-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Native support for Go 1.18 corpus format #7600
Comments
This is in the process of being added. The first PR towards a fix is here: #7519. This will use the Go 1.18 runtime engine. |
Great news! Sorry for not noticing your work in progress. Feel free to close this. |
No problem. I am fine with keeping this issue open until it is actually fixed in OSS-fuzz. |
Sorry for the noise, I just wanted to check if there’s been any progress on Go native fuzzing. There are a couple of issues / PRs for that, but from the outside, it seems like all of them have stalled. I’d love to rewrite the fuzz tests I have in quic-go to use Go native fuzzing, but doing so without the support for corpora doesn’t really make sense for some of the more complicated fuzz targets (e.g. fuzzing the handshake). |
@marten-seemann Native fuzzing is supported. There are currently more than 100 native Go fuzzers running on OSS-Fuzz. They are run using libFuzzer and there are discrepancies in the corpora of the two engines. On that topic, are you manually generating the seed files? Edit: Adding documentation on building native Go fuzzers: https://google.github.io/oss-fuzz/getting-started/new-project-guide/go-lang/#native-go-fuzzing-support. You need to add the |
Currently my setup uses go-fuzz, and I'm manually generating seed files. I have a long-standing TODO to migrate to native Go fuzzing, and my understanding is that
Is that correct? |
FWIW, corpus2ossfuzz converts native Go corpus files into OSS-Fuzz format. It doesn't handle |
How do you get the native Go corpus file? Is this the corpus folder output by |
Indeed. For example: https://github.com/cosmos/cosmos-sdk/tree/main/fuzz/tests/testdata/fuzz/FuzzCryptoHDDerivePrivateKeyForPath
Good question, I don't know of any way. |
If you add it to the testdata/fuzz/FuzzerName folder, the Go fuzzing engine should use them. |
#7055 implements native Go 1.18 fuzzing but the corpus formats remain incompatible: OSS-Fuzz uses raw byte arrays, Go fuzzers support multiple arguments of various types (see https://go.dev/doc/fuzz/). #7055 solves some of this mismatch by implementing an encoding, https://github.com/AdaLogics/go-fuzz-headers/blob/main/consumer.go, to generate compatible parameters from OSS-Fuzz' byte array input.
However, several issues remain:
go-fuzz-headers
or similar, before a crash can be reproduced.[]byte
slices longer than 255 bytes impossible: https://github.com/AdaLogics/go-fuzz-headers/blob/main/consumer.go#L422.Maybe this is a duplicate of golang/go#50192. In any case, I'd love to know what plans there are for native Go corpus support.
The text was updated successfully, but these errors were encountered: