search

ossf / fuzz-introspector

Fuzz Introspector -- introspect, extend and optimise fuzzers
https://fuzz-introspector.readthedocs.io
Apache License 2.0
377 stars 54 forks source link

PyCG producing different results running locally #1016

Closed sg3-141-592 closed 1 year ago

sg3-141-592 commented 1 year ago

The calltree file for croniter fuzzerLogFile-fuzz_iter.data on oss-fuzz is significantly different to one I generate locally. To recreate

python ./main.py --package ~/oss-fuzz/projects/croniter/croniter/ --fuzzer ~/oss-fuzz/projects/croniter/fuzz_iter.py

The is_valid() method call tree isn't extracted on oss-fuzz, but is extracted when running locally.

image

And the croniter.croniter call has significantly more calltree extracted by oss-fuzz than when running locally.

image

Just recording the issue for now. I'm carrying out my own analysis around PyCG and where the differences might be coming from.

sg3-141-592 commented 1 year ago

Closing, this was missing specifying the package folder explicitly to get around an unusual folder structure inside --package=~/oss-fuzz/projects/croniter/croniter/src/croniter