lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index] 

Hi, Lua team,

I'm working at Tarantool team and in spare time we are working under fuzzing
LuaJIT, that is used as a Lua runtime in Tarantool. We even catched a number of bugs with fuzzing, one was reported and fixed upstream recently [1]. We build 
our fuzzers using Lua C API, that is actually the same for PUC Rio Lua and
LuaJIT. I thought that since the API is the same, then we can use the same
tests for PUC Rio Lua too.

A couple years ago David Korczynski wrote here [2] about his work towards
integration fuzzing of PUC Rio Lua to OSS Fuzz and he added a single test for 
luaL_loadbuffer. This is a good job for start, but unfortunately test has a
limited code coverage [3] and doesn't cover other functions represented in Lua 
C API.

I made a patch [4] for OSS Fuzz, that adds a number of new tests for the
following Lua C functions: lua_dump, luaL_addgsub luaL_buffaddr, luaL_bufflen, 
luaL_buffsub, luaL_dostring, luaL_gsub, luaL_loadbuffer, luaL_loadbufferx,
luaL_loadstring, lua_load, luaL_traceback, lua_stringtonumber and a
structure-aware test for luaL_loadbuffer with grammar defined in Protobuf, and 
add a seed corpus that should help to improve code coverage.
Pull request with patch is ready to merge, but OSS Fuzz maintainers asked me to 
get an approval from Lua Team before merging.

Roberto and other members of Lua team, could you get an approval?

Thanks in advance, Sergey.

1. https://github.com/tarantool/tarantool/wiki/Fuzzing#trophies
2. https://marc.info/?l=lua-l&m=160573752701293&w=2
3. https://storage.googleapis.com/oss-fuzz-introspector/lua/inspector-report/20230424/fuzz_report.html 
4. https://github.com/google/oss-fuzz/pull/10092