How to build with no `fuzzing` flag?
lrubasze opened this issue · comments
Hi,
recently I've updated the cargo-afl
from 0.12.16
to 0.14.1
and noticed that cargo-afl
no longer supports no_cfg_feature
.
I saw that the feature has been moved to afl
crate, which makes perfect sense (specify no_cfg_fuzzing
when importing the crate in the project and not when installing the cargo-afl
).
But I am really not sure whether this option is honoured, when building with cargo afl build ...
.
There is this piece of code in cargo-afl/src/bin/cargo-afl.rs
, which I don't think works as expected.
if cfg!(not(feature = "no_cfg_fuzzing")) {
rustflags.push_str("--cfg fuzzing ");
}
But maybe I am missing something. Please advise.
I agree with your analysis. I think I broke this when I split the two crates.
I think I didn't give this feature enough thought initially. When you used this previously, you would specify the feature when building cargo-afl
?
I think a better approach may be to use an environment variable, e.g., AFL_NO_CFG_FUZZING
.
Would using an environment variable be disruptive to your workflow?
I think this should be a not-too-difficult change, but I would not be able to work on it until early next week.
Thanks for prompt reply.
When you used this previously, you would specify the feature when building cargo-afl?
Yes, and I don't think it was a good approach.
I think a better approach may be to use an environment variable, e.g., AFL_NO_CFG_FUZZING.
Would using an environment variable be disruptive to your workflow?
Env is just fine and I think it perfectly suits current approach, eg. towards asan
or tsan
options.
I can try to create a PR.
Note that afl-fuzz parses for unknown envs starting with AFL (and ALF) on startup and warn about them. I will need to add any that you create to a whitelist.
Note that afl-fuzz parses for unknown envs starting with AFL (and ALF) on startup and warn about them. I will need to add any that you create to a whitelist.
Thanks for this info!
Would your preference be that we not intrude on AFL_
environment variables?
If the approach is okay, we could remove the variable from the environment to avoid the warning and the need for whitlelisting.
I don’t mind adding any to the whitelist.
I don’t mind adding any to the whitelist.
Cool. Thanks. But hopefully we can make that unnecessary.
@lrubasze Is it okay if we close this?
Of course. Thanks for your kind support!