rust-fuzz/targets

add fuzz target for rustfmt

frewsxcv opened this issue · 7 comments

I have a trivial script working, but it crashes after <1s with

thread '<unnamed>' panicked at 'Box<Any>', /root/.cargo/registry/src/github.com-1ecc6299db9ec823/syntex_syntax-0.58.1/src/parse/lexer/mod.rs:182

which is not a rustfmt thing but a panic from libsyntax (or, syntex_syntax in this case)… that line is literally panic!(FatalError);! With a seed folder (cf. #41) made from

$ mkdir -pv rustfmt/seeds
$ cp **/*.rs rustfmt/seeds/

running

$ ASAN_OPTIONS=detect_odr_violation=0 ./run-fuzzer.sh rustfmt fmt `pwd`/rustfmt/corpus `pwd`/rustfmt/seed

I get to 38 execs (the seed files) covering 12550 code paths, but the first new one leads to a libsytax crash.

I assume rustfmt should catch libsyntax panics? There is also a bunch of diagnostics output from libsyntax I can't get rid of.

I can open a PR later if you'd rather want to discuss this there.

Cool! I've been meaning to do this. Feel free to open a PR. I'll merge it in, even if it immediately fails upon running. Do you have a backtrace of the panic?

@frewsxcv opened #42. I don't have the logs anymore, but it's easy to reproduce.

Maybe we should add a fuzz target for https://github.com/serde-rs/syntex and report this panic upstream?

Regardless, this was completed in #42. Thanks again!