rust-fuzz / afl.rs

🐇 Fuzzing Rust code with American Fuzzy Lop

Home Page:https://rust-fuzz.github.io/book/afl.html

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

How to build with no `fuzzing` flag?

lrubasze opened this issue · comments

Hi,
recently I've updated the cargo-afl from 0.12.16 to 0.14.1 and noticed that cargo-afl no longer supports no_cfg_feature.

I saw that the feature has been moved to afl crate, which makes perfect sense (specify no_cfg_fuzzing when importing the crate in the project and not when installing the cargo-afl).
But I am really not sure whether this option is honoured, when building with cargo afl build ....
There is this piece of code in cargo-afl/src/bin/cargo-afl.rs, which I don't think works as expected.

    if cfg!(not(feature = "no_cfg_fuzzing")) {
        rustflags.push_str("--cfg fuzzing ");
    }

But maybe I am missing something. Please advise.

I agree with your analysis. I think I broke this when I split the two crates.

I think I didn't give this feature enough thought initially. When you used this previously, you would specify the feature when building cargo-afl?

I think a better approach may be to use an environment variable, e.g., AFL_NO_CFG_FUZZING.

Would using an environment variable be disruptive to your workflow?

I think this should be a not-too-difficult change, but I would not be able to work on it until early next week.

Thanks for prompt reply.

When you used this previously, you would specify the feature when building cargo-afl?

Yes, and I don't think it was a good approach.

I think a better approach may be to use an environment variable, e.g., AFL_NO_CFG_FUZZING.

Would using an environment variable be disruptive to your workflow?

Env is just fine and I think it perfectly suits current approach, eg. towards asan or tsan options.

I can try to create a PR.

Note that afl-fuzz parses for unknown envs starting with AFL (and ALF) on startup and warn about them. I will need to add any that you create to a whitelist.

Note that afl-fuzz parses for unknown envs starting with AFL (and ALF) on startup and warn about them. I will need to add any that you create to a whitelist.

Thanks for this info!

Would your preference be that we not intrude on AFL_ environment variables?

If the approach is okay, we could remove the variable from the environment to avoid the warning and the need for whitlelisting.

I don’t mind adding any to the whitelist.

I don’t mind adding any to the whitelist.

Cool. Thanks. But hopefully we can make that unnecessary.

@lrubasze Is it okay if we close this?

Of course. Thanks for your kind support!