### Get honggfuzz Version Source: https://docs.rs/honggfuzz/0.5.58/index Displays the installed version of the honggfuzz command-line tools. ```bash cargo hfuzz version ``` -------------------------------- ### Build and Run Fuzz Target Source: https://docs.rs/honggfuzz/0.5.58/honggfuzz Command to build a Rust project with fuzzing instrumentation and then execute the fuzzing process on a target named 'example'. This is a core command for initiating fuzzing with honggfuzz. ```bash cargo hfuzz run example ``` -------------------------------- ### Run fuzzing with cargo hfuzz Source: https://docs.rs/honggfuzz/0.5.58/src/honggfuzz/lib Builds the project with fuzzing instrumentation and then runs the fuzzing process for the specified target (e.g., 'example'). This command initiates the fuzzing execution using the honggfuzz engine. ```shell # builds with fuzzing instrumentation and then fuzz the "example" target cargo hfuzz run example ``` -------------------------------- ### Run Fuzzing with Cargo hfuzz Source: https://docs.rs/honggfuzz/0.5.58/index Builds the project with fuzzing instrumentation and then executes the fuzzing process on the 'example' target using the `cargo hfuzz run` command. ```bash cargo hfuzz run example ``` -------------------------------- ### Install honggfuzz CLI tools Source: https://docs.rs/honggfuzz/0.5.58/src/honggfuzz/lib Installs the `hfuzz` and `honggfuzz` subcommands for Cargo, enabling fuzzing capabilities within your Rust projects. This is a prerequisite for using the crate's fuzzing features. ```shell # installs hfuzz and honggfuzz subcommands in cargo cargo install honggfuzz ``` -------------------------------- ### Get honggfuzz Version Source: https://docs.rs/honggfuzz/0.5.58/honggfuzz Displays the installed version of the honggfuzz command-line tool. This is a simple utility command to check the software version. ```bash cargo hfuzz version ``` -------------------------------- ### Install honggfuzz Cargo Subcommands Source: https://docs.rs/honggfuzz/0.5.58/honggfuzz Installs the `hfuzz` and `honggfuzz` subcommands for Cargo, enabling fuzzing capabilities in your Rust projects. No specific inputs or outputs are detailed, but it's a prerequisite for using the crate's fuzzing features. ```bash cargo install honggfuzz ``` -------------------------------- ### Run Fuzzing Without Instrumentation Source: https://docs.rs/honggfuzz/0.5.58/index Builds the project without compile-time software instrumentation (like LLVM's SanCov passes) and then fuzzes the 'example' target, optionally using hardware-based feedback mechanisms. ```bash HFUZZ_RUN_ARGS="--linux_perf_ipt_block --linux_perf_instr --linux_perf_branch" cargo hfuzz run-no-instr example ``` -------------------------------- ### Create a Fuzz Target with honggfuzz Source: https://docs.rs/honggfuzz/0.5.58/honggfuzz/index Example of a Rust main function that uses the `honggfuzz::fuzz` macro to define a fuzzing target. It demonstrates basic input processing and triggering a panic on specific conditions. ```rust use honggfuzz::fuzz; fn main() { // Here you can parse `std::env::args and // setup / initialize your project // You have full control over the loop but // you're supposed to call `fuzz` ad vitam aeternam loop { // The fuzz macro gives an arbitrary object (see `arbitrary crate`) // to a closure-like block of code. // For performance reasons, it is recommended that you use the native type // `&[u8]` when possible. // Here, this slice will contain a "random" quantity of "random" data. fuzz!(|data: &[u8]| { if data.len() != 3 {return} if data[0] != b'h' {return} if data[1] != b'e' {return} if data[2] != b'y' {return} panic!