oss-fuzz icon indicating copy to clipboard operation
oss-fuzz copied to clipboard
verified publisher icon google

[presubmit] Add check for max_len in .options.

Open jonathanmetzman opened this issue 4 years ago • 4 comments

Usually if someone is using this they are confused about how it affects fuzzing (since it doesn't affect AFL and honggfuzz, only LF).

jonathanmetzman avatar Mar 16 '21 13:03 jonathanmetzman

This is so I don't have to manually catch cases like https://github.com/google/oss-fuzz/pull/5406#discussion_r595138950 There might be some legitimate uses for max_len though. Someone may only want to change LF's behavior. Or if a project only uses LF. WDYT @inferno-chromium and @oliverchang

jonathanmetzman avatar Mar 16 '21 13:03 jonathanmetzman

Do we think presubmit is the right place for this? It won't do anything for ideal integrations. On the other hand, if we do this in bad_build_check it will fail loudly (and there are about 11 fuzzers that do this in the OSS-Fuzz repo already). If we do it in bad_build_check we could also make the failure happen only to honggfuzz and AFL builds.

jonathanmetzman avatar Mar 17 '21 13:03 jonathanmetzman

Do we think presubmit is the right place for this? It won't do anything for ideal integrations. On the other hand, if we do this in bad_build_check it will fail loudly (and there are about 11 fuzzers that do this in the OSS-Fuzz repo already). If we do it in bad_build_check we could also make the failure happen only to honggfuzz and AFL builds.

I am fine with bad build failure for this, that seems the right place since as you said, does not work for ideal integrations.

inferno-chromium avatar Mar 17 '21 14:03 inferno-chromium

Do we think presubmit is the right place for this? It won't do anything for ideal integrations. On the other hand, if we do this in bad_build_check it will fail loudly (and there are about 11 fuzzers that do this in the OSS-Fuzz repo already). If we do it in bad_build_check we could also make the failure happen only to honggfuzz and AFL builds.

I am fine with bad build failure for this, that seems the right place since as you said, does not work for ideal integrations.

Build failure seems OK to me if we don't expect any legitimate uses of this (since it seems difficult to exclude or opt out from this check).

We also can't really police everything people do in their own repos (for ideal integration) since we want OSS-Fuzz to be more self service, and perhaps the repurcussions of using -max_len is not so bad to spend so much effort on...

oliverchang avatar Mar 18 '21 00:03 oliverchang