From d56192101b1f56da88a76220f0cefc27c2a17e13 Mon Sep 17 00:00:00 2001 From: zi0Black <13380579+zi0Black@users.noreply.github.com> Date: Sun, 22 Dec 2024 00:49:56 +0100 Subject: [PATCH 01/12] Enhance fuzzing capabilities with LLVMFuzzerInitialize support - Added `example_init` to demonstrate the use of initialization code with the `fuzz_target!` macro. - Updated `fuzz_target!` macro to support an `init` parameter for executing initialization code before fuzzing. - Updated CI script to build and run the new example. --- CHANGELOG.md | 14 ++++ Cargo.toml | 1 + ci/script.sh | 6 ++ example_init/.gitignore | 1 + example_init/Cargo.toml | 6 ++ example_init/fuzz/Cargo.toml | 16 +++++ example_init/fuzz/fuzz_targets/bigbang.rs | 16 +++++ example_init/src/lib.rs | 5 ++ src/lib.rs | 86 +++++++++++++++++------ 9 files changed, 128 insertions(+), 23 deletions(-) create mode 100644 example_init/.gitignore create mode 100644 example_init/Cargo.toml create mode 100644 example_init/fuzz/Cargo.toml create mode 100755 example_init/fuzz/fuzz_targets/bigbang.rs create mode 100644 example_init/src/lib.rs diff --git a/CHANGELOG.md b/CHANGELOG.md index ab111ff..e089dab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,6 +28,20 @@ Released YYYY-MM-DD. -------------------------------------------------------------------------------- +## 0.4.9 + +Released YYYY-MM-DD. + +### Added + +* The `example_init` demonstrates how to pass an initialization code block to the `fuzz_target!` macro. + +### Changed + +* The `fuzz_target!` macro now supports the generation of `LLVMFuzzerInitialize` to execute initialization code once before running the fuzzer. This change is not breaking and is completely backward compatible. + +-------------------------------------------------------------------------------- + ## 0.4.8 Released 2024-11-07. diff --git a/Cargo.toml b/Cargo.toml index beaf4c5..27cae5b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -24,6 +24,7 @@ members = [ "./example/fuzz", "./example_arbitrary/fuzz", "./example_crossover/fuzz", + "./example_init/fuzz", "./example_mutator/fuzz", ] diff --git a/ci/script.sh b/ci/script.sh index 3eb2d17..782fd04 100755 --- a/ci/script.sh +++ b/ci/script.sh @@ -36,4 +36,10 @@ cargo fuzz build --dev (! cargo fuzz run --release boom -- -runs=10000000) popd +pushd ./example_init +cargo fuzz build +cargo fuzz build --dev +(! cargo fuzz run --release bigbang -- -runs=10000000) +popd + echo "All good!" diff --git a/example_init/.gitignore b/example_init/.gitignore new file mode 100644 index 0000000..d8d1df6 --- /dev/null +++ b/example_init/.gitignore @@ -0,0 +1 @@ +crash-* diff --git a/example_init/Cargo.toml b/example_init/Cargo.toml new file mode 100644 index 0000000..74bd477 --- /dev/null +++ b/example_init/Cargo.toml @@ -0,0 +1,6 @@ +[package] +name = "example_init" +version = "0.1.0" +edition = "2021" + +[dependencies] diff --git a/example_init/fuzz/Cargo.toml b/example_init/fuzz/Cargo.toml new file mode 100644 index 0000000..2ea16b0 --- /dev/null +++ b/example_init/fuzz/Cargo.toml @@ -0,0 +1,16 @@ +[package] +name = "example_init-fuzz" +version = "0.1.0" +authors = ["Andrea Cappa"] +edition = "2018" + +[package.metadata] +cargo-fuzz = true + +[dependencies] +libfuzzer-sys = { path = "../.." } +example_init = { path = ".." } + +[[bin]] +name = "bigbang" +path = "fuzz_targets/bigbang.rs" diff --git a/example_init/fuzz/fuzz_targets/bigbang.rs b/example_init/fuzz/fuzz_targets/bigbang.rs new file mode 100755 index 0000000..a05d25c --- /dev/null +++ b/example_init/fuzz/fuzz_targets/bigbang.rs @@ -0,0 +1,16 @@ +#![no_main] + +use libfuzzer_sys::fuzz_target; + +fuzz_target!( + init: { + // Custom initialization code here + println!("Initializing fuzzer..."); + std::env::set_var("MY_FUZZER_INIT", "1337"); + }, + |data: &[u8]| { + if std::env::var("MY_FUZZER_INIT").unwrap() == "1337" && data == "bigbang!".as_bytes() { + panic!