Fuzzer: fix JIT fuzzing

[addisoncrump]

This fixes a couple of issues that were discovered after #317 was merged (most importantly, that JIT fuzzing doesn't even happen!).

This shouldn't be merged until we squash the discovered bugs. I'll open those separately and link to this PR.

[addisoncrump]

@PhilipHazel Is there a preferred security reporting process? Haven't found anything too dire, but in the case that something clearly security-relevant comes up it would be good to know what your preference is.

[PhilipHazel]

Please post something when you think this is ready for merging. As for security reporting, there isn't any preferred process. I can usually read GPG-encrypted email if you feel that is appropriate. In relation to that, I should point out that I am getting old, and at some point somebody else will have to take over this project.

[addisoncrump]

Understood. If it helps, there is a feature in GitHub that allows for security reporting that might reduce some of the workload and make it easier to transfer later if you decide to hand off the project to someone else.

Following up on this: I tested the security reporting system with a friend. Allows for the creation of private fork to go through the standard review process as well, so this seems like a really streamlined solution. You just need to go to the security tab and enable private vulnerability reporting. After that, it just works like issues but restricted and with private pull requests.

[addisoncrump]

The fuzzer seems stable now. However, without resolving the issues opened so far, it might be quite noisy in OSS-Fuzz. I'm going to keep looking for bugs and try to distill them down as much as I can. It should be safe to merge this here before google/oss-fuzz#11195 lands, as it won't use the differential tests yet.

[addisoncrump]

Note that, in addition to fixing the JIT fuzzing, I have also a) made fuzzsupport compatible with 16- and 32-bit modes, but without a dictionary and b) updated the OSS-Fuzz PR to also build different link sizes (with which I was able to replicate #332).

[PhilipHazel]

I am (slowly) working my way through the list of issues you have raised and will fix any non-JIT things, and Zoltan is on the case for JIT so with luck the issues will be resolved. I would like to get a new release out fairly soon as it is almost a year since the last one.

[addisoncrump]

Okay. Differential testing tends to uncover a lot of oddities, so I know it's a lot.

I've not yet reported some things yet, mostly because I want to have a better understanding of the problem before I report them; there's considerable effort involved in reducing testcases to the minimal reproducers and exploring what aspects of the input actually cause the inconsistency/crash. I'm investigating several link size-related issues presently and hope these are simple to resolve (assumption of size and so on).

[addisoncrump]

Marking as draft because I want to get MSAN working with JIT.

[addisoncrump]

@PhilipHazel, would you look at the changes in OSS-Fuzz and review them as well? 🙂 google/oss-fuzz#11195

[PhilipHazel]

Hi, I've added an OK comment to the oss-fuzz PR, but do I need to do something else to formally approve? (I have also released 10.43. Now wait for the bugs to drop out....) Regards, Philip

…

On Fri, 16 Feb 2024 at 12:05, Addison Crump ***@***.***> wrote: @PhilipHazel <https://github.com/PhilipHazel>, would you look at the changes in OSS-Fuzz and review them as well? 🙂 google/oss-fuzz#11195 <google/oss-fuzz#11195> — Reply to this email directly, view it on GitHub <#322 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AG4QUADWEJHW5K2HQYR4VBDYT5DO5AVCNFSM6AAAAAA7FCRH32VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNBYGI3DQNZXHE> . You are receiving this because you were mentioned.Message ID: ***@***.***>