Skip to content

Commit

Permalink
Fix instructions related to example
Browse files Browse the repository at this point in the history 
* Add liblzma-dev in the list of prerequisites (found as needed on
  Debian 9 Stretch) - fixes rust-fuzz#38
* Fix incorrect instructions on how to run run-debug session. With the
  provided instructions the follwing error appears:

    eddy@aptonia:~/usr/src/rust/learn-rust/fuzz/honggfuzz-rs/example-honggfuzz-rs $ cargo hfuzz run-debug example hfuzz_workspace/*.fuzz
    /usr/bin/ld.gold
        Finished dev [unoptimized + debuginfo] target(s) in 0.04s
    bind: Invalid command `enable-meta-key'.
    (lldb) command script import "/home/eddy/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/etc/lldb_rust_formatters.py"
    (lldb) type summary add --no-value --python-function lldb_rust_formatters.print_val -x ".*" --category Rust
    (lldb) type category enable Rust
    (lldb) target create "hfuzz_target/x86_64-unknown-linux-gnu/debug/example"
    Current executable set to 'hfuzz_target/x86_64-unknown-linux-gnu/debug/example' (x86_64).
    (lldb) b rust_panic
    Breakpoint 1: where = example`rust_panic + 19, address = 0x000000000001cc23
    (lldb) r
    error: failed to open "hfuzz_workspace/*.fuzz"
    ...

 Instead, with the proposed (more copy-paste friendly) command we get:

    eddy@aptonia:~/usr/src/rust/learn-rust/fuzz/honggfuzz-rs/example-honggfuzz-rs $ cargo hfuzz run-debug example hfuzz_workspace/*/*.fuzz
    /usr/bin/ld.gold
        Finished dev [unoptimized + debuginfo] target(s) in 0.02s
    bind: Invalid command `enable-meta-key'.
    (lldb) command script import "/home/eddy/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/etc/lldb_rust_formatters.py"
    (lldb) type summary add --no-value --python-function lldb_rust_formatters.print_val -x ".*" --category Rust
    (lldb) type category enable Rust
    (lldb) target create "hfuzz_target/x86_64-unknown-linux-gnu/debug/example"
    Current executable set to 'hfuzz_target/x86_64-unknown-linux-gnu/debug/example' (x86_64).
    (lldb) b rust_panic
    Breakpoint 1: where = example`rust_panic + 19, address = 0x000000000001cc23
    (lldb) r
    thread 'main' panicked at 'BOOM', src/main.rs:23:13
    stack backtrace:
       0: backtrace::backtrace::libunwind::trace
                 at /cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.44/src/backtrace/libunwind.rs:86
       1: backtrace::backtrace::trace_unsynchronized
                 at /cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.44/src/backtrace/mod.rs:66
       2: std::sys_common::backtrace::_print_fmt
                 at src/libstd/sys_common/backtrace.rs:78
       3: <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt
                 at src/libstd/sys_common/backtrace.rs:59
       4: core::fmt::write
                 at src/libcore/fmt/mod.rs:1063
       5: std::io::Write::write_fmt
                 at src/libstd/io/mod.rs:1426
       6: std::sys_common::backtrace::_print
                 at src/libstd/sys_common/backtrace.rs:62
       7: std::sys_common::backtrace::print
                 at src/libstd/sys_common/backtrace.rs:49
       8: std::panicking::default_hook::{{closure}}
                 at src/libstd/panicking.rs:204
       9: std::panicking::default_hook
                 at src/libstd/panicking.rs:224
      10: std::panicking::rust_panic_with_hook
                 at src/libstd/panicking.rs:470
      11: std::panicking::begin_panic
                 at /rustc/8d69840ab92ea7f4d323420088dd8c9775f180cd/src/libstd/panicking.rs:397
      12: example::main::{{closure}}
                 at src/main.rs:23
      13: honggfuzz::fuzz
                 at /home/eddy/.cargo/registry/src/github.com-1ecc6299db9ec823/honggfuzz-0.5.49/src/lib.rs:329
      14: example::main
                 at src/main.rs:15
      15: std::rt::lang_start::{{closure}}
                 at /rustc/8d69840ab92ea7f4d323420088dd8c9775f180cd/src/libstd/rt.rs:67
      16: std::rt::lang_start_internal::{{closure}}
                 at src/libstd/rt.rs:52
      17: std::panicking::try::do_call
                 at src/libstd/panicking.rs:303
      18: __rust_maybe_catch_panic
                 at src/libpanic_unwind/lib.rs:86
      19: std::panicking::try
                 at src/libstd/panicking.rs:281
      20: std::panic::catch_unwind
                 at src/libstd/panic.rs:394
      21: std::rt::lang_start_internal
                 at src/libstd/rt.rs:51
      22: std::rt::lang_start
                 at /rustc/8d69840ab92ea7f4d323420088dd8c9775f180cd/src/libstd/rt.rs:67
      23: main
      24: __libc_start_main
      25: _start
    note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
    Process 20748 stopped
    * thread rust-fuzz#1: tid = 20748, 0x0000555555570c23 example`rust_panic + 19 at panicking.rs:522, name = 'example', stop reason = breakpoint 1.1
        frame #0: 0x0000555555570c23 example`rust_panic + 19 at panicking.rs:522

