I'm maintaining a Lua project in OSS Fuzz and recently discovered that Centipede cannot parse dictionaries for a couple of tests (fuzz_lua and lua_dump_test):
Step #23 - "build-check-centipede-none-x86_64": /tmp/not-out/tmpu8iz7olo/centipede --workdir=/tmp/tmpmk27ueot --corpus_dir="/tmp/fuzz_lua_corpus" --fork_server=1 --exit_on_crash=1 --timeout=1200 --rss_limit_mb=4096 --address_space_limit_mb=5120 --dictionary fuzz_lua.dict --binary="/tmp/not-out/tmpu8iz7olo/fuzz_lua"
Step #23 - "build-check-centipede-none-x86_64": I0430 06:31:55.624831 26982 environment.cc:365] --timeout_per_batch default wasn't overridden; auto-computed to be 4616 sec (see --help for details)
Step #23 - "build-check-centipede-none-x86_64": I0430 06:31:55.631664 26982 centipede.cc:177] shard=0 inputs_added=0 inputs_ignored=0 num_shard_bytes=0 shard_data.size()=0
Step #23 - "build-check-centipede-none-x86_64": I0430 06:31:55.631881 26982 centipede_interface.cc:220] Coverage dir: /tmp/tmpmk27ueot/fuzz_lua-ce5d6128477ed6243045ff61a9906edc8526d5ed; temporary dir: /tmp/centipede-26982-140463982925632
Step #23 - "build-check-centipede-none-x86_64": F0430 06:31:55.633569 26982 centipede_callbacks.cc:279] Check failed: !unpacked_dictionary.empty() Empty or corrupt dictionary file: fuzz_lua.dict
Step #23 - "build-check-centipede-none-x86_64": *** Check failure stack trace: ***
Step #23 - "build-check-centipede-none-x86_64": @ 0x555dc14475f4 absl::lts_20230125::log_internal::LogMessage::SendToLog()
Step #23 - "build-check-centipede-none-x86_64": @ 0x555dc1447353 absl::lts_20230125::log_internal::LogMessage::Flush()
Step #23 - "build-check-centipede-none-x86_64": @ 0x555dc1447989 absl::lts_20230125::log_internal::LogMessageFatal::~LogMessageFatal()
Step #23 - "build-check-centipede-none-x86_64": @ 0x555dc140d2be centipede::CentipedeCallbacks::LoadDictionary()
Step #23 - "build-check-centipede-none-x86_64": @ 0x555dc13e2ca3 centipede::CentipedeDefaultCallbacks::CentipedeDefaultCallbacks()
Step #23 - "build-check-centipede-none-x86_64": @ 0x555dc13e2ab2 centipede::DefaultCallbacksFactory<>::create()
Step #23 - "build-check-centipede-none-x86_64": @ 0x555dc13e519c centipede::CentipedeMain()
Step #23 - "build-check-centipede-none-x86_64": @ 0x555dc13e24a8 main
Step #23 - "build-check-centipede-none-x86_64": @ 0x7fc051d0e083 __libc_start_main
Step #23 - "build-check-centipede-none-x86_64": /usr/local/bin/run_fuzzer: line 227: 26982 Aborted
How to reproduce
git clone https://github.com/google/oss-fuzz
cd oss-fuzz
python infra/helper.py build_image lua
python infra/helper.py build_fuzzers --sanitizer none --engine centipede --architecture x86_64 lua
python infra/helper.py check_build --sanitizer none --engine centipede --architecture x86_64 lua lua_dump_test
or
python infra/helper.py check_build --sanitizer none --engine centipede --architecture x86_64 lua fuzz_lua
The dictionaries used by these tests:
https://github.com/ligurio/lua-c-api-corpus/blob/198cc2c8de50d7dcf76c7840889059da4e6ae3f8/lua_dump_test.dict
https://github.com/ligurio/lua-c-api-corpus/blob/198cc2c8de50d7dcf76c7840889059da4e6ae3f8/fuzz_lua.dict
The commit 1635d42 is suspicious.
Related issue in OSS Fuzz repository - google/oss-fuzz#13273
I'm maintaining a Lua project in OSS Fuzz and recently discovered that Centipede cannot parse dictionaries for a couple of tests (
fuzz_luaandlua_dump_test):How to reproduce
The dictionaries used by these tests:
https://github.com/ligurio/lua-c-api-corpus/blob/198cc2c8de50d7dcf76c7840889059da4e6ae3f8/lua_dump_test.dict
https://github.com/ligurio/lua-c-api-corpus/blob/198cc2c8de50d7dcf76c7840889059da4e6ae3f8/fuzz_lua.dict
The commit 1635d42 is suspicious.
Related issue in OSS Fuzz repository - google/oss-fuzz#13273