[PATCH] D70738: [libFuzzer] Add custom output function
Manish Goregaokar via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Fri Dec 6 14:25:07 PST 2019
Manishearth added a comment.
In D70738#1773461 <https://reviews.llvm.org/D70738#1773461>, @kcc wrote:
> BTW, may I ask you to provide some details of your Rust fuzz target examples?
> (like the code of the fuzz target and the output with your patch)
There's a short example here <https://github.com/rust-fuzz/libfuzzer-sys/blob/master/example_arbitrary/src/main.rs#L5-L9>, but a real example where this would matter a LOT is something like
fuzz_target!(|(s, b): (String, bool) | {
if s == "hello" && b {
panic!("success!");
}
});
We're actually still working on improving the behavior around this, right now it's a bit slow for silly reasons, but we'd like the above to work smoothly.
A running example I have locally is
fuzz_target!(|data: (u8, u8)| {
if 0 == data.0 && 70 == data.1 {
panic!("no")
}
});
which produces the output
SUMMARY: libFuzzer: deadly signal
MS: 1 InsertByte-; base unit: 5ba93c9db0cff93f52b521d7420e43f6eda2784f
0x0,0x46,
\x00F
artifact_prefix='/home/manishearth/mozilla/sand/fuzz/fuzz-test/fuzz/artifacts/fuzz_target_1/'; Test unit written to /home/manishearth/mozilla/sand/fuzz/fuzz-test/fuzz/artifacts/fuzz_target_1/crash-beb59e97091dd2f1ada25fea1abf7a70ac3ada78
Base64: AEY=
Formatted: (0, 70)
If you want to look at our output function, it's here <https://github.com/rust-fuzz/libfuzzer-sys/pull/48/files#diff-b4aea3e418ccdb71239b96952d9cddb6R149>, the `println!("Formatted: {:?}", data)` is doing the actual formatting.
Repository:
rCRT Compiler Runtime
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D70738/new/
https://reviews.llvm.org/D70738
More information about the llvm-commits
mailing list