Provide way to run Debug on fuzzer output

Question

Provide way to run Debug on fuzzer output

Manishearth opened this issue 5 years ago · 6 comments

Currently we just output the string as a list of bytes and as a string, but given that we use Arbitrary types it would be nice if we could Debug the output whenever possible.

~~This would need https://github.com/rust-fuzz/libfuzzer-sys/issues/46 and another patch to libfuzzer to support custom formatters.~~

Answer 1 · 2019-11-26T00:56:19.000Z

Also, given that our use of Arbitrary is nicely hidden, without this feature users of Arbitrary basically have to figure this out themselves.

Answer 2 · 2019-11-26T00:56:59.000Z

That said, it would be nice if cargo fuzz had a mode for debugging where it could be called with a file and a fuzz target and it feeds the file to the fuzz target via Arbitrary.

Answer 3 · 2019-11-26T19:32:57.000Z

https://github.com/rust-fuzz/honggfuzz-rs provides a mode where it runs the binary with a specific input in debug mode. You can invoke that with one command after discovering the issue in release mode.

Answer 4 · 2019-12-30T05:20:54.000Z

@fitzgen ultimately what do you think we should do here? Once https://github.com/rust-fuzz/libfuzzer-sys/pull/51 lands , the approach in #48 won't work anymore, but we can add that hook a bit differently to make it work again. Alternatively, we can parse the output in cargo-fuzz to get the artifact path and re-invoke it in a "format" mode.

Answer 5 · 2019-12-30T18:13:54.000Z

Alternatively, we can parse the output in cargo-fuzz to get the artifact path and re-invoke it in a "format" mode.

I think this approach makes sense.

Answer 6 · 2020-01-10T21:28:05.000Z

Fixed in #53