("BOOM") }); } } ``` -------------------------------- ### Create and Run a Fuzz Target with honggfuzz Source: https://docs.rs/honggfuzz/0.5.58/honggfuzz Illustrates how to create a fuzz target within a Rust application using the `honggfuzz::fuzz` macro. It shows a basic example of checking input data and panicking on a specific condition. This code snippet requires the honggfuzz crate as a dependency. ```rust use honggfuzz::fuzz; fn main() { loop { fuzz!(|data: &[u8]| { if data.len() != 3 {return} if data[0] != b'h' {return} if data[1] != b'e' {return} if data[2] != b'y' {return} panic!("BOOM") }); } } ``` -------------------------------- ### Run Fuzz Target Without Compile-Time Instrumentation Source: https://docs.rs/honggfuzz/0.5.58/honggfuzz Builds the project without software instrumentation and then fuzzes the 'example' target, utilizing hardware-based feedback. This command is suitable for scenarios where hardware features are preferred for fuzzing. ```bash HFUZZ_RUN_ARGS="--linux_perf_ipt_block --linux_perf_instr --linux_perf_branch" cargo hfuzz run-no-instr example ``` -------------------------------- ### Configure Fuzzing Run Arguments with HFUZZ_RUN_ARGS Source: https://docs.rs/honggfuzz/0.5.58/index Provides extensive control over the honggfuzz execution by setting the `HFUZZ_RUN_ARGS` environment variable. This example demonstrates setting timeout, thread count, verbosity, iteration limit, and crash exit condition. ```bash # 1 second of timeout # use 12 fuzzing thread # be verbose # stop after 1000000 fuzzing iteration # exit upon crash HFUZZ_RUN_ARGS="-t 1 -n 12 -v -N 1000000 --exit_upon_crash" cargo hfuzz run example ``` -------------------------------- ### Persistent fuzzing with honggfuzz fuzz macro Source: https://docs.rs/honggfuzz/0.5.58/honggfuzz/macro This example demonstrates persistent fuzzing using the `fuzz` macro. The fuzzing block is placed inside an infinite loop to continuously fuzz the code. It shows how to handle input data and trigger a panic under specific conditions. ```Rust loop { fuzz!(|data: &[u8]| { if data.len() != 3 {return} if data[0] != b'h' {return} if data[1] != b'e' {return} if data[2] != b'y' {return} panic!("BOOM") }); } ``` -------------------------------- ### Main Fuzzing Macro in Rust Source: https://docs.rs/honggfuzz/0.5.58/src/honggfuzz/lib The `fuzz!` macro provides a convenient way to start fuzzing in Rust. It supports two main syntaxes: one for direct use with a byte slice (`&[u8]`) and another for using arbitrary types that implement the `Arbitrary` trait. The macro abstracts away the details of providing the fuzzing input to the closure. ```rust #[macro_export] macro_rules! fuzz { (|$buf:ident| $body:block) => { $crate::fuzz(|$buf| $body); }; (|$buf:ident: &[u8]| $body:block) => { $crate::fuzz(|$buf| $body); }; (|$buf:ident: $dty:ty| $body:block) => { $crate::_arbitrary_fuzz!(|$buf: $dty| $body); }; } ``` -------------------------------- ### Arbitrary Type Fuzzing Macro Setup in Rust Source: https://docs.rs/honggfuzz/0.5.58/src/honggfuzz/lib This macro, `_arbitrary_fuzz!`, is a helper for the main `fuzz!` macro. It allows the fuzzing closure to accept an argument of an arbitrary type that implements the `Arbitrary` trait from the `arbitrary` crate. It deserializes the input byte slice into the specified type. ```rust #[macro_export] #[doc(hidden)] macro_rules! _arbitrary_fuzz { (|$buf:ident: $dty:ty| $body:block) => { $crate::fuzz(|$buf| { let $buf: $dty = { use $crate::arbitrary::{Arbitrary, Unstructured}; let mut buf = Unstructured::new($buf); if let Ok(buf) = Arbitrary::arbitrary(&mut buf) { buf } else { return; } }; $body }); }; } ``` -------------------------------- ### Configure Build Arguments with HFUZZ_BUILD_ARGS Source: https://docs.rs/honggfuzz/0.5.58/honggfuzz/index Uses the `HFUZZ_BUILD_ARGS` environment variable to pass additional arguments to `cargo build` during the fuzzing build process. ```shell # Example: Pass arguments to cargo build export HFUZZ_BUILD_ARGS="--features=some_feature" ``` -------------------------------- ### Run fuzzing without instrumentation Source: https://docs.rs/honggfuzz/0.5.58/src/honggfuzz/lib Builds the project without compile-time software instrumentation (e.g., LLVM's SanCov passes) and then fuzzes the target. This is useful for hardware-based feedback driven fuzzing. ```shell # builds without fuzzing instrumentation and then fuzz the "example" target using hardware-based feedback HFUZZ_RUN_ARGS="--linux_perf_ipt_block --linux_perf_instr --linux_perf_branch" cargo hfuzz run-no-instr example ``` -------------------------------- ### Create a Fuzzing Target with honggfuzz Source: https://docs.rs/honggfuzz/0.5.58/index Demonstrates how to create a Rust program that uses the `honggfuzz::fuzz` macro to define a fuzzing target. The closure passed to `fuzz!` receives arbitrary byte data and performs checks, panicking on specific conditions to simulate a crash. ```rust use honggfuzz::fuzz; fn main() { // Here you can parse `std::env::args and // setup / initialize your project // You have full control over the loop but // you're supposed to call `fuzz` ad vitam aeternam loop { // The fuzz macro gives an arbitrary object (see `arbitrary crate`) // to a closure-like block of code. // For performance reasons, it is recommended that you use the native type // `&[u8]` when possible. // Here, this slice will contain a "random" quantity of "random" data. fuzz!(|data: &[u8]| { if data.len() != 3 {return} if data[0] != b'h' {return} if data[1] != b'e' {return} if data[2] != b'y' {return} panic!("BOOM") }); } } ``` -------------------------------- ### Configure Run Arguments with HFUZZ_RUN_ARGS Source: https://docs.rs/honggfuzz/0.5.58/honggfuzz/index Uses the `HFUZZ_RUN_ARGS` environment variable to pass various arguments to the `honggfuzz` executable, controlling timeouts, threads, verbosity, and crash behavior. ```shell # 1 second of timeout # use 12 fuzzing thread # be verbose # stop after 1000000 fuzzing iteration # exit upon crash HFUZZ_RUN_ARGS="-t 1 -n 12 -v -N 1000000 --exit_upon_crash" cargo hfuzz run example ``` -------------------------------- ### Enable LLVM Sanitizers with RUSTFLAGS Source: https://docs.rs/honggfuzz/0.5.58/index Uses the `RUSTFLAGS` environment variable to pass additional arguments to `rustc`, enabling LLVM sanitizers like the address sanitizer for more thorough code analysis, albeit with a performance impact. ```bash RUSTFLAGS="-Z sanitizer=address" cargo hfuzz run example ``` -------------------------------- ### Customize honggfuzz Run Arguments Source: https://docs.rs/honggfuzz/0.5.58/honggfuzz Sets various arguments for the `honggfuzz` execution, such as timeout, number of threads, verbosity, iteration count, and exit behavior upon crash. This demonstrates advanced configuration for the fuzzing process. ```bash HFUZZ_RUN_ARGS="-t 1 -n 12 -v -N 1000000 --exit_upon_crash" cargo hfuzz run example ``` -------------------------------- ### Configure Honggfuzz Input Files with HFUZZ_INPUT Source: https://docs.rs/honggfuzz/0.5.58/index Determines the location of Honggfuzz's input files, also known as the "corpus". It defaults to `$HFUZZ_WORKSPACE/{TARGET}/input`. ```bash # Example usage (no specific code snippet provided, but the variable is defined) # export HFUZZ_INPUT="/path/to/my/corpus" ``` -------------------------------- ### Enable LLVM Sanitizers with RUSTFLAGS Source: https://docs.rs/honggfuzz/0.5.58/honggfuzz Configures the build process to use LLVM sanitizers, such as the address sanitizer, by