cmake_link_script CMakeFiles/test_fuzzer.dir/link.txt --verbose=1
/usr/local/bin/clang++ -O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link -stdlib=libc++ -fsanitize=fuzzer -rdynamic CMakeFiles/test_fuzzer.dir/test_fuzzer.cc.o -o /builds/2286933411/build-out/test_fuzzer  /usr/lib/x86_64-linux-gnu/libboost_log.a /usr/lib/x86_64-linux-gnu/libboost_chrono.a /usr/lib/x86_64-linux-gnu/libboost_date_time.a /usr/lib/x86_64-linux-gnu/libboost_filesystem.a /usr/lib/x86_64-linux-gnu/libboost_regex.a /usr/lib/x86_64-linux-gnu/libboost_thread.a /usr/lib/x86_64-linux-gnu/libboost_atomic.a 
/usr/bin/ld: /usr/lib/x86_64-linux-gnu/libboost_log.a(core.o): in function `boost::log::v2s_mt_posix::core::get_thread_attributes() const':
(.text+0xea4): undefined reference to `std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_create(unsigned long&, unsigned long)'
/usr/bin/ld: (.text+0xf02): undefined reference to `std::out_of_range::out_of_range(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)'
/usr/bin/ld: /usr/lib/x86_64-linux-gnu/libboost_log.a(core.o): in function `boost::log::v2s_mt_posix::core::add_thread_attribute(boost::log::v2s_mt_posix::attribute_name const&, boost::log::v2s_mt_posix::attribute const&)':
(.text+0x13cb): undefined reference to `std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_create(unsigned long&, unsigned long)'
/usr/bin/ld: (.text+0x142c): undefined reference to `std::out_of_range::out_of_range(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)'
/usr/bin/ld: /usr/lib/x86_64-linux-gnu/libboost_log.a(core.o): in function `boost::log::v2s_mt_posix::core::remove_thread_attribute(boost::log::v2s_mt_posix::attribute_set::iter<false>)':
(.text+0x191b): undefined reference to `std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_create(unsigned long&, unsigned long)'
/usr/bin/ld: (.text+0x197c): undefined reference to `std::out_of_range::out_of_range(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)'
/usr/bin/ld: /usr/lib/x86_64-linux-gnu/libboost_log.a(core.o): in function `boost::log::v2s_mt_posix::core::set_thread_attributes(boost::log::v2s_mt_posix::attribute_set const&)':
(.text+0x2c9b): undefined reference to `std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_create(unsigned long&, unsigned long)'
/usr/bin/ld: (.text+0x2cfc): undefined reference to `std::out_of_range::out_of_range(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)'
/usr/bin/ld: /usr/lib/x86_64-linux-gnu/libboost_log.a(core.o): in function `boost::system::system_error::what() const':
...

And more ...

I was able to create a minimal reproducable project that links Boost statically installed via apt.
@jonathanmetzman
Copy link
Collaborator

Apt should be fine in most cases. I'm not sure what's going on here. Let me take a look.

@jonathanmetzman
Copy link
Collaborator

Hmmm...I wasn't able to reproduce this after running CFLite locally on your repo. See the logs. Did you fix the issue?
output.txt

@jonathanmetzman
Copy link
Collaborator

This was the command I used to run CFLite locally btw:
docker run -it -v /var/run/docker.sock:/var/run/docker.sock -e PROJECT_SRC_PATH=/tmp/workspace/cflite-example -e BUILD_INTEGRATION_PATH=.clusterfuzzlite -e REPOSITORY=cflite-example -e FILESTORE=no_filestore -e WORKSPACE=/tmp/workspace -e CFL_PLATFORM=standalone -v /tmp/workspace:/tmp/workspace --entrypoint python3 gcr.io/oss-fuzz-base/clusterfuzzlite-run-fuzzers:v1 /opt/oss-fuzz/infra/cifuzz/cifuzz_combined_entrypoint.py

You need to copy cflite-example into /tmp/workspace/cflite-example for this to work.

@securitykernel
Copy link
Contributor Author

No, I did not fix it. And I tried your command to run locally, it gives me the same linker errors I posted initially. Are you on cflite-example's linker-errors branch and not on main?

@jonathanmetzman
Copy link
Collaborator

Oh sorry I was on main. Lemme try again.

@jonathanmetzman
Copy link
Collaborator

You mean link-boost branch right?

@securitykernel
Copy link
Contributor Author

Yes.

@securitykernel
Copy link
Contributor Author

Any news on this? Were you able to reproduce the issue?

@jonathanmetzman
Copy link
Collaborator

I'll probably have to take a look at this next week. But I can try now.

@jonathanmetzman
Copy link
Collaborator

jonathanmetzman commented Apr 21, 2022
edited
Loading

I was able to reproduce this.
I'm not a boost expert, but maybe there's something about boost that makes it required to build from source to use in ClusterFuzzLite?
In oss-fuzz it seems like most boost users do this:
https://github.com/google/oss-fuzz/blob/17129f108d5a7f2a9ff8b13e58d5540cf9bc2fc9/projects/thrift/Dockerfile#L32
https://github.com/google/oss-fuzz/blob/b3630abd46e4a4b68b407a201b68388aa6c1c785/projects/solidity/Dockerfile#L30

This comment is especially revealing I think boost needs to be built from source to use with libc++, the apt versions must use libstdc++

I would ask this question in oss-fuzz btw, the build setup is the same and are many helpful oss-fuzz users some of whom might be more familiar with this problem than me.

@jonathanmetzman
Copy link
Collaborator

to be clear though, I think boost is an exception. I feel like many libraries can be installed via apt. I would guess most are in oss-fuzz

@securitykernel
Copy link
Contributor Author

Ok thanks I'll try that.

@securitykernel
Copy link
Contributor Author

Unsurprisingly this worked, thanks. So basically if you have problems getting a dependency to work, check how users of OSS-Fuzz do it. Could be useful mentioning in the ClusterFuzzLite docs.

@jonathanmetzman jonathanmetzman mentioned this issue Apr 26, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@securitykernel @jonathanmetzman