Skip to content

Conversation

@DaveLak
Copy link
Contributor

@DaveLak DaveLak commented May 30, 2024

Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69350 (See 7b684cd)

Also:

  • Improves file name generation to prevent "File name too long" OSError's (6c00ce6)
  • Improves fuzz_submodule.py coverage & efficacy (2a2294f)

DaveLak added 5 commits May 30, 2024 13:46
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69350

**`IsADirectoryError`**

Fuzzer provided input data can sometimes produce filenames that look
like directories and raise `IsADirectoryError` exceptions which crash
the fuzzer. This commit catches those cases and returns -1 to instruct
libfuzzer that the inputs are not valuable to add to the corpus.

**`FileExistsError`**

Similar to the above, this is a possible exception case produced by the
fuzzed data and not a bug so its handled the same.
Adds a utility function to limit the maximum file name legnth produced
by the fuzzer to a max size dictated by the host its run on.
The fuzzer was having trouble analyzing `fuzz_submodule.py` when using
the `atheris.instrument_imports()` context manager. Switching to
`atheris.instrument_all()` instead slightly increases the startup time
for the fuzzer, but significantly improves the fuzzing engines ability
to identify new coverage.

The changes here also disable warnings that are logged to `stdout` from
the SUT. These warnings are expected to happen with some inputs and
clutter the fuzzer output logs. They can be optionally re-enabled for
debugging by passing a flag o the Python interpreter command line or
setting the `PYTHONWARNINGS` environment variable.
Copy link
Member

@Byron Byron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for the swift fix, it's much appreciated!

@Byron Byron merged commit 8502efe into gitpython-developers:main May 31, 2024
@DaveLak DaveLak deleted the fix-fuzz-submodule-expected-exceptions-handling branch May 31, 2024 05:16
DaveLak added a commit to DaveLak/GitPython that referenced this pull request Aug 9, 2024
Fixes a bug in the `fuzz_submodule` harness where the fuzzed data can
produce file names that exceed the maximum size allowed byt the OS. This
issue came up previously and was fixed in gitpython-developers#1922, but the submodule file
name fixed here was missed in that PR.

Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69456
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

2 participants