How to handle complex input data in fuzz tests?

Question

How to handle complex input data in fuzz tests?

KubaTrojan opened this issue 3 years ago · 2 comments

Hello.

I am wondering how to transform (best way) a slice of bytes input from fuzzer to desirable more complex go structure which will be put into tested method.

Example:

func Fuzz(data []byte) int {
	type structA struct {
		a uint64
		b []string
		c int
		d map[string]int
	}

	fulfilledStruct := prepareStructure(data)

	funcToBeTested(fulfilledStruct)

	return 0
}

How prepareStructure() method should look like? Should I split the given data into few parts and then convert it somehow according to types of struct fields?

Are there some plans to provide structure-aware fuzzing in go-fuzz in the nearest future?

Answer 1 · 2021-06-14T06:21:26.000Z

Hi @KubaTrojan,

I don't think there is "the best" way w/o proper support from the fuzzer. So whatever best-effort way you will figure out. And I guess for such complex types as map[string]int it's not trivial and won't be too good.

There are no plans to improve anything in go-fuzz. At this point it's superseded by the native fuzzing support:
https://blog.golang.org/fuzz-beta
I see it already supports structure-aware fuzzing in a limited form:
https://github.com/golang/go/blob/dev.fuzz/src/testing/fuzz.go#L237-L256

Answer 2 · 2021-12-16T12:24:33.000Z

go-fuzz-headers solves the issue of transforming the byte slice to structs.