-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
png-afl: document usage and minor tweaks #133
Conversation
@HeroicKatora thank you for your help! |
You probably also want the The default mode for AFL is "deterministic mode" which does a number of deterministic transformations of the input such as cycling every byte in the input through all values from 0 to 255, setting 4-byte chunks to interesting values, etc. When running on CI you'd probably want the "havoc" mode that just transforms the inputs randomly and doesn't run the exhaustive-ish deterministic search, which is what the The ideal setup is actually non-deterministic and deterministic modes running in parallel, run these commands in several terminal tabs / tmux shells / screen sessions: cargo afl fuzz -M master -m 200 -i fuzzing_seeds -o out target/debug/png-afl
cargo afl fuzz -S slave1 -m 200 -i fuzzing_seeds -o out target/debug/png-afl
cargo afl fuzz -S slave2 -m 200 -i fuzzing_seeds -o out target/debug/png-afl and so on for however many cores you have. |
Oh yeah, fuzzing in release mode also works fine and is obviously faster. You'll be missing out on the extra checks from debug mode though. Also you might want to enable Address Sanitizer to look for memory safety issues, see https://github.com/japaric/rust-san for more info. However, this is only relevant if your code or one of your dependencies uses unsafe code, and last time I checked image-png had no |
According to https://doc.rust-lang.org/std/macro.debug_assert.html it should be possible to enable |
There is also a toggle for checked arithmetic, not sure if |
Both of these checks are enabled as part of |
Oh, that's quite surprising behavior! That should definitely be documented. |
fixes #132