search

google / oss-fuzz

OSS-Fuzz - continuous fuzzing for open source software.
https://google.github.io/oss-fuzz
Apache License 2.0
10.32k stars 2.2k forks source link

Trouble reproducing errors for python/openpyxl #8837

Open Themanwithoutaplan opened 1 year ago

Themanwithoutaplan commented 1 year ago

I have set up a local environment according to the instructions but I'm having trouble reproducing the bugs. For example:

python infra/helper.py reproduce openpyxl fuzz_formulae testcases/clusterfuzz-testcase-minimized-fuzz_formulae-5233715057393664

Returns

/out/fuzz_formulae.pkg: Running 1 inputs 100 time(s) each.
Running: /testcase
Executed /testcase in 353 ms
***
*** NOTE: fuzzing was not performed, you have only
***       executed the target code on a fixed set of inputs.

What does this mean? The testcase looks like a binary file so isn't much help. Maybe I've downloaded the wrong thing.

Based on testcase detail, I think I understand the problem. Not sure whether it really needs fixing as exceptions when reading files with junk is the default behaviour. But it could be done more gracefully.

Thanks for any pointers.

DavidKorczynski commented 1 year ago

This issue issue is marked as "Fixed": https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48506 and this is the reason why you can't reproduce it.

The reason it's marked as fixed is because we interpreted the issue to be a false positive and changed the layout of the fuzzer in https://github.com/google/oss-fuzz/pull/8616

The list of issues that are open can be tracked on oss-fuzz.com or by way of this link https://bugs.chromium.org/p/oss-fuzz/issues/list?q=proj%3Dopenpyxl&can=2 -- notice if you go for the last link then you should login up in the right corner with the email provided here: https://github.com/google/oss-fuzz/blob/master/projects/openpyxl/project.yaml#L6

An example issue that is reproducible and still unfixed: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49987

Themanwithoutaplan commented 1 year ago

Thanks for the explanation. I figured that out a bit later once I was able to reproduce an error on another issue. Still trying to get used to this.

sai-sunder-s commented 1 year ago

I am facing similar problem. I think the reported issue is fixed already but when I run this locally, the logs doesn't say the test succeeded or failed.

sudo python3 infra/helper.py reproduce  g-api-auth-library-python fuzz_jwt_roundtrip testcase

I have run the command after building using local target. I have set the local target to before the fix was made to ensure that I see a failure before the fix. I get the same below output for before and after the fix.

INFO:root:Running: docker run --rm --privileged --shm-size=2g --platform linux/amd64 -i -e HELPER=True -v /usr/local/google/home/saisunder/repo/oss-fuzz/build/out/g-api-auth-library-python:/out -v /usr/local/google/home/saisunder/repo/oss-fuzz/testcase:/testcase -t gcr.io/oss-fuzz-base/base-runner reproduce fuzz_jwt_roundtrip -runs=100.
+ FUZZER=fuzz_jwt_roundtrip
+ shift
+ '[' '!' -v TESTCASE ']'
+ TESTCASE=/testcase
+ '[' '!' -f /testcase ']'
+ export RUN_FUZZER_MODE=interactive
+ RUN_FUZZER_MODE=interactive
+ export FUZZING_ENGINE=libfuzzer
+ FUZZING_ENGINE=libfuzzer
+ export SKIP_SEED_CORPUS=1
+ SKIP_SEED_CORPUS=1
+ run_fuzzer fuzz_jwt_roundtrip -runs=100 /testcase
/out/fuzz_jwt_roundtrip -rss_limit_mb=2560 -timeout=25 -runs=100 /testcase < /dev/null
INFO: Instrumenting functions: [4679/4679] 100%
INFO: Using preloaded libfuzzer
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 2402310031
/out/fuzz_jwt_roundtrip.pkg: Running 1 inputs 100 time(s) each.
Running: /testcase
Executed /testcase in 5503 ms
***
*** NOTE: fuzzing was not performed, you have only
***       executed the target code on a fixed set of inputs.
***