("success!"); + } + example_init::bigbang(data); +}); diff --git a/example_init/src/lib.rs b/example_init/src/lib.rs new file mode 100644 index 0000000..f91c934 --- /dev/null +++ b/example_init/src/lib.rs @@ -0,0 +1,5 @@ +pub fn bigbang(data: &[u8]) { + if data == &b"bigbang!"[..] { + panic!("bigbang!"); + } +} diff --git a/src/lib.rs b/src/lib.rs index 8df0e5c..e8142e5 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -78,24 +78,11 @@ pub fn rust_libfuzzer_debug_path() -> &'static Option { RUST_LIBFUZZER_DEBUG_PATH.get_or_init(|| std::env::var("RUST_LIBFUZZER_DEBUG_PATH").ok()) } -#[doc(hidden)] +/* #[doc(hidden)] #[export_name = "LLVMFuzzerInitialize"] pub fn initialize(_argc: *const isize, _argv: *const *const *const u8) -> isize { - // Registers a panic hook that aborts the process before unwinding. - // It is useful to abort before unwinding so that the fuzzer will then be - // able to analyse the process stack frames to tell different bugs appart. - // - // HACK / FIXME: it would be better to use `-C panic=abort` but it's currently - // impossible to build code using compiler plugins with this flag. - // We will be able to remove this code when - // https://github.com/rust-lang/cargo/issues/5423 is fixed. - let default_hook = ::std::panic::take_hook(); - ::std::panic::set_hook(Box::new(move |panic_info| { - default_hook(panic_info); - ::std::process::abort(); - })); 0 -} +} */ /// Define a fuzz target. /// @@ -198,9 +185,31 @@ pub fn initialize(_argc: *const isize, _argv: *const *const *const u8) -> isize /// `"arbitrary-derive"` cargo feature. #[macro_export] macro_rules! fuzz_target { - (|$bytes:ident| $body:expr) => { + (init: $init:expr, |$bytes:ident| $body:expr) => { const _: () = { - /// Auto-generated function + /// Auto-generated functions + /// LLVMFuzzerInitialize is called once before the fuzzer starts. + #[no_mangle] + pub extern "C" fn LLVMFuzzerInitialize(_argc: *const isize, _argv: *const *const *const u8) -> isize { + // Registers a panic hook that aborts the process before unwinding. + // It is useful to abort before unwinding so that the fuzzer will then be + // able to analyse the process stack frames to tell different bugs appart. + // + // HACK / FIXME: it would be better to use `-C panic=abort` but it's currently + // impossible to build code using compiler plugins with this flag. + // We will be able to remove this code when + // https://github.com/rust-lang/cargo/issues/5423 is fixed. + let default_hook = std::panic::take_hook(); + std::panic::set_hook(Box::new(move |panic_info| { + default_hook(panic_info); + std::process::abort(); + })); + + // Supplied init code + $init; + 0 + } + #[no_mangle] pub extern "C" fn rust_fuzzer_test_input(bytes: &[u8]) -> i32 { // When `RUST_LIBFUZZER_DEBUG_PATH` is set, write the debug @@ -241,16 +250,50 @@ macro_rules! fuzz_target { }; (|$data:ident: &[u8]| $body:expr) => { - $crate::fuzz_target!(|$data| $body); + $crate::fuzz_target!(init: (), |$data| $body); }; (|$data:ident: $dty:ty| $body:expr) => { - $crate::fuzz_target!(|$data: $dty| -> () { $body }); + $crate::fuzz_target!(init: (), |$data: $dty| -> () { $body }); }; (|$data:ident: $dty:ty| -> $rty:ty $body:block) => { + $crate::fuzz_target!(init: (), |$data: $dty| -> $rty { $body }); + }; + + (init: $init:expr, |$data:ident: &[u8]| $body:expr) => { + $crate::fuzz_target!(init: $init, |$data| $body); + }; + + (init: $init:expr, |$data:ident: $dty:ty| $body:expr) => { + $crate::fuzz_target!