fuzzing: Fix the oss-fuzz coverage build

It was long thought that the issue here was that no seed corpus was
provided, but actually the issue is that to obtain coverage output
just as we already know for gcc gcov, you must provide fuzzing flags
to both the compile and link phase.

Thankfully clang as a linker does not mind the strange non-linker options
from $COVERAGE_FLAGS.

REF: https://stackoverflow.com/questions/56112019/clang-does-not-generate-profraw-file-when-linking-manually
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19495#c48

Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Oct 21 23:07:37 UTC 2020 on sn-devel-184

diff --git a/lib/fuzzing/oss-fuzz/build_samba.sh b/lib/fuzzing/oss-fuzz/build_samba.sh
index b27c7b7d5c87c23b6466c0cac6319b6eb855bdc3..5980f88ad02dbab85a8d4bee01da67944bcec437 100755 (executable)
--- a/lib/fuzzing/oss-fuzz/build_samba.sh
+++ b/lib/fuzzing/oss-fuzz/build_samba.sh
@@ -59,7 +59,14 @@ case "$SANITIZER" in
        SANITIZER_ARG='--undefined-sanitizer'
        ;;
     coverage)
-       SANITIZER_ARG=''
+       # Thankfully clang operating as ld has no objection to the
+       # cc style options, so we can just set ADDITIONAL_LDFLAGS
+       # to ensure the coverage build is done, despite waf splitting
+       # the compile and link phases.
+       ADDITIONAL_LDFLAGS="$COVERAGE_FLAGS"
+       export ADDITIONAL_LDFLAGS
+
+       SANITIZER_ARG=''
        ;;
 esac