My initial approach tried fuzz!(|data: String| { // test code } but running it on sample inputs with cargo afl run < input.txt showed that it was cutting off the input. I switched to using
fuzz!(|bytes: &[u8]| {
if let Ok(data) = str::from_utf8(bytes) {
// test code
}
});
which correctly handles the input, but running cargo afl tmin with non-crashing inputs fails to minimize them at all. My guess is that by instrumenting the string conversion, removing any characters from the input changes the instrumentation output. I can still run cargo afl fuzz, and it also seems to be able to reduce crashing inputs, since I guess it isn't as strict about preserving the full trace.
Is there a way to selectively disable instrumentation for specific parts of source code, as you would with __AFL_COVERAGE(), __AFL_COVERAGE_ON(), __AFL_COVERAGE_OFF()? Or in my particular case, is there a simpler solution of correctly accepting fuzz input as a string which I'm missing?
My initial approach tried
fuzz!(|data: String| { // test code }but running it on sample inputs with cargo afl run < input.txt showed that it was cutting off the input. I switched to usingwhich correctly handles the input, but running cargo afl tmin with non-crashing inputs fails to minimize them at all. My guess is that by instrumenting the string conversion, removing any characters from the input changes the instrumentation output. I can still run cargo afl fuzz, and it also seems to be able to reduce crashing inputs, since I guess it isn't as strict about preserving the full trace.
Is there a way to selectively disable instrumentation for specific parts of source code, as you would with __AFL_COVERAGE(), __AFL_COVERAGE_ON(), __AFL_COVERAGE_OFF()? Or in my particular case, is there a simpler solution of correctly accepting fuzz input as a string which I'm missing?