Skip to content

rust-fuzz/cargo-fuzz

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
src
December 13, 2022 21:42
December 10, 2022 03:31
October 25, 2022 13:53
December 19, 2019 11:11
December 9, 2022 18:07
December 9, 2022 18:07
February 20, 2017 21:05
February 20, 2017 21:05

cargo fuzz

A cargo subcommand for fuzzing with libFuzzer! Easy to use!

Installation

$ cargo install cargo-fuzz

Note: libFuzzer needs LLVM sanitizer support, so this only works on x86-64 Linux, x86-64 macOS and Apple-Silicon (aarch64) macOS for now. This also needs a nightly compiler since it uses some unstable command-line flags. You'll also need a C++ compiler with C++11 support.

If you have an old version of cargo fuzz, you can upgrade with this command:

$ cargo install -f cargo-fuzz

Usage

cargo fuzz init

Initialize a cargo fuzz project for your crate!

cargo fuzz add <target>

Create a new fuzzing target!

cargo fuzz run <target>

Run a fuzzing target and find bugs!

cargo fuzz fmt <target> <input>

Print the std::fmt::Debug output for a test case. Useful when your fuzz target takes an Arbitrary input!

cargo fuzz tmin <target> <input>

Found a failing input? Minify it to the smallest input that causes that failure for easier debugging!

cargo fuzz cmin <target>

Minify your corpus of input files!

cargo fuzz coverage <target>

Generate coverage information on the fuzzed program!

Documentation

Documentation can be found in the Rust Fuzz Book.

You can also always find the full command-line options that are available with --help:

$ cargo fuzz --help

Trophy case

The trophy case has a list of bugs found by cargo fuzz (and others). Did cargo fuzz and libFuzzer find a bug for you? Add it to the trophy case!

License

cargo-fuzz is distributed under the terms of both the MIT license and the Apache License (Version 2.0).

See LICENSE-APACHE and LICENSE-MIT for details.