Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: run the fuzz target on PRs #4378

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

ci: run the fuzz target on PRs #4378

wants to merge 2 commits into from

Conversation

evverx
Copy link
Contributor

@evverx evverx commented May 3, 2024
edited

using https://google.github.io/oss-fuzz/getting-started/continuous-integration/

It downloads the corpus OSS-Fuzz has accumulated so far (including the test cases that triggered issues in the past) and runs the fuzz target with it. It should help to catch most regressions when PRs are opened.

Prompted by #4373.

It's a draft because to make it more useful in terms of testing the dissectors should probably be covered first (The dissectors were (partly) covered in google/oss-fuzz#11912).

As expected it triggered

 === Uncaught Python exception: ===
error: unpack requires a buffer of 2 bytes
Traceback (most recent call last):
  File "pcap_fuzzer.py", line 29, in TestOneInput
  File "scapy/utils.py", line 1259, in rdpcap
  File "scapy/utils.py", line 1319, in __call__
  File "scapy/utils.py", line 1883, in __init__
  File "scapy/utils.py", line 1584, in __init__
  File "scapy/utils.py", line 1648, in _read_block_shb
error: unpack requires a buffer of 2 bytes

==38== ERROR: libFuzzer: fuzz target exited
    #0 0x7f1941d7e7f1 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:87:3
    #1 0x7f1941c816e8 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5
    #2 0x7f1941c644cc in fuzzer::Fuzzer::ExitCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:248:3
    #3 0x7f1941a318a6  (/lib/x86_64-linux-gnu/libc.so.6+0x468a6) (BuildId: 87b331c034a6458c64ce09c03939e947212e18ce)
    #4 0x7f1941a31a5f in exit (/lib/x86_64-linux-gnu/libc.so.6+0x46a5f) (BuildId: 87b331c034a6458c64ce09c03939e947212e18ce)
    #5 0x7f193fa4eaa8 in Py_Exit /tmp/Python-3.8.3/Python/pylifecycle.c:2299:5
    #6 0x7f193fa534b1 in handle_system_exit /tmp/Python-3.8.3/Python/pythonrun.c:658:9
    #7 0x7f193fa534b1 in _PyErr_PrintEx /tmp/Python-3.8.3/Python/pythonrun.c:668:5
    #8 0x55ec2c838b73  (build-out/pcap_fuzzer.pkg+0x3b73)
    #9 0x55ec2c838f10  (build-out/pcap_fuzzer.pkg+0x3f10)
    #10 0x7f1941a0f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 87b331c034a6458c64ce09c03939e947212e18ce)
    #11 0x55ec2c8374ad  (build-out/pcap_fuzzer.pkg+0x24ad)

https://github.com/secdev/scapy/actions/runs/8941500042/job/24561958924?pr=4378

@codecov Codecov
Copy link

codecov bot commented May 3, 2024
edited

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 81.56%. Comparing base (640252e) to head (de59f7e).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4378      +/-   ##
==========================================
- Coverage   81.56%   81.56%   -0.01%     
==========================================
  Files         352      352              
  Lines       83995    83995              
==========================================
- Hits        68513    68510       -3     
- Misses      15482    15485       +3
Files Coverage Δ
scapy/layers/dcerpc.py 90.99% <100.00%> (ø)

... and 3 files with indirect coverage changes

@evverx evverx mentioned this pull request May 6, 2024
Merged
@evverx evverx force-pushed the cifuzz branch 2 times, most recently from 5e247e7 to 6558716 Compare May 15, 2024 08:28
@evverx evverx force-pushed the cifuzz branch 2 times, most recently from 000abd7 to 954523e Compare May 23, 2024 08:56
@evverx evverx marked this pull request as ready for review May 23, 2024 09:06
@evverx evverx mentioned this pull request May 23, 2024
Open
@evverx
ci: run the fuzz target on PRs
b85cf57 
using https://google.github.io/oss-fuzz/getting-started/continuous-integration/

It downloads the corpus OSS-Fuzz has accumulated so far (including the
test cases that triggered issues in the past) and runs the fuzz target
with it. It should help to catch most regressions when PRs are opened.

Prompted by secdev#4373.
@evverx
dcerpc: turn print into log_runtime.warning
de59f7e 
to make it possible to turn it off with logging.disable().

(it should help to make the fuzz target less chatty among other things
because it seems to be the only dissector (covered by the fuzz target)
printing messages like that directly)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gpotter2 gpotter2 gpotter2 left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@evverx @gpotter2