Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tries to fix the fuzzer build #1179

Merged
merged 2 commits into from
Jan 11, 2024
Merged

Tries to fix the fuzzer build #1179

merged 2 commits into from
Jan 11, 2024

Conversation

rol1510
Copy link
Contributor

@rol1510 rol1510 commented Jan 10, 2024

Building the fuzzers did not work for me.

It looks like the commit 8426914 broke the fuzz/fuzz-configuration-json.cpp
and the commit fe5742f broke the fuzz/fuzz-parse-ling.cpp

I fixed the first issue, but I'm not quite sure how to fix the second one. I got the second one to compile, but now running ./build-fuzz/fuzz/quick-lint-js-fuzz-parse-lint gives me an ASAN error. It looks to me like the Linter_Options have to be setup properly.

ASAN Error:

$ ./build-fuzz/fuzz/quick-lint-js-fuzz-parse-lint

INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 3978531955
INFO: Loaded 1 modules   (181238 inline 8-bit counters): 181238 [0x55f60eed08f0, 0x55f60eefcce6),
INFO: Loaded 1 PC tables (181238 PCs): 181238 [0x55f60eefcce8,0x55f60f1c0c48),
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
/mnt/r/bar/quick-lint-js/src/quick-lint-js/fe/linter.cpp:21:52: runtime error: member access within null pointer of type 'quick_lint_js::Configuration'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /mnt/r/bar/quick-lint-js/src/quick-lint-js/fe/linter.cpp:21:52 in
/mnt/r/bar/quick-lint-js/src/quick-lint-js/fe/linter.cpp:21:52: runtime error: load of null pointer of type 'quick_lint_js::Parser_JSX_Mode'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /mnt/r/bar/quick-lint-js/src/quick-lint-js/fe/linter.cpp:21:52 in
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2711==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x55f60d99344b bp 0x7fffcd3ba870 sp 0x7fffcd3b9fe0 T0)
==2711==The signal is caused by a READ memory access.
==2711==Hint: address points to the zero page.
    #0 0x55f60d99344b in quick_lint_js::parse_and_lint(quick_lint_js::Padded_String_View, quick_lint_js::Diag_Reporter&, quick_lint_js::Linter_Options) /mnt/r/bar/quick-lint-js/src/quick-lint-js/fe/linter.cpp:21:52
    #1 0x55f60d93fe5f in LLVMFuzzerTestOneInput /mnt/r/bar/quick-lint-js/fuzz/fuzz-parse-lint.cpp:16:3
    #2 0x55f60d872a23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/mnt/r/bar/quick-lint-js/build-fuzz/fuzz/quick-lint-js-fuzz-parse-lint+0x631a23) (BuildId: 343ad420bde9f1157244409098879f53da1a8a43)
    #3 0x55f60d873970 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::vector<fuzzer::SizedFile, std::allocator<fuzzer::SizedFile> >&) (/mnt/r/bar/quick-lint-js/build-fuzz/fuzz/quick-lint-js-fuzz-parse-lint+0x632970) (BuildId: 343ad420bde9f1157244409098879f53da1a8a43)
    #4 0x55f60d873fc2 in fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, std::allocator<fuzzer::SizedFile> >&) (/mnt/r/bar/quick-lint-js/build-fuzz/fuzz/quick-lint-js-fuzz-parse-lint+0x632fc2) (BuildId: 343ad420bde9f1157244409098879f53da1a8a43)
    #5 0x55f60d862bc2 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/mnt/r/bar/quick-lint-js/build-fuzz/fuzz/quick-lint-js-fuzz-parse-lint+0x621bc2) (BuildId: 343ad420bde9f1157244409098879f53da1a8a43)
    #6 0x55f60d88b8c2 in main (/mnt/r/bar/quick-lint-js/build-fuzz/fuzz/quick-lint-js-fuzz-parse-lint+0x64a8c2) (BuildId: 343ad420bde9f1157244409098879f53da1a8a43)
    #7 0x7f50e3e0f1c9  (/lib/x86_64-linux-gnu/libc.so.6+0x271c9) (BuildId: 51657f818beb1ae70372216a99b7412b8a100a20)
    #8 0x7f50e3e0f284 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x27284) (BuildId: 51657f818beb1ae70372216a99b7412b8a100a20)
    #9 0x55f60d8577d0 in _start (/mnt/r/bar/quick-lint-js/build-fuzz/fuzz/quick-lint-js-fuzz-parse-lint+0x6167d0) (BuildId: 343ad420bde9f1157244409098879f53da1a8a43)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /mnt/r/bar/quick-lint-js/src/quick-lint-js/fe/linter.cpp:21:52 in quick_lint_js::parse_and_lint(quick_lint_js::Padded_String_View, quick_lint_js::Diag_Reporter&, quick_lint_js::Linter_Options)
==2711==ABORTING
MS: 0 ; base unit: 0000000000000000000000000000000000000000


artifact_prefix='./'; Test unit written to ./crash-da39a3ee5e6b4b0d3255bfef95601890afd80709
Base64:

strager
strager requested changes Jan 10, 2024
View reviewed changes
Copy link
Collaborator

@strager strager left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fixes.

See 'must fix' comment.

fuzz/fuzz-parse-lint.cpp Outdated Show resolved Hide resolved
@rol1510 rol1510 requested a review from strager January 10, 2024 19:04
@strager strager merged commit 4c2d145 into quick-lint:master Jan 11, 2024
102 of 103 checks passed
@rol1510 rol1510 deleted the fix-fuzzer-build branch January 12, 2024 18:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@strager strager Awaiting requested review from strager

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rol1510 @strager