Skip to content

Commit

Permalink
Add an afl fuzz target
Browse files Browse the repository at this point in the history
  • Loading branch information
@dbrgn
dbrgn committed Jan 21, 2020
1 parent 4b494e4 commit 9788c51
Show file tree
Hide file tree
Showing 14 changed files with 71 additions and 1 deletion.
7 changes: 6 additions & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,4 +42,9 @@ lint:
@rustup component add clippy 2> /dev/null
cargo clippy --all-features --all --tests --examples -- -D clippy::all

.PHONY: build test bench docs upload-docs style-check lint
fuzz:
cd afl/parser/ && \
cargo afl build --bin fuzz-target && \
cargo afl fuzz -i in -o out target/debug/fuzz-target

.PHONY: build test bench docs upload-docs style-check lint fuzz
10 changes: 10 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,3 +67,13 @@ To run benchmarks:
To build the docs:

$ make docs

To run fuzz tests with afl, first install cargo-afl (`cargo install -f afl`),
then run:

$ make fuzz

If the fuzzer finds a crash, in order to reproduce it, run:

$ cd afl/<target>/
$ cargo run --bin reproduce -- out/crashes/<crashfile>
2 changes: 2 additions & 0 deletions afl/.gitignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
out/
core.*
17 changes: 17 additions & 0 deletions afl/parser/Cargo.toml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
[package]
name = "fuzz-target-parser"
version = "0.1.0"
authors = ["redis-rs developers"]
edition = "2018"

[[bin]]
name = "fuzz-target"
path = "src/main.rs"

[[bin]]
name = "reproduce"
path = "src/reproduce.rs"

[dependencies]
afl = "0.4"
redis = { path = "../../" }
5 changes: 5 additions & 0 deletions afl/parser/in/array
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
*3
:1
$-1
$2
hi
1 change: 1 addition & 0 deletions afl/parser/in/array-null
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
*-1
2 changes: 2 additions & 0 deletions afl/parser/in/bulkstring
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
$6
foobar
1 change: 1 addition & 0 deletions afl/parser/in/bulkstring-null
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
$-1
1 change: 1 addition & 0 deletions afl/parser/in/error
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
-ERR unknown command
1 change: 1 addition & 0 deletions afl/parser/in/integer
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
:1337
2 changes: 2 additions & 0 deletions afl/parser/in/invalid-string
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
$6
foo
1 change: 1 addition & 0 deletions afl/parser/in/string
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
+OK
9 changes: 9 additions & 0 deletions afl/parser/src/main.rs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
use afl::fuzz;

use redis::parse_redis_value;

fn main() {
fuzz!(|data: &[u8]| {
let _ = parse_redis_value(data);
});
}
13 changes: 13 additions & 0 deletions afl/parser/src/reproduce.rs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
use redis::parse_redis_value;

fn main() {
let args: Vec<String> = std::env::args().collect();
if args.len() != 2 {
println!("Usage: {} <path-to-crash>", args[0]);
std::process::exit(1);
}

let data = std::fs::read(&args[1]).expect(&format!("Could not open file {}", args[1]));
let v = parse_redis_value(&data);
println!("Result: {:?}", v);
}

0 comments on commit 9788c51

Please sign in to comment.