(init: $init, |$data: $dty| -> () { $body }); + }; + + (init: $init:expr, |$data:ident: $dty:ty| -> $rty:ty $body:block) => { const _: () = { - /// Auto-generated function + /// Auto-generated functions + /// LLVMFuzzerInitialize is called once before the fuzzer starts. + #[no_mangle] + pub extern "C" fn LLVMFuzzerInitialize(_argc: *const isize, _argv: *const *const *const u8) -> isize { + // Registers a panic hook that aborts the process before unwinding. + // It is useful to abort before unwinding so that the fuzzer will then be + // able to analyse the process stack frames to tell different bugs appart. + // + // HACK / FIXME: it would be better to use `-C panic=abort` but it's currently + // impossible to build code using compiler plugins with this flag. + // We will be able to remove this code when + // https://github.com/rust-lang/cargo/issues/5423 is fixed. + let default_hook = std::panic::take_hook(); + std::panic::set_hook(Box::new(move |panic_info| { + default_hook(panic_info); + std::process::abort(); + })); + + // Supplied init code + $init; + 0 + } + #[no_mangle] pub extern "C" fn rust_fuzzer_test_input(bytes: &[u8]) -> i32 { use $crate::arbitrary::{Arbitrary, Unstructured}; @@ -271,8 +314,6 @@ macro_rules! fuzz_target { // When `RUST_LIBFUZZER_DEBUG_PATH` is set, write the debug // formatting of the input to that file. This is only intended for // `cargo fuzz`'s use! - - // `RUST_LIBFUZZER_DEBUG_PATH` is set in initialization. if let Some(path) = $crate::rust_libfuzzer_debug_path() { use std::io::Write; let mut file = std::fs::File::create(path) @@ -294,7 +335,6 @@ macro_rules! fuzz_target { result.to_libfuzzer_code() } - // See above for why this is split to a separate function. #[inline(never)] fn __libfuzzer_sys_run($data: $dty) -> $rty { $body From e79341396604dbf913a0a25402c0123e2ab7ddb7 Mon Sep 17 00:00:00 2001 From: zi0Black <13380579+zi0Black@users.noreply.github.com> Date: Sat, 28 Dec 2024 10:48:02 +0100 Subject: [PATCH 02/12] Better example using static --- example_init/fuzz/fuzz_targets/bigbang.rs | 5 +---- example_init/src/lib.rs | 17 ++++++++++++++++- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/example_init/fuzz/fuzz_targets/bigbang.rs b/example_init/fuzz/fuzz_targets/bigbang.rs index a05d25c..68d9588 100755 --- a/example_init/fuzz/fuzz_targets/bigbang.rs +++ b/example_init/fuzz/fuzz_targets/bigbang.rs @@ -6,11 +6,8 @@ fuzz_target!( init: { // Custom initialization code here println!("Initializing fuzzer..."); - std::env::set_var("MY_FUZZER_INIT", "1337"); + example_init::initialize(); }, |data: &[u8]| { - if std::env::var("MY_FUZZER_INIT").unwrap() == "1337" && data == "bigbang!".as_bytes() { - panic!("success!"); - } example_init::bigbang(data); }); diff --git a/example_init/src/lib.rs b/example_init/src/lib.rs index f91c934..bf1ef52 100644 --- a/example_init/src/lib.rs +++ b/example_init/src/lib.rs @@ -1,5 +1,20 @@ +use std::sync::OnceLock; + +static EXTRA_DATA: OnceLock<&'static str> = OnceLock::new(); + pub fn bigbang(data: &[u8]) { - if data == &b"bigbang!"[..] { + // The fuzzer needs to mutate input to be "bigbang!" + // Init needs to be called before bigbang() is called + // This actually proves that the fuzzer is calling init before bigbang + if data == &b"bigbang!"[..] && is_initialized() { panic!("bigbang!"); } } + +pub fn initialize() { + EXTRA_DATA.set("initialized").expect("should only initialize once"); +} + +pub fn is_initialized() -> bool { + EXTRA_DATA.get().is_some() +} From ba4ad433b31a1525b71279bd5ffed713400f97ea Mon Sep 17 00:00:00 2001 From: zi0Black <13380579+zi0Black@users.noreply.github.com> Date: Sat, 28 Dec 2024 10:55:32 +0100 Subject: [PATCH 03/12] Refactoring --- src/lib.rs | 47 ++++++++++++++++++----------------------------- 1 file changed, 18 insertions(+), 29 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index e8142e5..fbd558f 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -78,11 +78,24 @@ pub fn rust_libfuzzer_debug_path() -> &'static Option { RUST_LIBFUZZER_DEBUG_PATH.get_or_init(|| std::env::var("RUST_LIBFUZZER_DEBUG_PATH").ok()) } -/* #[doc(hidden)] -#[export_name = "LLVMFuzzerInitialize"] +#[doc(hidden)] +//#[export_name = "LLVMFuzzerInitialize"] pub fn initialize(_argc: *const isize, _argv: *const *const *const u8) -> isize { + // Registers a panic hook that aborts the process before unwinding. + // It is useful to abort before unwinding so that the fuzzer will then be + // able to analyse the process stack frames to tell different bugs appart. + // + // HACK / FIXME: it would be better to use `-C panic=abort` but it's currently + // impossible to build code using compiler plugins with this flag. + // We will be able to remove this code when + // https://github.com/rust-lang/cargo/issues/5423 is fixed. + let default_hook = std::panic::take_hook(); + std::panic::set_hook(Box::new(move |panic_info| { + default_hook(panic_info); + std::process::abort(); + })); 0 -} */ +} /// Define a fuzz target. /// @@ -191,19 +204,7 @@ macro_rules! fuzz_target { /// LLVMFuzzerInitialize is called once before the fuzzer starts. #[no_mangle] pub extern "C" fn LLVMFuzzerInitialize(_argc: *const isize, _argv: *const *const *const u8) -> isize { - // Registers a panic hook that aborts the process before unwinding. - // It is useful to abort before unwinding so that the fuzzer will then be - // able to analyse the process stack frames to tell different bugs appart. - // - // HACK / FIXME: it would be better to use `-C panic=abort` but it's currently - // impossible to build code using compiler plugins with this flag. - // We will be able to remove this code when - // https://github.com/rust-lang/cargo/issues/5423 is fixed. - let default_hook = std::panic::take_hook(); - std::panic::set_hook(Box::new(move |panic_info| { - default_hook(panic_info); - std::process::abort(); - })); + $crate::initialize(_argc, _argv); // Supplied init code $init; @@ -275,19 +276,7 @@ macro_rules! fuzz_target { /// LLVMFuzzerInitialize is called once before the fuzzer starts. #[no_mangle] pub extern "C" fn LLVMFuzzerInitialize(_argc: *const isize, _argv: *const *const *const u8) -> isize { - // Registers a panic hook that aborts the process before unwinding. - // It is useful to abort before unwinding so that the fuzzer will then be - // able to analyse the process stack frames to tell different bugs appart. - // - // HACK / FIXME: it would be better to use `-C panic=abort` but it's currently - // impossible to build code using compiler plugins with this flag. - // We will be able to remove this code when - // https://github.com/rust-lang/cargo/issues/5423 is fixed. - let default_hook = std::panic::take_hook(); - std::panic::set_hook(Box::new(move |panic_info| { - default_hook(panic_info); - std::process::abort(); - })); + $crate::initialize(_argc, _argv); // Supplied init code $init; From 005c428a1197bcca57211a58555941bb5b8a8593 Mon Sep 17 00:00:00 2001 From: zi0Black <13380579+zi0Black@users.noreply.github.com> Date: Sat, 28 Dec 2024 11:03:01 +0100 Subject: [PATCH 04/12] Restore missing comments --- src/lib.rs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/lib.rs b/src/lib.rs index fbd558f..a6a35f2 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -303,6 +303,8 @@ macro_rules! fuzz_target { // When `RUST_LIBFUZZER_DEBUG_PATH` is set, write the debug // formatting of the input to that file. This is only intended for // `cargo fuzz`'s use! + + // `RUST_LIBFUZZER_DEBUG_PATH` is set in initialization. if let Some(path) = $crate::rust_libfuzzer_debug_path() { use std::io::Write; let mut file = std::fs::File::create(path) @@ -323,7 +325,7 @@ macro_rules! fuzz_target { let result = ::libfuzzer_sys::Corpus::from(__libfuzzer_sys_run(data)); result.to_libfuzzer_code() } - + // See above for why this is split to a separate function. #[inline(never)] fn __libfuzzer_sys_run($data: $dty) -> $rty { $body From c2837576a8b6ecba3684190b0697a7f0e496a352 Mon Sep 17 00:00:00 2001 From: "Andrea Cappa (zi0Black)" <13380579+zi0Black@users.noreply.github.com> Date: Wed, 22 Jan 2025 20:46:53 +0100 Subject: [PATCH 05/12] Update src/lib.rs Co-authored-by: Nick Fitzgerald --- src/lib.