From 308a0fcc063bc1da27bb035c76f1425042a89273 Mon Sep 17 00:00:00 2001 From: Alex Crichton Date: Tue, 5 Jul 2022 15:43:37 -0500 Subject: [PATCH] Disable reference types in v8 fuzzing (#4387) OSS-fuzz long-ago discovered https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45662 which we currently believe to be a bug in v8. I originally thought it was going to be fixed with https://bugs.chromium.org/p/v8/issues/detail?id=12722 but that no longer appears to be the case now that the `v8` crate has caught up and it still isn't fixed. Personally I've sort of lost an appetite for continuing to debug these issues so I figure it's best to just disable reference types with v8 for now and exercise the rest of the engine, e.g. simd. --- fuzz/fuzz_targets/differential_v8.rs | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/fuzz/fuzz_targets/differential_v8.rs b/fuzz/fuzz_targets/differential_v8.rs index 882ae6628e..e4546ea8c1 100644 --- a/fuzz/fuzz_targets/differential_v8.rs +++ b/fuzz/fuzz_targets/differential_v8.rs @@ -19,7 +19,16 @@ fn run(data: &[u8]) -> Result<()> { // Enable features that v8 has implemented config.module_config.config.simd_enabled = u.arbitrary()?; config.module_config.config.bulk_memory_enabled = u.arbitrary()?; - config.module_config.config.reference_types_enabled = u.arbitrary()?; + + // FIXME: reference types are disabled for now as we seemingly keep finding + // a segfault in v8. This is found relatively quickly locally and keeps + // getting found by oss-fuzz and currently we don't think that there's + // really much we can do about it. For the time being disable reference + // types entirely. An example bug is + // https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45662 + // + // config.module_config.config.reference_types_enabled = u.arbitrary()?; + // FIXME: to enable fuzzing with the threads proposal, see // https://github.com/bytecodealliance/wasmtime/issues/4268. // config.module_config.config.threads_enabled = u.arbitrary()?;