Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fuzzing with honggfuzz-rs #263

Closed
wants to merge 2 commits into from
Closed

Fuzzing with honggfuzz-rs #263

wants to merge 2 commits into from

Conversation

goffrie
Copy link
Contributor

@goffrie goffrie commented Apr 20, 2018

This uses honggfuzz-rs to generate a "script" that is used to mock out IO. It's pretty simple, but I've found it able to detect all the issues in #260, #261, and #262 (the latter two being issues that we actually hit in production).

Run with HFUZZ_RUN_ARGS="-t 1" cargo hfuzz run h2-fuzz (short timeout because it seems to run into infinite loops pretty often - probably something to do with hitting EOF and I'm not sure if it's a problem with the I/O mock or h2.)

This doesn't have to be merged as-is, just wanted to share the code.

@hawkw hawkw requested a review from carllerche April 20, 2018 23:33
@hawkw
Copy link
Collaborator

hawkw commented Apr 20, 2018

This is very cool, thanks for sharing!

robertswiecki referenced this pull request in rust-fuzz/trophy-case Apr 21, 2018
@PaulGrandperrin
Add 3 regex trophies
09852ec
@frewsxcv frewsxcv mentioned this pull request Apr 21, 2018
Closed
PaulGrandperrin added a commit to PaulGrandperrin/trophy-case that referenced this pull request Apr 21, 2018
@PaulGrandperrin
Add 3 trophies in h2
40fce75 
Found by Geoffry Song @goffrie
hyperium/h2#263
@PaulGrandperrin PaulGrandperrin mentioned this pull request Apr 21, 2018
Merged
@goffrie goffrie mentioned this pull request May 4, 2018
Merged
@carllerche
Copy link
Collaborator

I tried running this and get:

LLVM ERROR: Global variable '__sancov_gen_' has an invalid section specifier '__sancov_guards': mach-o section specifier requires a segment and section separated by a comma.
error: Could not compile `string`.
warning: build failed, waiting for other jobs to finish...
LLVM ERROR: Global variable '__sancov_gen_' has an invalid section specifier '__sancov_guards': mach-o section specifier requires a segment and section separated by a comma.
error: Could not compile `libc`.
warning: build failed, waiting for other jobs to finish...
LLVM ERROR: Global variable '__sancov_gen_' has an invalid section specifier '__sancov_guards': mach-o section specifier requires a segment and section separated by a comma.
error: Could not compile `byteorder`.
warning: build failed, waiting for other jobs to finish...
LLVM ERROR: Global variable '__sancov_gen_' has an invalid section specifier '__sancov_guards': mach-o section specifier requires a segment and section separated by a comma.
error: Could not compile `log`.
warning: build failed, waiting for other jobs to finish...
LLVM ERROR: Global variable '__sancov_gen_' has an invalid section specifier '__sancov_guards': mach-o section specifier requires a segment and section separated by a comma.
error: Could not compile `indexmap`.
warning: build failed, waiting for other jobs to finish...
LLVM ERROR: Global variable '__sancov_gen_' has an invalid section specifier '__sancov_guards': mach-o section specifier requires a segment and section separated by a comma.
error: Could not compile `termcolor`.
warning: build failed, waiting for other jobs to finish...
LLVM ERROR: Global variable '__sancov_gen_' has an invalid section specifier '__sancov_guards': mach-o section specifier requires a segment and section separated by a comma.
error: Could not compile `futures`.

@carllerche
Copy link
Collaborator

I think that I might be on an old rustc.

@carllerche
Copy link
Collaborator

Ok, I managed to get an error. I'm going to see if I can figure out how to convert to a test.

@carllerche carllerche mentioned this pull request May 10, 2018
Merged
@carllerche
Copy link
Collaborator

Thanks! I pulled this in in #274. I cleaned up the organization a bit, but the fuzz test is the same.

@carllerche carllerche closed this May 10, 2018
@goffrie goffrie deleted the up-fuzz branch February 14, 2020 06:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@carllerche carllerche Awaiting requested review from carllerche

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@goffrie @hawkw @carllerche