Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cifuzz: get_replace_repo_and_build_command can overwrite artifacts copied from Dockerfile #6755

Closed
DavidKorczynski opened this issue Nov 3, 2021 · 7 comments · Fixed by #6941
Closed

cifuzz: get_replace_repo_and_build_command can overwrite artifacts copied from Dockerfile #6755

DavidKorczynski opened this issue Nov 3, 2021 · 7 comments · Fixed by #6941
Assignees
@jonathanmetzman

Comments

@DavidKorczynski
Copy link
Collaborator

Integrating CIFuzz into DuckDB led to an issue where a fuzzer located in OSS-Fuzz gets copied into $SRC/duckdb/fuzznamer.cpp but is then deleted. I believe it's related to rm -rf {rm_path} here

oss-fuzz/infra/cifuzz/continuous_integration.py

Line 156 in a75844d

command = (f'cd / && rm -rf {rm_path} && cp -r {host_repo_path} '

The logs are as follows:

2021-11-03T12:47:32.9399816Z Step 5/5 : COPY parse_fuzz_test.cpp $SRC/duckdb/parse_fuzz_test.cpp
...
...
2021-11-03T12:47:44.9956838Z 2021-11-03 12:47:44,995 - root - INFO - Running: docker run --rm --privileged --cap-add SYS_PTRACE -e FUZZING_ENGINE=libfuzzer -e ARCHITECTURE=x86_64 -e CIFUZZ=True -e SANITIZER=address -e FUZZING_LANGUAGE=c++ -e OUT=/github/workspace/build-out --volumes-from 03cfbe88ed21 gcr.io/oss-fuzz/duckdb /bin/bash -c 'cd / && rm -rf /src/duckdb/* && cp -r /github/workspace/storage/duckdb /src && cd - && compile'.
2021-11-03T12:47:47.6753094Z /src/duckdb

As such, later the build process would fail as the fuzzer is no longer there.

Am not sure if this is by design or not, but putting up the issue as I can imagine a fair number of projects may use the Dockerfile to put stuff into their repository folders.
@DavidKorczynski
Copy link
Collaborator Author

This is the DuckDB PR: duckdb/duckdb#2501

@jonathanmetzman jonathanmetzman self-assigned this Nov 3, 2021
@jonathanmetzman
Copy link
Contributor

This is a known issue. I can try to look into this next week.
CC @oliverchang

@oliverchang
Copy link
Collaborator

The OSV integration copies out the repository from the image instead of checking out its own (which would include any extra non-tracked files that are copied into it). Perhaps we can just do the same thing here?

This was referenced Nov 25, 2021
Merged
Merged
@DavidKorczynski
Copy link
Collaborator Author

Any updates on this one?

This was referenced Nov 26, 2021
Closed
Merged
Merged
Merged
Closed
This was referenced Nov 30, 2021
Closed
Open
@jonathanmetzman
Copy link
Contributor

jonathanmetzman commented Nov 30, 2021
edited
Loading

Starting on this now.

@jonathanmetzman
Copy link
Contributor

The OSV integration copies out the repository from the image instead of checking out its own (which would include any extra non-tracked files that are copied into it). Perhaps we can just do the same thing here?

I'm starting to implement this. But i think it suffers from a flaw.
Suppose the change we are testing is an update to a submodule.
It's not enough to checkout this change, we also need to update the submodules.
Does OSV account for this? Can you point me to the code that does this?

The alternative would be making users clone their repo with github's clone action which is annoying because:

  1. It's a breaking API change.
  2. github's clone makes diffing really hard. I haven't figured out how to make them play nice.

This was referenced Nov 30, 2021
Merged
Closed
jonathanmetzman added a commit that referenced this issue Nov 30, 2021
@jonathanmetzman
[cifuzz] Copy repo from image before checking out.
e1a257a 
Do this instead of cloning repo anew.
Fixes: #6755
@jonathanmetzman jonathanmetzman mentioned this issue Nov 30, 2021
Merged
@oliverchang
Copy link
Collaborator

It's not enough to checkout this change, we also need to update the submodules.
Does OSV account for this? Can you point me to the code that does this?

I don't think we handle submodules today (I thought we did). We could in theory always call checkout with --recurse-submodules or something similar.

jonathanmetzman added a commit that referenced this issue Dec 1, 2021
@jonathanmetzman
[cifuzz] Copy repo from image before checking out. (#6941)
a458e3c 
* [cifuzz] Copy repo from image before checking out.

Do this instead of cloning repo anew.
Fixes: #6755

* fix tests

* Add test code for cifuzz-example

* fix
@DavidKorczynski DavidKorczynski mentioned this issue Dec 2, 2021
Closed
MartinPetkov pushed a commit to MartinPetkov/oss-fuzz that referenced this issue Aug 15, 2022
@jonathanmetzman @MartinPetkov
[cifuzz] Copy repo from image before checking out. (google#6941)
6cac231 
* [cifuzz] Copy repo from image before checking out.

Do this instead of cloning repo anew.
Fixes: google#6755

* fix tests

* Add test code for cifuzz-example

* fix
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jonathanmetzman jonathanmetzman

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[cifuzz] Copy repo from image before checking out. google/oss-fuzz
3 participants
@DavidKorczynski @oliverchang @jonathanmetzman