cargo-fuzz icon indicating copy to clipboard operation
cargo-fuzz copied to clipboard
verified publisher icon rust-fuzz

Set `-C target-feature=-crt-static` automatically when running `cargo fuzz run`

Open tyilo opened this issue 10 months ago • 2 comments

Following the tutorial with the latest nightly version of rust, you get the following error:

$ git clone https://github.com/servo/rust-url.git
$ cd rust-url
$ git checkout bfa167b4e0253642b6766a7aa74a99df60a94048
$ rustup override set nightly
$ rustc --version
rustc 1.86.0-nightly (a567209da 2025-02-13)
$ cargo --version
cargo 1.86.0-nightly (2928e3273 2025-02-07)
$ cargo fuzz init
$ cargo fuzz list
fuzz_target_1
$ cat > fuzz/fuzz_targets/fuzz_target_1.rs
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate url;

fuzz_target!(|data: &[u8]| {
    if let Ok(s) = std::str::from_utf8(data) {
        let _ = url::Url::parse(s);
    }
});
^D
$ cargo fuzz run fuzz_target_1
warning: no edition set: defaulting to the 2015 edition while the latest is 2024
    Updating crates.io index
     Locking 9 packages to latest compatible versions
   Compiling libc v0.2.169
   Compiling shlex v1.3.0
   Compiling matches v0.1.10
   Compiling rustc-serialize v0.3.25
   Compiling arbitrary v1.4.1
error: sanitizer is incompatible with statically linked libc, disable it using `-C target-feature=-crt-static`

error: could not compile `matches` (lib) due to 1 previous error
warning: build failed, waiting for other jobs to finish...
error: could not compile `arbitrary` (lib) due to 1 previous error
error: could not compile `rustc-serialize` (lib) due to 1 previous error
Error: failed to build fuzz script: ASAN_OPTIONS="detect_odr_violation=0" RUSTFLAGS="-Cpasses=sancov-module -Cllvm-args=-sanitizer-coverage-level=4 -Cllvm-args=-sanitizer-coverage-inline-8bit-counters -Cllvm-args=-sanitizer-coverage-pc-table -Cllvm-args=-sanitizer-coverage-trace-compares --cfg fuzzing -Clink-dead-code -Zsanitizer=address -Cllvm-args=-sanitizer-coverage-stack-depth -Cdebug-assertions -C codegen-units=1" "cargo" "build" "--manifest-path" "/tmp/rust-url/fuzz/Cargo.toml" "--target" "x86_64-unknown-linux-musl" "--release" "--config" "profile.release.debug=true" "--bin" "fuzz_target_1"

tyilo avatar Feb 14 '25 08:02 tyilo

I had the same behavior on my machine, rustc=1.88.0-nightly and cargo==1.88.0-nightly, after installing with cargo binstall cargo-fuzz.

As shown in #398, cargo binstall mixes stuff and nothing works; after running cargo install cargo-fuzz --force, it now runs fine! 👍

Then, how did you install cargo-fuzz?

ojob avatar May 21 '25 13:05 ojob

This happens even when the host is musl-based and cargo-fuzz has been installed with cargo install cargo-fuzz as can be seen by running the example in an alpine-based docker image:

docker run --rm -it rust:1.87-alpine

# apk add --no-cache musl-dev g++ git
# cargo install cargo-fuzz
# git clone https://github.com/servo/rust-url.git
# cd rust-url
# git checkout bfa167b4e0253642b6766a7aa74a99df60a94048
# rustup override set nightly
# rustc --version
rustc 1.89.0-nightly (bc8215286 2025-05-20)
# cargo --version
cargo 1.89.0-nightly (47c911e9e 2025-05-14)
# cargo fuzz --version
cargo-fuzz 0.12.0
# cargo fuzz init
# cargo fuzz list
fuzz_target_1
# cat > fuzz/fuzz_targets/fuzz_target_1.rs
#![no_main]
#[macro_use] extern crate libfuzzer_sys;
extern crate url;

fuzz_target!(|data: &[u8]| {
    if let Ok(s) = std::str::from_utf8(data) {
        let _ = url::Url::parse(s);
    }
});
^D
# cargo fuzz run fuzz_target_1
warning: no edition set: defaulting to the 2015 edition while the latest is 2024
    Updating crates.io index
     Locking 15 packages to latest compatible versions
  Downloaded matches v0.1.10
  Downloaded jobserver v0.1.33
  Downloaded shlex v1.3.0
  Downloaded arbitrary v1.4.1
  Downloaded rustc-serialize v0.3.25
  Downloaded cc v1.2.23
  Downloaded libfuzzer-sys v0.4.9
  Downloaded 7 crates (364.5KiB) in 0.48s
   Compiling libc v0.2.172
   Compiling shlex v1.3.0
   Compiling matches v0.1.10
   Compiling arbitrary v1.4.1
   Compiling rustc-serialize v0.3.25
error: sanitizer is incompatible with statically linked libc, disable it using `-C target-feature=-crt-static`

error: could not compile `matches` (lib) due to 1 previous error
warning: build failed, waiting for other jobs to finish...
error: could not compile `arbitrary` (lib) due to 1 previous error
error: could not compile `rustc-serialize` (lib) due to 1 previous error
Error: failed to build fuzz script: ASAN_OPTIONS="detect_odr_violation=0" RUSTFLAGS="-Cpasses=sancov-module -Cllvm-args=-sanitizer-coverage-level=4 -Cllvm-args=-sanitizer-coverage-inline-8bit-counters -Cllvm-args=-sanitizer-coverage-pc-table -Cllvm-args=-sanitizer-coverage-trace-compares --cfg fuzzing -Clink-dead-code -Zsanitizer=address -Cllvm-args=-sanitizer-coverage-stack-depth -Cdebug-assertions -C codegen-units=1" "cargo" "build" "--manifest-path" "/rust-url/fuzz/Cargo.toml" "--target" "x86_64-unknown-linux-musl" "--release" "--config" "profile.release.debug=true" "--bin" "fuzz_target_1"

Running with RUSTFLAGS='-C target-feature=-crt-static' cargo fuzz run fuzz_target_1 works which is why I think -C target-feature=-crt-static should always be set by cargo fuzz.

tyilo avatar May 21 '25 19:05 tyilo