Logging issue in gnutls_idna_parser_fuzzer

[Dor1s]

If you take a look at performance report for gnutls_idna_parser_fuzzer: https://oss-fuzz.com/v2/performance-report/libFuzzer_gnutls_idna_parser_fuzzer/libfuzzer_asan_gnutls/latest

You'll see that it suffers a lot from startup_crash issue. Actually, there is a logging issue due to printf being called for (almost?) every input: https://gitlab.com/gnutls/gnutls/blob/master/devel/fuzz/gnutls_idna_parser_fuzzer.cc#L34

Could you please remove that printf from fuzz target or ping maintainers to remove it and never add it again? :)

Regarding incorrect verdict from performance analysis, we are working on it.

[Dor1s]

@alex, I would like to assign this to you, but cannot :)

[alex]

CC @nmav who wrote that fuzzer.

[nmav]

Done

[alex]

Is there a way for us to force rebuild?

[inferno-chromium]

No, sorry no way to force rebuild, filed #419.
https://oss-fuzz-build-logs.storage.googleapis.com/build_logs/gnutls/latest.txt
devel/fuzz/gnutls_idna_parser_fuzzer.cc:34:24: error: use of undeclared identifier 'strlen'
assert(out.size == strlen(out.data));

[inferno-chromium]

@nmav - can you look at the last failure.

[nmav]

@inferno-chromium I've committed a fix to include string.h.

[Dor1s]

Thanks for the fixes, I've kicked off the next build manually.

[Dor1s]

One more error:

+ clang++ -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-coverage=trace-pc-guard,trace-cmp -stdlib=libc++ -std=c++11 -Ilib/includes devel/fuzz/gnutls_idna_parser_fuzzer.cc -o /out/gnutls_idna_parser_fuzzer lib/.libs/libgnutls.a -lFuzzingEngine -lpthread -Wl,-Bstatic -lhogweed -lnettle -lgmp -Wl,-Bdynamic
devel/fuzz/gnutls_idna_parser_fuzzer.cc:35:24: error: no matching function for call to 'strlen'
    assert(out.size == strlen(out.data));
                       ^~~~~~
/usr/include/assert.h:89:5: note: expanded from macro 'assert'
  ((expr)                                                               \
    ^~~~
/usr/include/string.h:394:15: note: candidate function not viable: no known conversion from 'unsigned char *' to 'const char *' for 1st argument
extern size_t strlen (const char *__s)
              ^
1 error generated.

[nmav]

Updated.

[Dor1s]

Cool, now build is successful, thanks @nmav ! Though it is marked as UNSTABLE due to crashes which are easy to find (https://oss-fuzz-build-logs.storage.googleapis.com/status.html). All those crashes should have been already automatically filed in the bug tracker, or they will be filed soon :)

[alex]

Can this be closed now?

[inferno-chromium]

It is now crashing 100% of the time on the assert added
https://gitlab.com/gnutls/gnutls/blob/master/devel/fuzz/gnutls_idna_parser_fuzzer.cc#L35

See https://oss-fuzz.com/v2/testcase-detail/6049131028021248 and https://oss-fuzz.com/v2/performance-report/libFuzzer_gnutls_idna_parser_fuzzer/libfuzzer_asan_gnutls/latest

[alex]

Why is that happening marked as reproducible: no, if it's 100%? (I didn't see it because I only follow the issue tracker)

[inferno-chromium]

I couldn't reproduce that locally, need to debug more.

[inferno-chromium]

Something has fixed this, the issue is now gone - https://oss-fuzz.com/v2/performance-report/libFuzzer_gnutls_idna_parser_fuzzer/libfuzzer_asan_gnutls/latest.