setting the `RUSTFLAGS` environment variable. This is recommended for testing `unsafe` Rust code but may impact performance. ```bash RUSTFLAGS="-Z sanitizer=address" cargo hfuzz run example ``` -------------------------------- ### Replay Crashes in Debugger Source: https://docs.rs/honggfuzz/0.5.58/index Builds the target in debug mode and automatically replays a detected crash using `gdb`, allowing for in-depth analysis of the failure. ```bash cargo hfuzz run-debug example fuzzing_workspace/*.fuzz ``` -------------------------------- ### Customize Build Arguments with HFUZZ_BUILD_ARGS Source: https://docs.rs/honggfuzz/0.5.58/index Allows passing custom arguments to `cargo build` when building the fuzzing target by setting the `HFUZZ_BUILD_ARGS` environment variable. ```bash # Example usage (no specific code snippet provided, but the variable is defined) # export HFUZZ_BUILD_ARGS="--some-build-flag" ``` -------------------------------- ### Add honggfuzz to Rust Project Dependencies Source: https://docs.rs/honggfuzz/0.5.58/honggfuzz Demonstrates how to add the honggfuzz crate as a dependency in a Rust project's `Cargo.toml` file. This allows the project to utilize honggfuzz's fuzzing functionalities. ```toml [dependencies] honggfuzz = "0.5" ``` -------------------------------- ### Clean Fuzzing Build Artifacts Source: https://docs.rs/honggfuzz/0.5.58/index Cleans the fuzzing build artifacts, including the contents of the `hfuzz_target` directory, acting as a wrapper around `cargo clean`. ```bash cargo hfuzz clean ``` -------------------------------- ### Set Honggfuzz Working Directory with HFUZZ_WORKSPACE Source: https://docs.rs/honggfuzz/0.5.58/index Specifies the root directory for honggfuzz's working files, including the input corpus and output crash reports. It defaults to `hfuzz_workspace`. ```bash # Example usage (no specific code snippet provided, but the variable is defined) # export HFUZZ_WORKSPACE="/path/to/my/fuzz_data" ``` -------------------------------- ### Honggfuzz Fuzzing Function (Non-Fuzzing Build) Source: https://docs.rs/honggfuzz/0.5.58/src/honggfuzz/lib Provides a fallback implementation of the `fuzz` function when the project is not built with `cargo hfuzz`. It prints helpful messages instructing the user on how to build and run with `cargo hfuzz`. The function signature accepts a closure that takes a byte slice `&[u8]` as input. ```rust # use honggfuzz::fuzz; # fn main() { fuzz(|data|{ if data.len() != 3 {return} if data[0] != b'h' {return} if data[1] != b'e' {return} if data[2] != b'y' {return} panic!("BOOM") }); # } ``` -------------------------------- ### Specify Debugger with HFUZZ_DEBUGGER Source: https://docs.rs/honggfuzz/0.5.58/index Allows customizing the debugger used for replaying crashes. By default, `rust-lldb` is used, but it can be changed to alternatives like `rust-gdb` or `gdb`. ```bash # Example usage (no specific code snippet provided, but the variable is defined) # export HFUZZ_DEBUGGER="rust-gdb" ``` -------------------------------- ### Specify Custom Input Directory with HFUZZ_INPUT Source: https://docs.rs/honggfuzz/0.5.58/honggfuzz/index Sets the directory where Honggfuzz looks for input files (the corpus) for fuzzing. ```shell # Example: Set input directory to 'my_corpus' export HFUZZ_INPUT="my_corpus" ``` -------------------------------- ### Specify Custom Debugger with HFUZZ_DEBUGGER Source: https://docs.rs/honggfuzz/0.5.58/honggfuzz/index Allows overriding the default debugger (e.g., `rust-lldb`) used for replaying crashes with a custom one like `rust-gdb` or a specific GDB version. ```shell # Example: Use rust-gdb as the debugger export HFUZZ_DEBUGGER="rust-gdb" ``` -------------------------------- ### Pass Arguments to `cargo