oss-fuzz icon indicating copy to clipboard operation
oss-fuzz copied to clipboard
verified publisher icon google

bad_build_check didn't catch latest Jazzer breakage

Open oliverchang opened this issue 3 years ago • 11 comments

Context: https://github.com/google/oss-fuzz/pull/8275

bad_build_check should've caught this and prevented builds from getting uploaded.

@jonathanmetzman

oliverchang avatar Aug 17 '22 09:08 oliverchang

CC @fmeum too

oliverchang avatar Aug 17 '22 09:08 oliverchang

Related: #8241

jonathanmetzman avatar Aug 17 '22 11:08 jonathanmetzman

The Jazzer bug caused a crash if the fuzz target wasn't executed with a -seed argument. Both the bad build check and all our internal tests did that for the sake of reproducibility.

Not sure what to do about this particular bug type - we now have an internal one covering it.

fmeum avatar Aug 17 '22 12:08 fmeum

Could we perhaps add one extra check (for libFuzzer engines) where we:

  • Try running with -runs=1
  • Try reproducing with an empty input

None of these should result in a crash if it's a good build.

oliverchang avatar Aug 17 '22 22:08 oliverchang

Could we perhaps add one extra check (for libFuzzer engines) where we:

  • Try running with -runs=1
  • Try reproducing with an empty input

None of these should result in a crash if it's a good build.

IMO the check worked as it should. There was nothing wrong with Jazzer projects and reporting the bugs there instead of when we update Jazzer is not great UX. Ideally we wcould make seperate tests that run during updating

jonathanmetzman avatar Aug 17 '22 23:08 jonathanmetzman

Could we perhaps add one extra check (for libFuzzer engines) where we:

  • Try running with -runs=1
  • Try reproducing with an empty input

None of these should result in a crash if it's a good build.

IMO the check worked as it should. There was nothing wrong with Jazzer projects and reporting the bugs there instead of when we update Jazzer is not great UX. Ideally we wcould make seperate tests that run during updating

If we don't pin, yes.

If we had these bad build checks and we pin, then we can catch them with our trial_build checks right?

Even ignoring Jazzer, making sure a target doesn't crash with an empty input is pretty valid right?

oliverchang avatar Aug 18 '22 04:08 oliverchang

Right, I think we should absolutely pin though

jonathanmetzman avatar Aug 18 '22 13:08 jonathanmetzman

Even ignoring Jazzer, making sure a target doesn't crash with an empty input is pretty valid right?

I guess. I think our existing bad build check probably cover this 99% of the time and just happened to miss it here.

jonathanmetzman avatar Aug 18 '22 13:08 jonathanmetzman

Indeed. Let's:

  1. Keep pinning Jazzer
  2. Add a test to make sure that running against with an empty input does not crash in some way to bad_build_check.

@fmeum you mentioned being able to help with this. Would you be able to help us with a PR here? Thanks!

oliverchang avatar Aug 19 '22 03:08 oliverchang

@oliverchang With empty input, do you mean an invocation of the form fuzz_target empty_file? If so, that would have caught the issue and I can add it in a PR.

fmeum avatar Aug 20 '22 09:08 fmeum

@oliverchang With empty input, do you mean an invocation of the form fuzz_target empty_file? If so, that would have caught the issue and I can add it in a PR.

Yep!

oliverchang avatar Aug 23 '22 01:08 oliverchang