Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WARNING: no interesting inputs were found so far. Is the code instrumented for coverage? #406

Closed
Changochen opened this issue Apr 20, 2023 · 2 comments
Closed

WARNING: no interesting inputs were found so far. Is the code instrumented for coverage? #406

Changochen opened this issue Apr 20, 2023 · 2 comments
Assignees
@0xricksanchez

Comments

@Changochen
Copy link

Thanks for creating such an awesome tool!

I have the problem trying to fuzz file-type as a test for fuzzing async function.

My harness FuzzTarget.js:

import {fileTypeFromBuffer} from 'file-type';

export async function fuzz(data /*: Buffer */) {
       const fuzzerData = data.toString();
       return await fileTypeFromBuffer(Buffer.from(fuzzerData));
}

package.json:

{
  "devDependencies": {
    "@jazzer.js/core": "^1.4.0"
  },
  "dependencies": {
    "file-type": "^18.2.1"
  },
  "type": "module"
}

Running and the result is:

# npx jazzer FuzzTarget
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 574878024
INFO: Loaded 1 modules   (512 inline 8-bit counters): 512 [0x7ffff4f22010, 0x7ffff4f22210),
INFO: Loaded 1 PC tables (512 PCs): 512 [0x7fffdefff010,0x7fffdf001010),
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
INFO: A corpus is not provided, starting from an empty corpus
#2      INITED exec/s: 0 rss: 122Mb
WARNING: no interesting inputs were found so far. Is the code instrumented for coverage?
This may also happen if the target rejected all inputs we tried so far
#65536  pulse  corp: 1/1b lim: 652 exec/s: 32768 rss: 224Mb
#131072 pulse  corp: 1/1b lim: 1300 exec/s: 32768 rss: 226Mb

I tried to write

export function fuzz_promise(data /*: Buffer */) {
       const fuzzerData = data.toString();
       return await fileTypeFromBuffer(Buffer.from(fuzzerData));
}

Which doesn't work.

So I wonder why there is no coverage found. If the code is instrumented, it should not find no interesting inputs.

Thanks!
@0xricksanchez 0xricksanchez self-assigned this Apr 21, 2023
@0xricksanchez
Copy link
Contributor

0xricksanchez commented Apr 25, 2023
edited

Hi @Changochen, thanks for being patient. I just managed to look into the issue at hand here.
I started with a basic reproducer.

This was my fuzz.js:

// fuzz.js
const { fileTypeFromBuffer } = require("file-type");

/**
 * @param { Buffer } data
 */
module.exports.fuzz = function(data) {
	const fuzzData = data.toString();
	return fileTypeFromBuffer(Buffer.from(fuzzData));
};

This is the package.json I used:

{
  "name": "ftype-fuzz",
  "version": "1.0.0",
  "description": "",
  "main": "fuzz.js",
  "dependencies": {
    "file-type": "^18.3.0"
  },
  "scripts": {
    "fuzz": "jazzer fuzz -i ftype",
  },
  "devDependencies": {
    "@jazzer.js/core": "file:../../packages/core"
  }
}

Running it:

$ npm i && npm run fuzz
(node:41056) Warning: Accessing non-existent property 'default' of module exports inside circular dependency
(Use `node --trace-warnings ...` to show where the warning was created)

jazzer.js/examples/ftype/node_modules/append-transform/index.js:64
                        hook(module, filename);
   ^
Error [ERR_REQUIRE_ESM]: require() of ES Module jazzer.js/examples/ftype/node_modules/file-type/index.js from jazzer.js/examples/ftype/fuzz.js not supported.
Instead change the require of index.js in jazzer.js/examples/ftype/fuzz.js to a dynamic import() which is available in all CommonJS modul
s.
    at Object.<anonymous> (jazzer.js/examples/ftype/node_modules/append-transform/index.js:64:4)
    at Object.<anonymous> (jazzer.js/examples/ftype/fuzz.js:8:5)
    at Module._compile (jazzer.js/examples/ftype/node_modules/source-map-support/source-map-support.js:568:25)
    at Module.replacementCompile (jazzer.js/examples/ftype/node_modules/append-transform/index.js:60:13)
    at Object.<anonymous> (jazzer.js/examples/ftype/node_modules/append-transform/index.js:64:4)

This showcases the problem, that didn't occur in your case, by writing your fuzz case in ES6 syntax. The npmjs page confirms, that:

This package is a ESM package. Your project needs to be ESM too. [Read more](https://gist.github.com/sindresorhus/a39789f98801d908bbc7ff3ecc99d99c).

Checking the repository also shows that this is a pure ESM module, which we currently don't support (compare: #162, #239). It's on our roadmap to get full ESM support in the foreseeable future! Until then, I recommend writing fuzz tests in CommonJS as it can uncover such an issue at a faster pace.

PS: PR's with better ESM support are welcome ;D

@Changochen
Copy link
Author

I see. Thanks for the investigation and the information!

PS: PR's with better ESM support are welcome ;D
I am not famililar with ESM. If I manage to do it I will definitely make a PR!

@hulkoba hulkoba mentioned this issue Dec 8, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@0xricksanchez 0xricksanchez

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@0xricksanchez @Changochen