Add rsass targets

[killercup]

Currently finds >50 unique crashes (according to honggfuzz)!

[killercup]

cc @kaj -- you can try this by checking out this PR's branch and running cargo run target rsass_sass or cargo run target rsass_value. Most crashes seem to be from unwraps around str::from_utf8 and I've also seen an underflow from this line.

[kaj]

Cool, I'll look into this! Please don't hold your breath, though. I will look at it a little right now, but after that I won't have much time for about two weeks.

Thank you for considering rsass for fuss testing!

[kaj]

Hmm ... I seem to be missing some kind of "obvious first step" ... I get error: no such subcommand: 'hfuzz', and cargo +nightly install hfuzz finds nothing to install. What do I need to install? I don't find any answer in the readme of this repo, but presumably there's a main fuzz repo somewhere?

Update: Answering my own question, cargo +nightly install honggfuzz seems to do the trick.

[killercup]

`cargo install honggfuzz` is probably what you need. (We should add that to the Readme as well as the error message) Rasmus Kaj <notifications@github.com> schrieb am Fr. 4. Mai 2018 um 19:42:

…

Hmm ... I seem to be missing some kind of "obvious first step" ... I get error: no such subcommand: 'hfuzz', and cargo +nightly install hfuzz finds nothing to install. What do I need to install? I don't find any answer in the readme of this repo, but presumably there's a main fuzz repo somewhere? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#119 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AABOX1OVuD0prHq76fzTp2BLbzao8U7Pks5tvJMdgaJpZM4Tyomb> .

[kaj]

Hm. Still no go here. After happily compiling what seems to be most Rust code ever written :-) my command cargo +nightly run target rsass_value fails on:

   Compiling fuzz-targets-common v0.1.0 (file:///home/kaj/proj/rust/targets/common)
error[E0425]: cannot find function `parse_tree_from_data` in module `usvg`
   --> common/src/lib.rs:904:23
    |
904 |         let _ = usvg::parse_tree_from_data(text, &usvg::Options::default());
    |                       ^^^^^^^^^^^^^^^^^^^^ not found in `usvg`

error: aborting due to previous error

For more information about this error, try `rustc --explain E0425`.
error: Could not compile `fuzz-targets-common`.

I guess this project can also fuss usvg, except for a recent change in it. Is there a way to build only the particular fuzz target I want to run?

[killercup]

I guess this project can also fuss usvg, except for a recent change in it. Is there a way to build only the particular fuzz target I want to run?

Yeah, that's sadly a current limitation. But it's already fixed on master, so I've rebased this branch. After git pull --rebase it should hopefully finally work for you :)

[killercup]

Btw, here is a quick way to reproduce some of the crashes: https://gist.github.com/killercup/579e31cc6896dfe8222b86d94c5e7787

[kaj]

I havn't tried all the inputs from your gist, @killercup , but most seems to be fixed now. I won't have much more time to try out fuzz-testing in the coming weeks, but if you can provide such examples that causes current rsass to crash, I hope to be able to take a look at them.

And thanks again for the initiative to fuzz-test rsass!

[killercup]

Great that you could already fix some of this, @kaj! I might have a look at it myself when I have some time. Otherwise, feel free to ping me if you want to pick this up again!

bors r+

[bors]

Build failed

• continuous-integration/travis-ci/push

[frewsxcv]

Fixed the ring error in briansmith/ring#646. Wonder if we should add back that Cargo.lock file so we don't get blocked on these issues in the future.

[killercup]

@frewsxcv yeah, go ahead and add that lock file. If we fuzz locally we'll detect breakages early enough,

[frewsxcv]

bors r+

[bors]

Build failed

• continuous-integration/travis-ci/push

[frewsxcv]

bors r+

[bors]

Build succeeded

• continuous-integration/travis-ci/push