[lua] broken dictionary processing in Centipede

[ligurio]

Project: Lua
Log: https://oss-fuzz-build-logs.storage.googleapis.com/log-bd7d8f76-0a04-4910-9f19-508aa8910eb2.txt

Step #23 - "build-check-centipede-none-x86_64": /tmp/not-out/tmpu8iz7olo/centipede --workdir=/tmp/tmpmk27ueot --corpus_dir="/tmp/fuzz_lua_corpus" --fork_server=1 --exit_on_crash=1 --timeout=1200 --rss_limit_mb=4096 --address_space_limit_mb=5120 --dictionary fuzz_lua.dict --binary="/tmp/not-out/tmpu8iz7olo/fuzz_lua"
Step #23 - "build-check-centipede-none-x86_64": I0430 06:31:55.624831   26982 environment.cc:365] --timeout_per_batch default wasn't overridden; auto-computed to be 4616 sec (see --help for details)
Step #23 - "build-check-centipede-none-x86_64": I0430 06:31:55.631664   26982 centipede.cc:177] shard=0 inputs_added=0 inputs_ignored=0 num_shard_bytes=0 shard_data.size()=0 
Step #23 - "build-check-centipede-none-x86_64": I0430 06:31:55.631881   26982 centipede_interface.cc:220] Coverage dir: /tmp/tmpmk27ueot/fuzz_lua-ce5d6128477ed6243045ff61a9906edc8526d5ed; temporary dir: /tmp/centipede-26982-140463982925632
Step #23 - "build-check-centipede-none-x86_64": F0430 06:31:55.633569   26982 centipede_callbacks.cc:279] Check failed: !unpacked_dictionary.empty() Empty or corrupt dictionary file: fuzz_lua.dict
Step #23 - "build-check-centipede-none-x86_64": *** Check failure stack trace: ***
Step #23 - "build-check-centipede-none-x86_64":     @     0x555dc14475f4  absl::lts_20230125::log_internal::LogMessage::SendToLog()
Step #23 - "build-check-centipede-none-x86_64":     @     0x555dc1447353  absl::lts_20230125::log_internal::LogMessage::Flush()
Step #23 - "build-check-centipede-none-x86_64":     @     0x555dc1447989  absl::lts_20230125::log_internal::LogMessageFatal::~LogMessageFatal()
Step #23 - "build-check-centipede-none-x86_64":     @     0x555dc140d2be  centipede::CentipedeCallbacks::LoadDictionary()
Step #23 - "build-check-centipede-none-x86_64":     @     0x555dc13e2ca3  centipede::CentipedeDefaultCallbacks::CentipedeDefaultCallbacks()
Step #23 - "build-check-centipede-none-x86_64":     @     0x555dc13e2ab2  centipede::DefaultCallbacksFactory<>::create()
Step #23 - "build-check-centipede-none-x86_64":     @     0x555dc13e519c  centipede::CentipedeMain()
Step #23 - "build-check-centipede-none-x86_64":     @     0x555dc13e24a8  main
Step #23 - "build-check-centipede-none-x86_64":     @     0x7fc051d0e083  __libc_start_main
Step #23 - "build-check-centipede-none-x86_64": /usr/local/bin/run_fuzzer: line 227: 26982 Aborted                 (core dumped) bash -c "$CMD_LINE"

[ligurio]

I reproduce it on the latest version (a2d6f31) with command below:

python infra/helper.py check_build --sanitizer none --engine centipede --architecture x86_64 lua

[ligurio]