    Process 20748 launched: '/home/eddy/usr/src/rust/learn-rust/fuzz/honggfuzz-rs/example-honggfuzz-rs/hfuzz_target/x86_64-unknown-linux-gnu/debug/example' (x86_64)
    (lldb) bt
    * thread rust-fuzz#1: tid = 20748, 0x0000555555570c23 example`rust_panic + 19 at panicking.rs:522, name = 'example', stop reason = breakpoint 1.1
      * frame #0: 0x0000555555570c23 example`rust_panic + 19 at panicking.rs:522
        frame rust-fuzz#1: 0x0000555555570c05 example`std::panicking::rust_panic_with_hook::h1f2449d529a25f22 + 613 at panicking.rs:492
        frame rust-fuzz#2: 0x0000555555566f31 example`std::panicking::begin_panic::h6b93f15a3a49143e + 161 at panicking.rs:397
        frame rust-fuzz#3: 0x0000555555560ddf example`example::main::_$u7b$$u7b$closure$u7d$$u7d$::h133bb93c90f06ee6 + 319 at main.rs:23
        frame rust-fuzz#4: 0x000055555556074a example`honggfuzz::fuzz::hff971e0d42e0e071 + 394 at lib.rs:329
        frame rust-fuzz#5: 0x00005555555615a8 example`example::main::h23bfee7ceacfd6a7 + 8 at main.rs:15
        frame rust-fuzz#6: 0x000055555556164b example`std::rt::lang_start::_$u7b$$u7b$closure$u7d$$u7d$::h4f84ee5cbd303f5c + 11 at rt.rs:67
        frame rust-fuzz#7: 0x00005555555705f3 example`std::panicking::try::do_call::h0b6fc9f6090c1e2b + 19 at rt.rs:52
        frame rust-fuzz#8: 0x0000555555572417 example`__rust_maybe_catch_panic + 23 at lib.rs:86
        frame rust-fuzz#9: 0x0000555555570ffc example`std::rt::lang_start_internal::hcea4e704875ab132 + 892 at panicking.rs:281
        frame rust-fuzz#10: 0x0000555555561627 example`std::rt::lang_start::h9f940eb84f79aaf4 + 71 at rt.rs:67
        frame rust-fuzz#11: 0x00005555555615da example`main + 42
        frame rust-fuzz#12: 0x00007ffff721a2e1 libc.so.6`__libc_start_main + 241
        frame rust-fuzz#13: 0x000055555556045a example`_start + 42
    (lldb) quit
    Quitting LLDB will kill one or more processes. Do you really want to proceed: [Y/n]

Signed-off-by: Eddy Petrișor <eddy.petrisor@gmail.com>
  • Loading branch information
@eddyp
eddyp committed Jun 14, 2020
1 parent 652d8d9 commit 2c7a395
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions README.md
View file
Expand Up @@ -42,7 +42,7 @@ Honggfuzz is a security oriented fuzzer with powerful analysis options. Supports
For example on Debian and its derivatives:

```sh
sudo apt install build-essential binutils-dev libunwind-dev libblocksruntime-dev
sudo apt install build-essential binutils-dev libunwind-dev libblocksruntime-dev liblzma-dev
```

## How to use this crate
Expand Down Expand Up @@ -104,7 +104,7 @@ Once you got a crash, replay it easily in a debug environment

```sh
# builds the target in debug mode and replays automatically the crash in rust-lldb
cargo hfuzz run-debug example fuzzing_workspace/*.fuzz
cargo hfuzz run-debug example hfuzz_workspace/*/*.fuzz
```

You can also build and run your project without compile-time software instrumentation (LLVM's SanCov passes)
Expand Down

0 comments on commit 2c7a395

Please sign in to comment.