Skip to content

infra/helper: pass the right arguments to docker_run in reproduce_impl #14178

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

infra/helper: pass the right arguments to docker_run in reproduce_impl #14178

wants to merge 2 commits into from

Conversation

@ret2libc
Copy link
Contributor

@ret2libc ret2libc commented Oct 22, 2025 

def docker_run(run_args, print_output=True, architecture='x86_64'):
  """Calls `docker run`."""

the argument of docker_run(that is run_function) is print_output and I don't think err_result had the same meaning.

Without this patch, using infra/helper.py reproduce does not produce any output because the docker stdout is not printed.

@ret2libc ret2libc mentioned this pull request Nov 3, 2025
Merged
@ret2libc
Copy link
Contributor Author

ret2libc commented Nov 10, 2025

Ping!

Is there anything I can do to ease the review of this PR?

@DavidKorczynski
Copy link
Collaborator

DavidKorczynski commented Nov 10, 2025

overall lgtm! Can you show a difference in output for context?

@ret2libc
Copy link
Contributor Author

ret2libc commented Nov 11, 2025

Without the patch:

python3 infra/helper.py reproduce libpng libpng_read_fuzzer $(pwd)/pov.bin
INFO:__main__:Running: docker run --privileged --shm-size=2g --platform linux/amd64 --rm -i -e HELPER=True -e -v /Users/ret2libc/projects/oss-fuzz/build/out/libpng:/out -v /Users/ret2libc/projects/oss-fuzz/pov.bin:/testcase -t gcr.io/oss-fuzz-base/base-runner:latest reproduce libpng_read_fuzzer -runs=100.

With the patch:

python3 infra/helper.py reproduce libpng libpng_read_fuzzer $(pwd)/pov.bin
INFO:__main__:Running: docker run --privileged --shm-size=2g --platform linux/amd64 --rm -i -e HELPER=True -e -v /Users/ret2libc/projects/oss-fuzz/build/out/libpng:/out -v /Users/ret2libc/projects/oss-fuzz/pov.bin:/testcase -t gcr.io/oss-fuzz-base/base-runner:manifest-arm64v8 reproduce libpng_read_fuzzer -runs=100.
+ FUZZER=libpng_read_fuzzer
+ shift
+ '[' '!' -v TESTCASE ']'
+ TESTCASE=/testcase
+ '[' '!' -f /testcase ']'
+ export RUN_FUZZER_MODE=interactive
+ RUN_FUZZER_MODE=interactive
+ export FUZZING_ENGINE=libfuzzer
+ FUZZING_ENGINE=libfuzzer
+ export SKIP_SEED_CORPUS=1
+ SKIP_SEED_CORPUS=1
+ run_fuzzer libpng_read_fuzzer -runs=100 /testcase
/out/libpng_read_fuzzer -rss_limit_mb=2560 -timeout=25 -runs=100 /testcase -dict=png.dict -timeout_exitcode=0 < /dev/null
Dictionary: 28 entries
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 459535906
INFO: Loaded 1 modules   (5705 inline 8-bit counters): 5705 [0x6557f0, 0x656e39),
INFO: Loaded 1 PC tables (5705 PCs): 5705 [0x5f70b0,0x60d540),
/out/libpng_read_fuzzer: Running 1 inputs 100 time(s) each.
Running: /testcase
=================================================================
==17==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address 0xffffe61c7f72 at pc 0x000000595d10 bp 0xffffe61c7ef0 sp 0xffffe61c7ee8
READ of size 2 at 0xffffe61c7f72 thread T0
SCARINESS: 29 (2-byte-read-dynamic-stack-buffer-overflow)
    #0 0x595d0c in OSS_FUZZ_png_handle_iCCP /src/libpng/pngrutil.c:1447:10
[...]

This is just a fake vulnerability. Without the PR reproduce is not producing any output.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ret2libc @DavidKorczynski