Merge "Add $ORIGIN to fuzzer-coverage sanitized .so's."

commit: a1682631ebb91342e6de421799f929c442c41c03 [log] [tgz]
author: Mitch Phillips <mitchp@google.com> Mon Dec 16 21:17:03 2019 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Dec 16 21:17:03 2019 +0000
tree: c0ed554f5cffc203c13168e4662044552808dec6
parent: 894cdee30a631271cae9f10f20c22934d72031d5 [diff]
parent: 734b4cb62f1d0d8aee6fa8c08ae7616d4129489f [diff]
diff --git a/cc/sanitize.go b/cc/sanitize.go
index b4082d3..c4aeb96 100644
--- a/cc/sanitize.go
+++ b/cc/sanitize.go

@@ -494,6 +494,15 @@
 		// Disable fortify for fuzzing builds. Generally, we'll be building with
 		// UBSan or ASan here and the fortify checks pollute the stack traces.
 		flags.Local.CFlags = append(flags.Local.CFlags, "-U_FORTIFY_SOURCE")
+
+		// Build fuzzer-sanitized libraries with an $ORIGIN DT_RUNPATH. Android's
+		// linker uses DT_RUNPATH, not DT_RPATH. When we deploy cc_fuzz targets and
+		// their libraries to /data/fuzz/<arch>/lib, any transient shared library gets
+		// the DT_RUNPATH from the shared library above it, and not the executable,
+		// meaning that the lookup falls back to the system. Adding the $ORIGIN to the
+		// DT_RUNPATH here means that transient shared libraries can be found
+		// colocated with their parents.
+		flags.Local.LdFlags = append(flags.Local.LdFlags, `-Wl,-rpath,\$$ORIGIN`)
 	}
 
 	if Bool(sanitize.Properties.Sanitize.Cfi) {
commit	a1682631ebb91342e6de421799f929c442c41c03	[log] [tgz]
author	Mitch Phillips <mitchp@google.com>	Mon Dec 16 21:17:03 2019 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Mon Dec 16 21:17:03 2019 +0000
tree	c0ed554f5cffc203c13168e4662044552808dec6
parent	894cdee30a631271cae9f10f20c22934d72031d5 [diff]
parent	734b4cb62f1d0d8aee6fa8c08ae7616d4129489f [diff]