You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#![no_main]use arbitrary::Arbitrary;use libfuzzer_sys::fuzz_target;#[derive(Debug,Arbitrary)]structCtx{foo:u8,bar:String,}fuzz_target!(|c: Ctx| {// Let's just make it crash.
assert!(c.bar.len() > (c.foo asusize));
});
When I run this fuzzer and it crashes I get the following message printed;
Failing input:
artifacts/fuzz_target_1/crash-adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
Output of `std::fmt::Debug`:
Ctx {
foo: 10,
bar: "",
}
Reproduce with:
cargo fuzz run fuzz_target_1 artifacts/fuzz_target_1/crash-adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
Minimize test case with:
cargo fuzz tmin fuzz_target_1 artifacts/fuzz_target_1/crash-adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
However when I run the reproduction command I'll get something like this;
$ cargo fuzz run fuzz_target_1 artifacts/fuzz_target_1/crash-adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 880669544
INFO: Loaded 1 modules (7173 inline 8-bit counters): 7173 [0x55843e82bb10, 0x55843e82d715),
INFO: Loaded 1 PC tables (7173 PCs): 7173 [0x55843e82d718,0x55843e849768),
target/x86_64-unknown-linux-gnu/release/fuzz_target_1: Running 1 inputs 1 time(s) each.
Running: artifacts/fuzz_target_1/crash-adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
thread '<unnamed>' panicked at fuzz_targets/fuzz_target_1.rs:14:5:
assertion failed: c.bar.len() > (c.foo as usize)
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
==471585== ERROR: libFuzzer: deadly signal
#0 0x55843e62a5b1 (/home/nathaniel/fuzz_debug/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0xf95b1)
#1 0x55843e68c5d9 (/home/nathaniel/fuzz_debug/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x15b5d9)
#2 0x55843e6779a5 (/home/nathaniel/fuzz_debug/fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1+0x1469a5)
#3 0x7fd45df71d9f (/nix/store/whypqfa83z4bsn43n4byvmw80n4mg3r8-glibc-2.37-45/lib/libc.so.6+0x38d9f) (BuildId: 2b9ebcc534a497a5e424c017f310e087ec14b7b6)
# Truncated ...
Notably I don't get the Debug print as earlier. This is kind of painful as I'll often get a minimized test-case from somewhere like google/oss-fuzz and I can't see the original debug statement. My workaround at the moment is to put a println!() statement in when I'm reproduces a bug and delete it later. Note that I have tried to conditionally print using the fuzzing_repro config as described in the cargo-fuzz book. But that doesn't seem to print anything at all even in repro mode?
cargo fuzz fmt fuzz_target_1 artifacts/fuzz_target_1/crash-adc83b19e793491b1c6ea0fd8b46cd9f32e592fc will print the failing input. Which might be useful workaround for now.
Take a simple fuzz harness e.g.
When I run this fuzzer and it crashes I get the following message printed;
However when I run the reproduction command I'll get something like this;
Notably I don't get the Debug print as earlier. This is kind of painful as I'll often get a minimized test-case from somewhere like google/oss-fuzz and I can't see the original debug statement. My workaround at the moment is to put a
println!()statement in when I'm reproduces a bug and delete it later. Note that I have tried to conditionally print using thefuzzing_reproconfig as described in the cargo-fuzz book. But that doesn't seem to print anything at all even in repro mode?Any thought's on how to best manage this? I feel like I'm missing something important.
The text was updated successfully, but these errors were encountered: