Macro libfuzzer_sys::fuzz_target
source · [−]macro_rules! fuzz_target {
(|$bytes:ident| $body:block) => { ... };
(|$data:ident: &[u8]| $body:block) => { ... };
(|$data:ident: $dty: ty| $body:block) => { ... };
}Expand description
Define a fuzz target.
Example
This example takes a &[u8] slice and attempts to parse it. The parsing
might fail and return an Err, but it shouldn’t ever panic or segfault.
#![no_main]
use libfuzzer_sys::fuzz_target;
// Note: `|input|` is short for `|input: &[u8]|`.
fuzz_target!(|input| {
let _result: Result<_, _> = my_crate::parse(input);
});Arbitrary Input Types
The input is a &[u8] slice by default, but you can take arbitrary input
types, as long as the type implements the arbitrary crate’s Arbitrary
trait (which is
also re-exported as libfuzzer_sys::arbitrary::Arbitrary for convenience).
For example, if you wanted to take an arbitrary RGB color, you could do the following:
#![no_main]
use libfuzzer_sys::{arbitrary::{Arbitrary, Error, Unstructured}, fuzz_target};
#[derive(Debug)]
pub struct Rgb {
r: u8,
g: u8,
b: u8,
}
impl<'a> Arbitrary<'a> for Rgb {
fn arbitrary(raw: &mut Unstructured<'a>) -> Result<Self, Error> {
let mut buf = [0; 3];
raw.fill_buffer(&mut buf)?;
let r = buf[0];
let g = buf[1];
let b = buf[2];
Ok(Rgb { r, g, b })
}
}
// Write a fuzz target that works with RGB colors instead of raw bytes.
fuzz_target!(|color: Rgb| {
my_crate::convert_color(color);
});You can also enable the arbitrary crate’s custom derive via this crate’s
"arbitrary-derive" cargo feature.