fuzz_lua

[0] ~/sources/oss-fuzz $ sudo python infra/helper.py check_build --sanitizer none --engine centipede --architecture x86_64 lua fuzz_lua
INFO:__main__:Running: docker run --privileged --shm-size=2g --platform linux/amd64 --rm -i -e FUZZING_ENGINE=centipede -e SANITIZER=none -e ARCHITECTURE=x86_64 -e FUZZING_LANGUAGE=c -e HELPER=True -v /home/sergeyb/sources/oss-fuzz/build/out/lua:/out -t gcr.io/oss-fuzz-base/base-runner test_one.py fuzz_lua.
INFO: performing bad build checks for /tmp/not-out/tmp3ive1vex/fuzz_lua
BAD BUILD: fuzzing /tmp/not-out/tmp3ive1vex/fuzz_lua with centipede failed.
vm.mmap_rnd_bits = 28
/tmp/not-out/tmp3ive1vex/centipede --workdir=/tmp/tmp2s_9atdw --corpus_dir="/tmp/fuzz_lua_corpus" --fork_server=1 --exit_on_crash=1 --timeout=1200 --rss_limit_mb=4096 --address_space_limit_mb=5120 --dictionary fuzz_lua.dict --binary="/tmp/not-out/tmp3ive1vex/fuzz_lua"
I0507 13:53:10.745448      27 environment.cc:365] --timeout_per_batch default wasn't overridden; auto-computed to be 4616 sec (see --help for details)
I0507 13:53:10.747943      27 centipede.cc:177] shard=0 inputs_added=0 inputs_ignored=0 num_shard_bytes=0 shard_data.size()=0 
I0507 13:53:10.748037      27 centipede_interface.cc:220] Coverage dir: /tmp/tmp2s_9atdw/fuzz_lua-8463257006c1f94d8caa4b8be9a3fd1689a5f842; temporary dir: /tmp/centipede-27-140533524866880
F0507 13:53:10.748626      27 centipede_callbacks.cc:279] Check failed: !unpacked_dictionary.empty() Empty or corrupt dictionary file: fuzz_lua.dict
*** Check failure stack trace: ***
    @     0x555fade8e5f4  absl::lts_20230125::log_internal::LogMessage::SendToLog()
    @     0x555fade8e353  absl::lts_20230125::log_internal::LogMessage::Flush()
    @     0x555fade8e989  absl::lts_20230125::log_internal::LogMessageFatal::~LogMessageFatal()
    @     0x555fade542be  centipede::CentipedeCallbacks::LoadDictionary()
    @     0x555fade29ca3  centipede::CentipedeDefaultCallbacks::CentipedeDefaultCallbacks()
    @     0x555fade29ab2  centipede::DefaultCallbacksFactory<>::create()
    @     0x555fade2c19c  centipede::CentipedeMain()
    @     0x555fade294a8  main
    @     0x7fd082d6b083  __libc_start_main
/usr/local/bin/run_fuzzer: line 227:    27 Aborted                 (core dumped) bash -c "$CMD_LINE"

ERROR:__main__:Check build failed.

lua_dump_test

[0] ~/sources/oss-fuzz $ sudo python infra/helper.py check_build --sanitizer none --engine centipede --architecture x86_64 lua lua_dump_test
INFO:__main__:Running: docker run --privileged --shm-size=2g --platform linux/amd64 --rm -i -e FUZZING_ENGINE=centipede -e SANITIZER=none -e ARCHITECTURE=x86_64 -e FUZZING_LANGUAGE=c -e HELPER=True -v /home/sergeyb/sources/oss-fuzz/build/out/lua:/out -t gcr.io/oss-fuzz-base/base-runner test_one.py lua_dump_test.
INFO: performing bad build checks for /tmp/not-out/tmpiy7k0ku6/lua_dump_test
BAD BUILD: fuzzing /tmp/not-out/tmpiy7k0ku6/lua_dump_test with centipede failed.
vm.mmap_rnd_bits = 28
/tmp/not-out/tmpiy7k0ku6/centipede --workdir=/tmp/tmpltkqlf7z --corpus_dir="/tmp/lua_dump_test_corpus" --fork_server=1 --exit_on_crash=1 --timeout=1200 --rss_limit_mb=4096 --address_space_limit_mb=5120 --dictionary lua_dump_test.dict --binary="/tmp/not-out/tmpiy7k0ku6/lua_dump_test"
I0507 13:54:08.517072      20 environment.cc:365] --timeout_per_batch default wasn't overridden; auto-computed to be 4616 sec (see --help for details)
I0507 13:54:08.519606      20 centipede.cc:177] shard=0 inputs_added=0 inputs_ignored=0 num_shard_bytes=0 shard_data.size()=0 
I0507 13:54:08.519685      20 centipede_interface.cc:220] Coverage dir: /tmp/tmpltkqlf7z/lua_dump_test-467d29e6ebc4419a9fdffb6761bb7d2033dd8301; temporary dir: /tmp/centipede-20-140067567126336
F0507 13:54:08.520334      20 centipede_callbacks.cc:279] Check failed: !unpacked_dictionary.empty() Empty or corrupt dictionary file: lua_dump_test.dict
*** Check failure stack trace: ***
    @     0x55a4a3f0f5f4  absl::lts_20230125::log_internal::LogMessage::SendToLog()
    @     0x55a4a3f0f353  absl::lts_20230125::log_internal::LogMessage::Flush()
    @     0x55a4a3f0f989  absl::lts_20230125::log_internal::LogMessageFatal::~LogMessageFatal()
    @     0x55a4a3ed52be  centipede::CentipedeCallbacks::LoadDictionary()
    @     0x55a4a3eaaca3  centipede::CentipedeDefaultCallbacks::CentipedeDefaultCallbacks()
    @     0x55a4a3eaaab2  centipede::DefaultCallbacksFactory<>::create()
    @     0x55a4a3ead19c  centipede::CentipedeMain()
    @     0x55a4a3eaa4a8  main
    @     0x7f640597d083  __libc_start_main
/usr/local/bin/run_fuzzer: line 227:    20 Aborted                 (core dumped) bash -c "$CMD_LINE"

ERROR:__main__:Check build failed.