Skip to content

ci: buffer fuzz timeout above max_total_time so libFuzzer self-exits #40

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
27Bslash6 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

ci: buffer fuzz timeout above max_total_time so libFuzzer self-exits #40

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 14 additions & 4 deletions .github/workflows/security.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,8 +124,12 @@ jobs:
cd fuzz
# Build first - fail fast on compile errors
cargo fuzz build ${{ matrix.target }}
# Run corpus - timeout exit code 124 is acceptable (means it ran)
timeout 120 cargo fuzz run ${{ matrix.target }} -- -runs=0 -max_total_time=120 || [ $? -eq 124 ]
# libFuzzer self-exits at -max_total_time (graceful "Done ..."); the outer
# `timeout` is a +30s hang safety-net only. Buffer matters because libFuzzer's
# clock starts after build/corpus-load, so an equal `timeout` would always
# SIGTERM first ("run interrupted") and the graceful path would be unreachable.
# Exit 124 (timeout fired = genuine hang) is still tolerated.
timeout 150 cargo fuzz run ${{ matrix.target }} -- -runs=0 -max_total_time=120 || [ $? -eq 124 ]

deep-fuzz:
name: Deep Fuzzing (8 hours)
Expand Down Expand Up @@ -183,8 +187,14 @@ jobs:
cd fuzz
# Build first - fail fast on compile errors
cargo fuzz build ${{ matrix.target }}
# Run fuzz - timeout exit code 124 is acceptable (means it ran the full duration)
timeout 28800 cargo fuzz run ${{ matrix.target }} -- -max_total_time=28800 || [ $? -eq 124 ]
# libFuzzer self-exits at -max_total_time=8h with a graceful "Done N runs ..."
# (final stats + corpus consolidation). The outer `timeout` is +3min slack so
# it only fires on a genuine hang — NOT as the normal end-of-budget stop. An
# equal `timeout` would always win the race (libFuzzer's clock starts later,
# after build/corpus-load) and every run would log "run interrupted" instead,
# making a real hang indistinguishable from normal completion. Still inside the
# 540min job cap. Exit 124 (hang killed by timeout) remains tolerated.
timeout 28980 cargo fuzz run ${{ matrix.target }} -- -max_total_time=28800 || [ $? -eq 124 ]

- name: Upload crash artifacts
if: always()
Expand Down
Loading