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/src/lib.rs b/src/lib.rs index a6a35f2..5250371 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -79,7 +79,6 @@ pub fn rust_libfuzzer_debug_path() -> &'static Option { } #[doc(hidden)] -//#[export_name = "LLVMFuzzerInitialize"] pub fn initialize(_argc: *const isize, _argv: *const *const *const u8) -> isize { // Registers a panic hook that aborts the process before unwinding. // It is useful to abort before unwinding so that the fuzzer will then be From 006af9374b8df040efb9059e04186d7f4712bca6 Mon Sep 17 00:00:00 2001 From: zi0Black <13380579+zi0Black@users.noreply.github.com> Date: Wed, 22 Jan 2025 21:39:56 +0100 Subject: [PATCH 06/12] fmt --- example_init/src/lib.rs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/example_init/src/lib.rs b/example_init/src/lib.rs index bf1ef52..a5f1129 100644 --- a/example_init/src/lib.rs +++ b/example_init/src/lib.rs @@ -12,7 +12,9 @@ pub fn bigbang(data: &[u8]) { } pub fn initialize() { - EXTRA_DATA.set("initialized").expect("should only initialize once"); + EXTRA_DATA + .set("initialized") + .expect("should only initialize once"); } pub fn is_initialized() -> bool { From 8188902671f89c78b4224de925520899bd1d28f5 Mon Sep 17 00:00:00 2001 From: zi0Black <13380579+zi0Black@users.noreply.github.com> Date: Wed, 22 Jan 2025 23:52:04 +0100 Subject: [PATCH 07/12] fixed type in doc --- src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib.rs b/src/lib.rs index 5250371..51adf80 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -109,7 +109,7 @@ pub fn initialize(_argc: *const isize, _argv: *const *const *const u8) -> isize /// use libfuzzer_sys::fuzz_target; /// /// // Note: `|input|` is short for `|input: &[u8]|`. -/// fuzz_target!(|input| { +/// fuzz_target!(|input: &[u8]| { /// let _result: Result<_, _> = my_crate::parse(input); /// }); /// # mod my_crate { pub fn parse(_: &[u8]) -> Result<(), ()> { unimplemented!() } } From 162e810ec2122814508df4e8dc7e8e3bb0f9dbf6 Mon Sep 17 00:00:00 2001 From: zi0Black <13380579+zi0Black@users.noreply.github.com> Date: Thu, 23 Jan 2025 08:50:05 +0100 Subject: [PATCH 08/12] Revert "fixed type in doc" This reverts commit 8188902671f89c78b4224de925520899bd1d28f5. --- src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib.rs b/src/lib.rs index 51adf80..5250371 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -109,7 +109,7 @@ pub fn initialize(_argc: *const isize, _argv: *const *const *const u8) -> isize /// use libfuzzer_sys::fuzz_target; /// /// // Note: `|input|` is short for `|input: &[u8]|`. -/// fuzz_target!(|input: &[u8]| { +/// fuzz_target!(|input| { /// let _result: Result<_, _> = my_crate::parse(input); /// }); /// # mod my_crate { pub fn parse(_: &[u8]) -> Result<(), ()> { unimplemented!() } } From 36f2c111b3c65ea877895ede00e3f6b5a9366f79 Mon Sep 17 00:00:00 2001 From: zi0Black <13380579+zi0Black@users.noreply.github.com> Date: Thu, 23 Jan 2025 09:06:49 +0100 Subject: [PATCH 09/12] Fixed compatibility with short |input| --- src/lib.rs | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/src/lib.rs b/src/lib.rs index 5250371..b092e51 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -195,6 +195,22 @@ pub fn initialize(_argc: *const isize, _argv: *const *const *const u8) -> isize /// /// You can also enable the `arbitrary` crate's custom derive via this crate's /// `"arbitrary-derive"` cargo feature. +/// +/// ## Init Code +/// +/// Init code to the fuzz target by using the `init` keyword. This is called once before the fuzzer starts. +/// Supports short |input| or |input: | syntax. +/// +/// ```no_run +/// #![no_main] +/// +/// use libfuzzer_sys::fuzz_target; +/// +/// fuzz_target!