- Notifications
You must be signed in to change notification settings - Fork2.5k
[gitpython] Fix Broken Build#11763
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
The pre-installed version of `pip` (19.x) was outdated and unable toparse the `pyproject.toml` syntax during the install step in `build.sh`causing the script to error out and crash.Upgrading `pip` to the latest version in the project image resolves theissue and allows the installation to complete.[1]:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67399
This project has a deep dependency graph which caused the call toatheris.instrament_all() slow down the fuzzers significantly as itinstramented 4,000+ functions, many of which were not relevant to thespecific fuzz target APIs. Replacing it with a with-statement that onlyinstraments the target code provides significant efficency benefits instartup time and execution speed.Dictionaries and seed_corpus zips provide additional efficiency boosts.This was made evident by the new exceptions raised by the fuzz inputdata which are now handled accordingly.
DaveLak is a new contributor toprojects/gitpython. The PR must be approved by known contributors before it can be merged. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
As I wasn't aware fuzzing was happening here, I am not sure if I am able to approve this PR. In any case, it's appreciated to fuzzing back to work - thanks a lot for your help.
Closing this in favor of a forthcoming PR to migrate the fuzz harnesses upstream. |
Migrates the OSS-Fuzz tests and setup scripts from the OSS-Fuzzrepository to GitPython's repo as discussed here:gitpython-developers#1887 (comment)These files include the changes that were originally proposed in:google/oss-fuzz#11763Additional changes include:- A first pass at documenting the contents of the fuzzing set up in a dedicated README.md- Adding the dictionary files to this repo for improved visibility. Seed corpra zips are still located in an external repo pending further discussion regarding where those should live in the long term.
Uh oh!
There was an error while loading.Please reload this page.
Fixes ClusterFuzz issues67399 and55299
Issue 67399: gitpython: Fuzzing build failure
Since: 2024-03-11
The Problem
The pre-installed version of
pip(19.2.3) was outdated and unable to parse thepyproject.tomlsyntax during the install step inbuild.shcausing the script to error out and crash.The Solution
Upgrading
pipto the latest version in the project image resolves the issue and allows the installation to complete.Issue 55299: gitpython: Coverage build failure
Since: 2023-01-21
The Problem
(my hypothesis at least)
I believe the root of the issue here was caused by fuzzer initialization and execution taking too long for the actual run to generate a meaningful corpus. I suspect this because:
atheris.instrament_all()to instrument 4,000+ functions before the fuzzer execution could begin which was causing a significant delay (on my local machine, at least) before actual test execution would start.The Solution(-ish)
The commit message on908ba9c should sum it up, but the TL;DR is I reduced the scope of instrumented functions to align closer with the APIs being fuzzed and added dictionaries and seed corpra which provided promising results locally.
fuzz_tree.pyis still slow as far as average_exec_per_sec, but startup is quicker and with the seed data it gets close to its coverage depth fairly quickly as well.