cargo-fuzz icon indicating copy to clipboard operation
cargo-fuzz copied to clipboard

Published 20 hours ago verified publisher icon rust-fuzz

Support custom mutators

Open ruuda opened this issue 6 years ago • 1 comments

Libfuzzer supports user-supplied mutators for structure-aware fuzzing. The user should provide a function

extern "C" size_t LLVMFuzzerCustomMutator(
  uint8_t *Data,
  size_t Size,
  size_t MaxSize,
  unsigned int Seed
)

that mutates the data, and it can call LLVMFuzzerMutate to while doing so.

Would it be possible to support this in cargo-fuzz?

ruuda avatar Feb 21 '19 18:02 ruuda

Not currently, we need weak symbol support in rustc.

What I might do is rejigger the libfuzzer API to let me pass this stuff in by hand instead

On Fri, Feb 22, 2019, 12:11 AM Ruud van Asseldonk [email protected] wrote:

Libfuzzer supports user-supplied mutators for structure-aware fuzzing. https://github.com/google/fuzzer-test-suite/blob/530dae991ed41b4214a2a36844fecdf3f246cab9/tutorial/structure-aware-fuzzing.md The user should provide a function

extern "C" size_t LLVMFuzzerCustomMutator( uint8_t *Data, size_t Size, size_t MaxSize, unsigned int Seed )

that mutates the data, and it can call LLVMFuzzerMutate to while doing so.

Would it be possible to support this in cargo-fuzz?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/rust-fuzz/cargo-fuzz/issues/170, or mute the thread https://github.com/notifications/unsubscribe-auth/ABivSFtYOd16up-mhVwzZWgDufzRyRJNks5vPuhagaJpZM4bIFFR .

Manishearth avatar Feb 21 '19 18:02 Manishearth

Hi, can you provide some solutions? I may need this feature very much. :)

void0red avatar Sep 22 '23 10:09 void0red

You're welcome to experiment with this and provide a patch.

Manishearth avatar Sep 22 '23 15:09 Manishearth

We already support custom mutators: https://docs.rs/libfuzzer-sys/latest/libfuzzer_sys/macro.fuzz_mutator.html

fitzgen avatar Sep 22 '23 19:09 fitzgen