(init: (), |input| { +/// // ... +/// }); +/// ``` +/// #[macro_export] macro_rules! fuzz_target { (init: $init:expr, |$bytes:ident| $body:expr) => { @@ -249,6 +265,10 @@ macro_rules! fuzz_target { }; }; + (|$bytes:ident| $body:expr) => { + $crate::fuzz_target!(|$bytes: &[u8]| $body); + }; + (|$data:ident: &[u8]| $body:expr) => { $crate::fuzz_target!(init: (), |$data| $body); }; @@ -265,6 +285,10 @@ macro_rules! fuzz_target { $crate::fuzz_target!(init: $init, |$data| $body); }; + (init: $init:expr, |$bytes:ident| $body:expr) => { + $crate::fuzz_target!(init: $init, |$bytes: &[u8]| $body); + }; + (init: $init:expr, |$data:ident: $dty:ty| $body:expr) => { $crate::fuzz_target!(init: $init, |$data: $dty| -> () { $body }); }; From 57296bfe5cae4e78742e8eda0301b71cd68cd0fb Mon Sep 17 00:00:00 2001 From: "Andrea Cappa (zi0Black)" <13380579+zi0Black@users.noreply.github.com> Date: Thu, 23 Jan 2025 18:50:49 +0100 Subject: [PATCH 10/12] Update init doc Co-authored-by: Nick Fitzgerald --- src/lib.rs | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index b092e51..6fea2a4 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -205,10 +205,21 @@ pub fn initialize(_argc: *const isize, _argv: *const *const *const u8) -> isize /// #![no_main] /// /// use libfuzzer_sys::fuzz_target; -/// -/// fuzz_target!(init: (), |input| { -/// // ... -/// }); +/// use std::collections::HashSet; +/// use std::sync::OnceLock; +/// +/// static DICTIONARY: OnceLock> = OnceLock::new(); +/// +/// fuzz_target!( +/// init: { +/// # leat read_dictionary = |_| unimplemented!(); +/// let dictionary = read_dictionary("/usr/share/dict/words"); +/// DICTIONARY.set(dictionary).unwrap(); +/// }, +/// |input| { +/// // Use the initialized `DICTIONARY` here... +/// } +/// ); /// ``` /// #[macro_export] From 916627d7812a350e5df0254c8d952866c2af9b6f Mon Sep 17 00:00:00 2001 From: zi0Black <13380579+zi0Black@users.noreply.github.com> Date: Thu, 23 Jan 2025 19:10:31 +0100 Subject: [PATCH 11/12] fix doc --- src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib.rs b/src/lib.rs index 6fea2a4..ee30972 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -212,7 +212,7 @@ pub fn initialize(_argc: *const isize, _argv: *const *const *const u8) -> isize /// /// fuzz_target!( /// init: { -/// # leat read_dictionary = |_| unimplemented!(); +/// let read_dictionary = |_| unimplemented!(); /// let dictionary = read_dictionary("/usr/share/dict/words"); /// DICTIONARY.set(dictionary).unwrap(); /// }, From 55cb6cd124a626229a040f2b48cfde146a16f166 Mon Sep 17 00:00:00 2001 From: zi0Black <13380579+zi0Black@users.noreply.github.com> Date: Thu, 23 Jan 2025 19:59:14 +0100 Subject: [PATCH 12/12] fmt --- src/lib.rs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index ee30972..424a763 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -195,15 +195,15 @@ pub fn initialize(_argc: *const isize, _argv: *const *const *const u8) -> isize /// /// You can also enable the `arbitrary` crate's custom derive via this crate's /// `"arbitrary-derive"` cargo feature. -/// +/// /// ## Init Code -/// +/// /// Init code to the fuzz target by using the `init` keyword. This is called once before the fuzzer starts. /// Supports short |input| or |input: | syntax. -/// +/// /// ```no_run /// #![no_main] -/// +/// /// use libfuzzer_sys::fuzz_target; /// use std::collections::HashSet; /// use std::sync::OnceLock; @@ -221,7 +221,7 @@ pub fn initialize(_argc: *const isize, _argv: *const *const *const u8) -> isize /// } /// ); /// ``` -/// +/// #[macro_export] macro_rules! fuzz_target { (init: $init:expr, |$bytes:ident| $body:expr) => {