build` with HFUZZ_BUILD_ARGS Source: https://docs.rs/honggfuzz/0.5.58/honggfuzz Allows passing additional arguments to the `cargo build` command when building with honggfuzz. This environment variable provides flexibility in customizing the build process. ```bash HFUZZ_BUILD_ARGS="--some-build-option" cargo hfuzz run example ``` -------------------------------- ### Specify Custom Workspace Directory with HFUZZ_WORKSPACE Source: https://docs.rs/honggfuzz/0.5.58/honggfuzz/index Changes the default location for Honggfuzz's working files, including the input corpus and output logs. ```shell # Example: Set workspace to 'my_fuzz_dir' export HFUZZ_WORKSPACE="my_fuzz_dir" ``` -------------------------------- ### Add honggfuzz as a Cargo Dependency Source: https://docs.rs/honggfuzz/0.5.58/index Specifies how to include the honggfuzz crate in your project's `Cargo.toml` file, making its fuzzing capabilities available for use. ```toml [dependencies] honggfuzz = "0.5" ``` -------------------------------- ### Execute Fuzzing with Crash Handling in Rust Source: https://docs.rs/honggfuzz/0.5.58/src/honggfuzz/lib This function executes a provided closure with fuzzing input. It includes mechanisms to capture panics and abort the process if a panic occurs, ensuring that fuzzing can distinguish between different bugs. It utilizes `HF_ITER` for obtaining input data and `std::panic::catch_unwind` for error handling. ```rust fn fuzz_with_unwind_check(closure: F) where F: FnOnce(&[u8]) + std::panic::UnwindSafe, { let mut buf_ptr = MaybeUninit::>::uninit(); let mut len_ptr = MaybeUninit::::uninit(); unsafe { HF_ITER(buf_ptr.as_mut_ptr(), len_ptr.as_mut_ptr()); buf = ::std::slice::from_raw_parts(buf_ptr.assume_init(), len_ptr.assume_init()); } let did_panic = std::panic::catch_unwind(std::panic::AssertUnwindSafe(|| { closure(buf); })) .is_err(); if did_panic { std::process::abort(); } } ``` -------------------------------- ### Clean Fuzzing Build Artifacts Source: https://docs.rs/honggfuzz/0.5.58/honggfuzz A wrapper around `cargo clean` that specifically cleans the fuzzing target directory. This command helps in removing old build artifacts related to fuzzing, ensuring a fresh build. ```bash cargo hfuzz clean ``` -------------------------------- ### Define honggfuzz fuzz macro Source: https://docs.rs/honggfuzz/0.5.58/honggfuzz/macro The `fuzz` macro in honggfuzz allows you to define a block of code to be fuzzed. It supports different argument types for the fuzzing block, including arbitrary types and the recommended `&[u8]`. ```Rust macro_rules! fuzz { (|$buf:ident| $body:block) => { ... }; (|$buf:ident: &[u8]| $body:block) => { ... }; (|$buf:ident: $dty:ty| $body:block) => { ... }; } ``` -------------------------------- ### Run Fuzz Target in Debug Mode with Crash Replay Source: https://docs.rs/honggfuzz/0.5.58/honggfuzz Builds the fuzz target in debug mode and automatically replays a detected crash in a GDB session. This is useful for debugging and analyzing the root cause of a fuzzing-induced failure. ```bash cargo hfuzz run-debug example fuzzing_workspace/*.fuzz ``` -------------------------------- ### Specify Custom Target Directory with CARGO_TARGET_DIR Source: https://docs.rs/honggfuzz/0.5.58/honggfuzz/index Overrides the default target compilation directory for `cargo build` and `cargo hfuzz` to avoid conflicts with the standard `target` directory. ```shell # Example: Set target directory to '.build' export CARGO_TARGET_DIR=".build" ``` -------------------------------- ### Conditional Compilation for Fuzzing in Rust Source: https://docs.rs/honggfuzz/0.5.58/src/honggfuzz/lib Demonstrates how to use `#[cfg(fuzzing)]` and `#[cfg(not(fuzzing))]` to conditionally compile code for fuzzing or regular