How to build with no `fuzzing` flag?

Question

How to build with no `fuzzing` flag?

lrubasze opened this issue 10 months ago · comments

Lukasz Rubaszewski commented 10 months ago

Hi,
recently I've updated the cargo-afl from 0.12.16 to 0.14.1 and noticed that cargo-afl no longer supports no_cfg_feature.

I saw that the feature has been moved to afl crate, which makes perfect sense (specify no_cfg_fuzzing when importing the crate in the project and not when installing the cargo-afl).
But I am really not sure whether this option is honoured, when building with cargo afl build ....
There is this piece of code in cargo-afl/src/bin/cargo-afl.rs, which I don't think works as expected.

    if cfg!(not(feature = "no_cfg_fuzzing")) {
        rustflags.push_str("--cfg fuzzing ");
    }

But maybe I am missing something. Please advise.

Samuel Moelius · Answer 1 · Fri Oct 06 2023 21:56:34 GMT+0800 (China Standard Time)

I agree with your analysis. I think I broke this when I split the two crates.

I think I didn't give this feature enough thought initially. When you used this previously, you would specify the feature when building cargo-afl?

I think a better approach may be to use an environment variable, e.g., AFL_NO_CFG_FUZZING.

Would using an environment variable be disruptive to your workflow?

I think this should be a not-too-difficult change, but I would not be able to work on it until early next week.

Lukasz Rubaszewski · Answer 2 · Fri Oct 06 2023 22:19:09 GMT+0800 (China Standard Time)

Thanks for prompt reply.

When you used this previously, you would specify the feature when building cargo-afl?

Yes, and I don't think it was a good approach.

I think a better approach may be to use an environment variable, e.g., AFL_NO_CFG_FUZZING.

Would using an environment variable be disruptive to your workflow?

Env is just fine and I think it perfectly suits current approach, eg. towards asan or tsan options.

I can try to create a PR.

van Hauser · Answer 3 · Fri Oct 06 2023 22:42:58 GMT+0800 (China Standard Time)

Note that afl-fuzz parses for unknown envs starting with AFL (and ALF) on startup and warn about them. I will need to add any that you create to a whitelist.

Samuel Moelius · Answer 4 · Fri Oct 06 2023 22:48:31 GMT+0800 (China Standard Time)

Note that afl-fuzz parses for unknown envs starting with AFL (and ALF) on startup and warn about them. I will need to add any that you create to a whitelist.

Thanks for this info!

Would your preference be that we not intrude on AFL_ environment variables?

If the approach is okay, we could remove the variable from the environment to avoid the warning and the need for whitlelisting.

van Hauser · Answer 5 · Fri Oct 06 2023 22:58:43 GMT+0800 (China Standard Time)

I don’t mind adding any to the whitelist.

Samuel Moelius · Answer 6 · Fri Oct 06 2023 23:08:03 GMT+0800 (China Standard Time)

I don’t mind adding any to the whitelist.

Cool. Thanks. But hopefully we can make that unnecessary.

Samuel Moelius · Answer 7 · Tue Oct 10 2023 19:02:50 GMT+0800 (China Standard Time)

@lrubasze Is it okay if we close this?

Lukasz Rubaszewski · Answer 8 · Tue Oct 10 2023 19:04:00 GMT+0800 (China Standard Time)

Of course. Thanks for your kind support!