search

google / oss-fuzz

OSS-Fuzz - continuous fuzzing for open source software.
https://google.github.io/oss-fuzz
Apache License 2.0
10.39k stars 2.21k forks source link

Missing coverage of custom mutator code #12143

Closed IvanNardi closed 3 months ago

IvanNardi commented 3 months ago

nDPI recently started to use a custom mutator (https://github.com/ntop/nDPI/commit/83e6e753af1a6123805a4777691da1f8821c01d0) in some of its own fuzzers.

The custom mutators is triggered and oss-fuzz even found a bug in the mutator itself! (see: https://oss-fuzz.com/testcase-detail/5482786161491968)

So, there are no doubts that the mutator code is used.

However, coverage reports indicate a 0% coverage of the code of the mutator itself: https://storage.googleapis.com/oss-fuzz-coverage/ndpi/reports/20240701/linux/src/ndpi/src/lib/third_party/src/fuzz/report.html

Is somehow expected that custom mutator code is not included into coverage reports?

jonathanmetzman commented 3 months ago

Is somehow expected that custom mutator code is not included into coverage reports?

Exactly. It's not run during coverage. Only the corpus is run, no mutations are done. Sorry I don't think there's anything we can do about this.

IvanNardi commented 3 months ago

ok, thank you for confirming

jonathanmetzman commented 3 months ago

No problem. Please reopen if there's anything we can do here.