Cannot use u.choose because it panics

Question

Cannot use u.choose because it panics

bnjjj opened this issue 2 years ago · comments

Hello I'm having an issue when I want to use choose method on an Unstructured struct. Here is the error:

INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 3281183050
INFO: Loaded 1 modules   (77436 inline 8-bit counters): 77436 [0x5651ff1fc2d0, 0x5651ff20f14c),
INFO: Loaded 1 PC tables (77436 PCs): 77436 [0x5651ff20f150,0x5651ff33d910),
INFO:     1521 files found in /home/bnj/rust/apollo-rs/fuzz/corpus/parser
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
doc =====================

========================
INFO: seed corpus: files: 1521 min: 1b max: 727b total: 242498b rss: 37Mb
available type ------------------ []
thread '<unnamed>' panicked at 'called `Result::unwrap()` on an `Err` value: NotEnoughData',

Do you know what I'm doing wrong ?

Thanks a lot.

Operating system: Ubuntu 21.10
Rust version: v1.60.0-nightly

Coenen Benjamin · Answer 1 · Mon Jan 31 2022 21:24:13 GMT+0800 (China Standard Time)

I have the same issue when writing u.int_in_range(0..=1000).unwrap();

Nick Fitzgerald · Answer 2 · Tue Feb 01 2022 02:29:28 GMT+0800 (China Standard Time)

Can you provide a test case and steps to reproduce?

Coenen Benjamin · Answer 3 · Tue Feb 01 2022 18:58:25 GMT+0800 (China Standard Time)

Yes sure, here https://github.com/apollographql/apollo-rs/tree/bnj/feat_apollo_smith_fuzzy_panic in this file https://github.com/apollographql/apollo-rs/blob/bnj/feat_apollo_smith_fuzzy_panic/fuzz/fuzz_targets/parser.rs#L9 this line panics.

You can test it by running cargo fuzz run parser

Nick Fitzgerald · Answer 4 · Wed Feb 02 2022 01:32:44 GMT+0800 (China Standard Time)

You are calling unwrap() on a result. It is expected that this will panic if the result is an Err.

You can use ? in helper functions, rather than unwrap, and then skip any fuzz iteration where you weren't able to construct an instance of your Arbitrary type:

let x = match generate_my_arbitrary_thing(u) {
    Err(_) => {
        // Continue to the next fuzz input.
        return;
    }
    Ok(x) => x,
};

assert_things(x);

Alternatively, you can use the libfuzzer_sys::fuzz_target! macro with your Arbitrary type in the parameter position, which internally does that dance for you:

fuzz_target!(|x: MyArbitraryType| {
    assert_things(x);
});

In the future, I would urge you to put more effort and information in issues you file, including

a minimal test case that doesn't rely on external code and isn't embedded in some external project,
bulleted/numbered steps to reproduce,
expected results, and
actual results

Doing this kind of thing will greatly help the people who are in a position to help you by fixing the bug.

Coenen Benjamin · Answer 5 · Wed Feb 02 2022 01:42:36 GMT+0800 (China Standard Time)

Ok after reading the wasm-smith codebase indeed I didn't see it was skipping on errors so that was basically my mistake. I thought you didn't have any mistakes in your code so now it's pretty clear in my mind. Thanks for the poor quality of my issue, you're right I will try to improve myself in future issues.

Thanks again for your help