Open catenacyber opened 3 years ago
jonathanmetzman
commented
3 years ago I wonder if this is happens because the rlimit is lower on CIFuzz than on OSS-Fuzz. @oliverchang or @inferno-chromium any idea if we set the rlimit in OSS-Fuzz/ClusterFuzz to anything specifically?
jonathanmetzman
commented
3 years ago So, I think we should use a smaller stack size in oss-fuzz
Umm...I'm not sure this is necessarily a good thing. For me the bug here is that OSS-Fuzz and CIFuzz don't behave consistently.
catenacyber
commented
3 years ago I do not know about CIFuzz. The different behavior is between oss-fuzz and custom CI running the fuzz targets on the public corpuses.
So, I think we should use a smaller stack size in oss-fuzz Umm...I'm not sure this is necessarily a good thing
Is it possible per project ? (Should the fuzz targets call setrlimit or is there a better way)
While adding the running of fuzz targets on the public corpuses as part of the CI for suricata, we discovered new bugs : https://github.com/catenacyber/suricata/runs/1780052043?check_suite_focus=true
These are stack-overflow. When growing the stack with
setrlimit, (like https://github.com/catenacyber/suricata/runs/1785411538?check_suite_focus=true), the bugs disappearThese bugs were not reported by oss-fuzz cf https://bugs.chromium.org/p/oss-fuzz/issues/list?q=label:Proj-suricata So, I think we should use a smaller stack size in oss-fuzz