Skip to content
Rust bindings and utilities for LLVM’s libFuzzer
C++ CMake Rust C Other
Branch: master
Clone or download
Manishearth Merge pull request #57 from fitzgen/bump-to-0.3.0
Update `arbitrary` dependency and bump to version 0.3.0
Latest commit ff648be Jan 22, 2020
Type Name Latest commit message Commit time
Failed to load latest commit information.
ci Write debug output to `RUST_LIBFUZZER_DEBUG_PATH`, when set Jan 9, 2020
example Move CI tests out to their own script Jan 9, 2020
example_arbitrary Write debug output to `RUST_LIBFUZZER_DEBUG_PATH`, when set Jan 9, 2020
libfuzzer Update libFuzzer to be from the 'release_90' branch Oct 20, 2019
src Write debug output to `RUST_LIBFUZZER_DEBUG_PATH`, when set Jan 9, 2020
.gitignore Initial commit Feb 17, 2017 Update `arbitrary` dependency and bump to version 0.3.0 Jan 22, 2020
Cargo.toml Update `arbitrary` dependency and bump to version 0.3.0 Jan 22, 2020 Bump to version 0.2.0 and update README/Cargo.toml metadata Jan 14, 2020 Fix default for c++ std lib env var Jan 16, 2020
rust-toolchain CI: use nightly toolchain by default Jan 14, 2020 Add script for updating libfuzzer from upstream. Aug 17, 2018

The libfuzzer-sys Crate

Barebones wrapper around LLVM's libFuzzer runtime library.

The CPP parts are extracted from compiler-rt git repository with git filter-branch.

libFuzzer relies on LLVM sanitizer support. The Rust compiler has built-in support for LLVM sanitizer support, for now, it's limited to Linux. As a result, libfuzzer-sys only works on Linux.


Use cargo fuzz!

The recommended way to use this crate with cargo fuzz!.

Manual Usage

This crate can also be used manually as following:

First create a new cargo project:

$ cargo new --bin fuzzed
$ cd fuzzed

Then add a dependency on the fuzzer-sys crate and your own crate:

libfuzzer-sys = "0.2.0"
your_crate = { path = "../path/to/your/crate" }

Change the fuzzed/src/ to fuzz your code:


use libfuzzer_sys::fuzz_target;

fuzz_target!(|data: &[u8]| {
    // code to fuzz goes here

Build by running the following command:

$ cargo rustc -- \
    -C passes='sancov' \
    -C llvm-args='-sanitizer-coverage-level=3' \
    -Z sanitizer=address

And finally, run the fuzzer:

$ ./target/debug/fuzzed

Updating libfuzzer from upstream

./ <llvm/compiler-rt SHA1>


All files in libfuzzer directory are licensed NCSA.

Everything else is dual-licensed Apache 2.0 and MIT.

You can’t perform that action at this time.