afl.rs

Fuzzing Rust code with american fuzzy lop (AFL)

Screen recording of AFL running on Rust code. The code under test is examples/hello.rs in this repository.

What is it?

Fuzz testing is a software testing technique used to find security and stability issues by providing pseudo-random data as input to the software. American fuzzy lop is a popular, effective, and modern fuzz testing tool. This library, afl.rs, allows one to run AFL on code written in the Rust programming language.

Book

Documentation for afl.rs can be found here:

The afl.rs Book

It's still a work in progress, but has enough information to get you started.

Upcoming changes

• [ ] [✨ Logo ✨](https://github.com/frewsxcv/afl.rs/issues/66)
• [ ] [Simpler API](https://github.com/frewsxcv/afl.rs/issues/31)
• [ ] Don't require users to have AFL installed (utilize afl-sys crate)

Trophy case

• brotli-rs: #2, #3, #4, #5, #6, #7, #8, #9, #10, #11, #12
• flac: #3
• httparse: #9
• image: #414, #473, #474, #477
• jpeg-decoder: #38, #50
• mp4parse-rust: #2, #4, #5, #6
• rustc: #24275, #24276
• rust-url: #108
• regex: #84
• rust-asn1: #32
• rustc-serialize: #109, #110
• serde: #75, #77, #82
• tar-rs: #23
• xml-rs: #93
• Logic errors in tendril and its html5ever integration

These bugs aren't nearly as serious as the memory-safety issues afl has discovered in C and C++ projects. That's because Rust is memory-safe by default, but also because not many people have tried afl.rs yet! Over time we will update this section with the most interesting bugs, whether they're logic errors or memory-safety problems arising from unsafe code. Pull requests are welcome!