https://github.com/check-spelling-sandbox/skipper/actions/runs/20650384825 generated a sarif file...
cifuzz-sarif/results.sarif (minus excess rules)
{
"version": "2.1.0",
"$schema": "http://json.schemastore.org/sarif-2.1.0-rtm.4",
"runs": [
{
"tool": {
"driver": {
"name": "ClusterFuzzLite/CIFuzz",
"informationUri": "https://google.github.io/clusterfuzzlite/",
"rules": [
{
"id": "no-crashes",
"shortDescription": {
"text": "Don't crash"
},
"helpUri": "https://cwe.mitre.org/data/definitions/416.html",
"properties": {
"category": "Crashes"
}
}
]
}
},
"results": [
{
"level": "error",
"message": {
"text": "Null-dereference READ"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "compiler-rt/lib/fuzzer/FuzzerTracePC.h",
"index": 0
},
"region": {
"startLine": 165,
"startColumn": 1
}
}
}
],
"ruleId": "no-crashes",
"ruleIndex": 0
}
]
}
]
}It's unclear how anything could use that artifactLocation for anything. It isn't the location of code in the repository...
It also doesn't align with
tmplr3eguke.summary
SCARINESS: 10 (null-deref)
#0 0x562165c32550 in operator() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerTracePC.cpp:413:9
#1 0x562165c32550 in IterateCounterRegions<(lambda at /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerTracePC.cpp:412:25)> /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerTracePC.h:165:9
#2 0x562165c32550 in fuzzer::TracePC::ClearInlineCounters() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerTracePC.cpp:412:3
#3 0x562165c16ee5 in ResetMaps /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerTracePC.h:87:5
#4 0x562165c16ee5 in fuzzer::Fuzzer::Fuzzer(int (*)(unsigned char const*, unsigned long), fuzzer::InputCorpus&, fuzzer::MutationDispatcher&, fuzzer::FuzzingOptions const&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:145:7
#5 0x562165c090d8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:817:17
#6 0x562165c356c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#7 0x7f86877b1082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d)
https://github.com/check-spelling-sandbox/skipper/actions/runs/20650384825 generated a sarif file...
cifuzz-sarif/results.sarif (minus excess rules)
{ "version": "2.1.0", "$schema": "http://json.schemastore.org/sarif-2.1.0-rtm.4", "runs": [ { "tool": { "driver": { "name": "ClusterFuzzLite/CIFuzz", "informationUri": "https://google.github.io/clusterfuzzlite/", "rules": [ { "id": "no-crashes", "shortDescription": { "text": "Don't crash" }, "helpUri": "https://cwe.mitre.org/data/definitions/416.html", "properties": { "category": "Crashes" } } ] } }, "results": [ { "level": "error", "message": { "text": "Null-dereference READ" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "compiler-rt/lib/fuzzer/FuzzerTracePC.h", "index": 0 }, "region": { "startLine": 165, "startColumn": 1 } } } ], "ruleId": "no-crashes", "ruleIndex": 0 } ] } ] }It's unclear how anything could use that
artifactLocationfor anything. It isn't the location of code in the repository...It also doesn't align with
tmplr3eguke.summary