nginx: Fuzz Introspector report and "Functions of interest to fuzz" show incorrect data #13267
Assignees
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Fuzz Introspector report shows incorrect fuzzers and other data, see e.g. https://storage.googleapis.com/oss-fuzz-introspector/nginx/inspector-report/20250427/fuzz_report.html
In particular, the fuzzers are wrong:
fuzzer-test-suite/lcms-2017-03-21/cms_transform_fuzzer.candfuzzer-test-suite/sqlite-2016-11-14/ossfuzz.c.Similarly, the section "Functions of interest to fuzz" on the main Fuzz Introspector page of nginx shows wrong functions: https://introspector.oss-fuzz.com/project-profile?project=nginx
Interestingly, other sections in the main page and in the report show the correct fuzzer (
http_request_fuzzer) and correct source files.Apparently, this line throws off the internal logic of Fuzz Introspector: https://github.com/google/oss-fuzz/blame/cafd7a0eb8ecb4e007c56897996a9b65c49c972f/projects/nginx/Dockerfile#L22. This line git-clones
fuzzer-test-suiteproject, though I don't see how it is used anywhere in nginx fuzzing (but I didn't dig deep).Briefly looking at a couple other projects (like Apache httpd), their reports look fine. It seems contained to nginx only.
The text was updated successfully, but these errors were encountered: