cargo-fuzz
cargo-fuzz copied to clipboard
rust-fuzz
Command line helpers for fuzzing
It seems invoking `-merge=1` is possible with something like: ``` cargo +nightly fuzz run --release rfc4880 -- -merge=1 fuzz/corpus/new ``` This translates to: ``` fuzz/target/x86_64-unknown-linux-gnu/release/rfc4880 -artifact_prefix=/home/vagrant/sloppy-rfc4880/fuzz/artifacts/rfc4880/ -merge=1 fuzz/corpus/new /home/vagrant/sloppy-rfc4880/fuzz/corpus/rfc4880 ```...
Now that `cargo-fuzz` has shaken out the obvious bugs in—let's face it—my test harness, I want to see what sort of seeds to add based on the coverage of the...
The README says "Note: `libFuzzer` needs LLVM sanitizer support, so this is only works on x86-64 Linux and x86-64 macOS for now." Yet, Debian seems to have libfuzzer-x.y-dev (for both...
It should help to figure out how libFuzzer is built and linked against, which in turn should be useful in scenarios like https://github.com/google/oss-fuzz/pull/5867#issuecomment-852870976
We've begun using `cargo-fuzz` in [`linkerd2-proxy`](https://github.com/linkerd/linkerd2-proxy). One thing that's been particularly difficult to manage is the `Cargo.lock` file for each fuzzer. Each fuzzing project is in its own distinct workspace,...
Running on Fedora 33 (x86_64), when I run `cargo fuzz coverage ` I get what looks like a linking error: ``` error: linking with `cc` failed: exit code: 1 |...
When running the `cargo-fuzz` on [this project](https://github.com/nathanwhit/minimal-yaml/tree/22cf0d001361f77acb3032864067c4f84e857aaf), fuzzing runs as intended for a while but inevitably crashes with `Error: Fuzz target exited with signal: 11`. This occurs on both macOS...
I have a corpus of about 3483 different samples. Merging fails when running `llvm-profdata` because it lists each profraw file in the arguments. I believe `llvm-profdata` supports specifying a directory...
Hi, I am fuzzing the Rust implementation of [`swf-parser`](https://github.com/open-flash/swf-parser/tree/master/rs) with `cargo fuzz`. The fuzzer is helpful and found some issues, but it crashes due to OOM (out of memory) errors...
Function with stack overflow crash fuzzer without being registered to `artifacts/`. Minimal reproducing example: function [parse_str()](https://github.com/totikom/syn/blob/133a053fe67d5f360c0ad24370216e0052624dfc/src/lib.rs#L968) Steps to reproduce and stack trace explained in https://github.com/totikom/syn/issues/1
