testing: fuzz []byte arguments may be aliased slices #71831
Description
Go version
go version go1.24.0 darwin/arm64
Output of go env in your module/workspace:
AR='ar'
CC='clang'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='clang++'
GCCGO='gccgo'
GO111MODULE=''
GOARCH='arm64'
GOARM64='v8.0'
GOAUTH='netrc'
GOBIN='//Users/nikolaydubina/go/bin'
GOCACHE='/Users/nikolaydubina/Library/Caches/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/Users/nikolaydubina/Library/Application Support/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -arch arm64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -ffile-prefix-map=/var/folders/dt/1y99_j6s0yj7y151_dr026gh0000gn/T/go-build1433113609=/tmp/go-build -gno-record-gcc-switches -fno-common'
GOHOSTARCH='arm64'
GOHOSTOS='darwin'
GOINSECURE=''
GOMOD='/Users/nikolaydubina/Workspace/go-fuzz-bytes-collision/go.mod'
GOMODCACHE='/Users/nikolaydubina/go/pkg/mod'
GONOPROXY='github.com/ndx-technologies'
GONOSUMDB='github.com/ndx-technologies'
GOOS='darwin'
GOPATH='/Users/nikolaydubina/go'
GOPRIVATE='github.com/ndx-technologies'
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/Users/nikolaydubina/Library/Application Support/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/darwin_arm64'
GOVCS=''
GOVERSION='go1.24.0'
GOWORK=''
PKG_CONFIG='pkg-config'What did you do?
package main_test
import (
"bytes"
"testing"
)
func testCollisionTwoByteSlices(t *testing.T, a, b []byte) {
aBefore := make([]byte, len(a))
copy(aBefore, a)
bBefore := make([]byte, len(b))
copy(bBefore, b)
aAfter := append(a, b...)
if !bytes.Equal(aBefore, aAfter[:len(aBefore)]) {
t.Error(aBefore, aAfter, a)
}
if !bytes.Equal(bBefore, b) {
// WARNING: b nor bBefore was ever modified!
t.Error(aBefore, bBefore, a, b, aAfter)
}
}
func TestCollisionTwoByteSlices(t *testing.T) {
// same test data from fuzz tests output files
// fuzz tests keep adding files there, use any new file it creates
a := []byte("\x8bl")
b := []byte("\x8bl\xcef\x1ed\x05\x99\xbfu\xac\x1c")
testCollisionTwoByteSlices(t, a, b)
}
func FuzzCollisionTwoByteSlices(f *testing.F) { f.Fuzz(testCollisionTwoByteSlices) }Here is minimal example: https://github.com/nikolaydubina/go-fuzz-bytes-collision
What did you see happen?
$ go test -fuzz=FuzzCollisionTwoByteSlices .
fuzz: elapsed: 0s, gathering baseline coverage: 0/3 completed
fuzz: elapsed: 0s, gathering baseline coverage: 3/3 completed, now fuzzing with 16 workers
fuzz: minimizing 110-byte failing input file
fuzz: elapsed: 0s, minimizing
--- FAIL: FuzzCollisionTwoByteSlices (0.02s)
--- FAIL: FuzzCollisionTwoByteSlices (0.00s)
fuzz_byte_collision_test.go:22: [158 108 29 51] [158 108 29 51 108 5 153 191 132 158 108 5 153 117 5 153 191 117 140 28] [158 108 29 51] [158 108 29 51 158 108 29 51 108 5 153 191 132 158 108 5 153 117 5 153] [158 108 29 51 158 108 29 51 108 5 153 191 132 158 108 5 153 117 5 153 191 117 140 28]
Failing input written to testdata/fuzz/FuzzCollisionTwoByteSlices/3fc7dfebadf0ffc6
To re-run:
go test -run=FuzzCollisionTwoByteSlices/3fc7dfebadf0ffc6
FAIL
exit status 1
FAIL github.com/nikolaydubina/go-fuzz-bytes-collision 1.196skeeps failing. each time it records new values to file. but manually running the same values in t.Test succeeds. also fuzz test passes "tests" before starting to fuzz, meaning even to fuzz test itself those values that it recorded is correct upon running again. this leads to believe something is wrong in "generation" / "first time creation of []byte args" step in fuzz tests.
What did you expect to see?
fuzz test should be ok, same as test above it
each argument to fuzz test (including []byte) should be independent from each other