-
Notifications
You must be signed in to change notification settings - Fork 44
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update arbitrary #53
Update arbitrary #53
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -13,7 +13,11 @@ edition = "2018" | |
members = ["."] | ||
|
||
[dependencies] | ||
arbitrary = "0.2" | ||
# arbitrary = "0.3" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. feel free to cut a release, you should have access |
||
arbitrary = { git = "https://github.com/rust-fuzz/arbitrary.git", rev = "8fa099d" } | ||
|
||
[build-dependencies] | ||
cc = "1.0" | ||
|
||
[features] | ||
arbitrary-derive = ["arbitrary/derive"] |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
#!/usr/bin/env bash | ||
|
||
set -eux | ||
cd $(dirname $0)/.. | ||
|
||
export CARGO_TARGET_DIR=$(pwd)/target | ||
|
||
pushd ./example | ||
cargo rustc \ | ||
--release \ | ||
-- \ | ||
-Cpasses='sancov' \ | ||
-Cllvm-args=-sanitizer-coverage-level=4 \ | ||
-Cllvm-args=-sanitizer-coverage-trace-compares \ | ||
-Cllvm-args=-sanitizer-coverage-inline-8bit-counters \ | ||
-Cllvm-args=-sanitizer-coverage-stack-depth \ | ||
-Cllvm-args=-sanitizer-coverage-trace-geps \ | ||
-Cllvm-args=-sanitizer-coverage-prune-blocks=0 \ | ||
-Zsanitizer=address | ||
(! $CARGO_TARGET_DIR/release/example -runs=100000) | ||
popd | ||
|
||
pushd ./example_arbitrary | ||
cargo rustc \ | ||
--release \ | ||
-- \ | ||
-Cpasses='sancov' \ | ||
-Cllvm-args=-sanitizer-coverage-level=4 \ | ||
-Cllvm-args=-sanitizer-coverage-trace-compares \ | ||
-Cllvm-args=-sanitizer-coverage-inline-8bit-counters \ | ||
-Cllvm-args=-sanitizer-coverage-stack-depth \ | ||
-Cllvm-args=-sanitizer-coverage-trace-geps \ | ||
-Cllvm-args=-sanitizer-coverage-prune-blocks=0 \ | ||
-Zsanitizer=address | ||
(! $CARGO_TARGET_DIR/release/example_arbitrary -runs=10000000) | ||
RUST_LIBFUZZER_DEBUG_PATH=$(pwd)/debug_output \ | ||
$CARGO_TARGET_DIR/release/example_arbitrary \ | ||
$(ls ./crash-* | head -n 1) | ||
cat $(pwd)/debug_output | ||
grep -q Rgb $(pwd)/debug_output | ||
popd |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
crash-* |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
crash-* | ||
debug_output |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,18 @@ | ||
#![no_main] | ||
|
||
use libfuzzer_sys::fuzz_target; | ||
use libfuzzer_sys::{arbitrary, fuzz_target}; | ||
|
||
fuzz_target!(|data: u16| { | ||
if data == 0xba7 { // ba[nana] | ||
panic!("success!"); | ||
#[derive(arbitrary::Arbitrary, Debug)] | ||
struct Rgb { | ||
r: u8, | ||
g: u8, | ||
b: u8, | ||
} | ||
|
||
fuzz_target!(|rgb: Rgb| { | ||
if rgb.r < rgb.g { | ||
if rgb.g < rgb.b { | ||
panic!("success: r < g < b!"); | ||
} | ||
} | ||
}); |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -118,6 +118,18 @@ macro_rules! fuzz_target { | |
(|$bytes:ident| $body:block) => { | ||
#[no_mangle] | ||
pub extern "C" fn rust_fuzzer_test_input($bytes: &[u8]) { | ||
// When `RUST_LIBFUZZER_DEBUG_PATH` is set, write the debug | ||
// formatting of the input to that file. This is only intended for | ||
// `cargo fuzz`'s use! | ||
if let Ok(path) = std::env::var("RUST_LIBFUZZER_DEBUG_PATH") { | ||
use std::io::Write; | ||
let mut file = std::fs::File::create(path) | ||
.expect("failed to create `RUST_LIBFUZZER_DEBUG_PATH` file"); | ||
writeln!(&mut file, "{:?}", $bytes) | ||
.expect("failed to write to `RUST_LIBFUZZER_DEBUG_PATH` file"); | ||
return; | ||
} | ||
|
||
$body | ||
} | ||
}; | ||
|
@@ -129,14 +141,27 @@ macro_rules! fuzz_target { | |
(|$data:ident: $dty: ty| $body:block) => { | ||
#[no_mangle] | ||
pub extern "C" fn rust_fuzzer_test_input(bytes: &[u8]) { | ||
use libfuzzer_sys::arbitrary::{Arbitrary, RingBuffer}; | ||
use libfuzzer_sys::arbitrary::{Arbitrary, Unstructured}; | ||
|
||
let mut buf = match RingBuffer::new(bytes, bytes.len()) { | ||
Ok(b) => b, | ||
Err(_) => return, | ||
}; | ||
let mut u = Unstructured::new(bytes); | ||
let data = <$dty as Arbitrary>::arbitrary_take_rest(u); | ||
|
||
// When `RUST_LIBFUZZER_DEBUG_PATH` is set, write the debug | ||
// formatting of the input to that file. This is only intended for | ||
// `cargo fuzz`'s use! | ||
if let Ok(path) = std::env::var("RUST_LIBFUZZER_DEBUG_PATH") { | ||
use std::io::Write; | ||
let mut file = std::fs::File::create(path) | ||
.expect("failed to create `RUST_LIBFUZZER_DEBUG_PATH` file"); | ||
(match data { | ||
Ok(data) => writeln!(&mut file, "{:#?}", data), | ||
Err(err) => writeln!(&mut file, "Arbitrary Error: {}", err), | ||
}) | ||
.expect("failed to write to `RUST_LIBFUZZER_DEBUG_PATH` file"); | ||
return; | ||
} | ||
|
||
let $data: $dty = match Arbitrary::arbitrary(&mut buf) { | ||
let $data = match data { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This should be first. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I wanted to handle running a fuzz target with debug enabled on some input that doesn't parse as an arbitrary, so you still get some idea of what is going on rather than silent early exit. Does that make sense? |
||
Ok(d) => d, | ||
Err(_) => return, | ||
}; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
eventually should probably move to GHA
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