add fuzz target for rustfmt
frewsxcv opened this issue · 7 comments
relevant discussion rust-lang/rustfmt#1344 (comment)
I have a trivial script working, but it crashes after <1s with
thread '<unnamed>' panicked at 'Box<Any>', /root/.cargo/registry/src/github.com-1ecc6299db9ec823/syntex_syntax-0.58.1/src/parse/lexer/mod.rs:182
which is not a rustfmt thing but a panic from libsyntax (or, syntex_syntax in this case)… that line is literally panic!(FatalError);
! With a seed folder (cf. #41) made from
$ mkdir -pv rustfmt/seeds
$ cp **/*.rs rustfmt/seeds/
running
$ ASAN_OPTIONS=detect_odr_violation=0 ./run-fuzzer.sh rustfmt fmt `pwd`/rustfmt/corpus `pwd`/rustfmt/seed
I get to 38 execs (the seed files) covering 12550 code paths, but the first new one leads to a libsytax crash.
I assume rustfmt should catch libsyntax panics? There is also a bunch of diagnostics output from libsyntax I can't get rid of.
I can open a PR later if you'd rather want to discuss this there.
Cool! I've been meaning to do this. Feel free to open a PR. I'll merge it in, even if it immediately fails upon running. Do you have a backtrace of the panic?
Maybe we should add a fuzz target for https://github.com/serde-rs/syntex and report this panic upstream?