This post is part of the Input Coverage > Code Coverage series.
Fuzz the binary, not the library. Make panics abort.
fuzz-afl/src/main.rs
(optional persistent harness):
fn process(data: &[u8]) {
let s = String::from_utf8_lossy(data);
let _ = csv_import_cli::ingest_rows_unbounded(&s);
}
fn main() {
#[cfg(feature = "afl")]
{
afl::fuzz!(|data: &[u8]| { process(data); });
}
#[cfg(not(feature = "afl"))]
{
use std::io::Read;
let mut buf = Vec::new();
std::io::stdin().read_to_end(&mut buf).unwrap();
process(&buf);
}
}
Run:
cargo install cargo-afl
export RUSTFLAGS="-C panic=abort"
# Option 1: fuzz the CLI.
cargo afl build --bin import
mkdir -p afl_in afl_out
printf "N=1\n0,x,1\n" > afl_in/seed
cargo afl fuzz -i afl_in -o afl_out target/debug/import @@
# Option 2: fuzz the harness.
cargo afl build -F afl --bin csv-import-cli-fuzz-afl
cargo afl fuzz -i afl_in -o afl_out target/debug/csv-import-cli-fuzz-afl @@
Expect a crash from huge N
. Fix by capping N
before reserve.
Next: Panics Are Not Crashes