execution. This is useful for seeding random number generators or disabling unnecessary features during fuzzing. It requires the `rand` and `rand_chacha` crates. ```rust # use rand::{self, Rng, SeedableRng}; # use rand_chacha; # fn main() { #[cfg(fuzzing)] let mut rng = rand_chacha::ChaCha8Rng::from_seed(&[0]); #[cfg(not(fuzzing))] let mut rng = rand::thread_rng(); # } ``` -------------------------------- ### Debug Fuzzing with Memory Mapping in Rust Source: https://docs.rs/honggfuzz/0.5.58/src/honggfuzz/lib This function is used for debug fuzzing, reading input data from a file specified by the CARGO_HONGGFUZZ_CRASH_FILENAME environment variable. It memory-maps the file to provide the fuzzing input to the closure. If the environment variable is not set or the file cannot be opened/mmaped, it prints an error and exits. ```rust pub fn fuzz(closure: F) where F: FnOnce(&[u8]), { use memmap2::MmapOptions; use std::env; use std::fs::File; let filename = env::var("CARGO_HONGGFUZZ_CRASH_FILENAME").unwrap_or_else(|e|{ eprintln!("error: Environment variable CARGO_HONGGFUZZ_CRASH_FILENAME not set. Try launching with \"cargo hfuzz run-debug TARGET CRASH_FILENAME [ ARGS ... ]\""); std::process::exit(1); }); let file = File::open(&filename).unwrap_or_else(|e| { eprintln!("error: failed to open \"{}\"", &filename); std::process::exit(1); }); let mmap = unsafe { MmapOptions::new().map(&file) }.unwrap_or_else(|e| { eprintln!("error: failed to mmap file \"{}\"", &filename); std::process::exit(1); }); closure(&mmap); eprintln!("This crashfile didn't trigger any panics..."); eprintln!("Are you sure that you selected the correct crashfile and that your program's behavior is entirely deterministic and only dependent on the fuzzing input?"); std::process::exit(2); } ``` -------------------------------- ### Conditional Compilation for Fuzzing in Rust Source: https://docs.rs/honggfuzz/0.5.58/honggfuzz This snippet demonstrates how to conditionally compile code based on whether the project is being fuzzed. The `#[cfg(fuzzing)]` attribute allows specific code paths, such as using a deterministic random number generator seeded with fuzzing input, to be enabled only during fuzzing builds. This helps ensure deterministic behavior, which is crucial for effective fuzzing. ```rust #[cfg(fuzzing)] let mut rng = rand_chacha::ChaCha8Rng::from_seed(&[0]); #[cfg(not(fuzzing))] let mut rng = rand::thread_rng(); ``` -------------------------------- ### Clean fuzzing artifacts with cargo hfuzz clean Source: https://docs.rs/honggfuzz/0.5.58/src/honggfuzz/lib Cleans the fuzzing target directory, effectively removing any generated fuzzing artifacts. This command is a wrapper around `cargo clean` with additional cleanup for fuzzing-specific files. ```shell # a wrapper on "cargo clean" which cleans the fuzzing_target directory cargo hfuzz clean ``` -------------------------------- ### Set Target Compilation Directory with CARGO_TARGET_DIR Source: https://docs.rs/honggfuzz/0.5.58/index Defines the directory where compilation artifacts for fuzzing targets are stored. It defaults to `hfuzz_target` to avoid conflicts with Cargo's default `target` directory. ```bash # Example usage (no specific code snippet provided, but the variable is defined) # export CARGO_TARGET_DIR="my_fuzz_builds" ``` -------------------------------- ### Replay a crash with cargo hfuzz run-debug Source: https://docs.rs/honggfuzz/0.5.58/src/honggfuzz/lib Builds the target in debug mode and automatically replays a detected crash using a debugger (e.g., gdb). This is useful for analyzing the root cause of a crash. ```shell # builds the target in debug mode and replays automatically the crash in gdb cargo hfuzz run-debug example fuzzing_workspace/*.fuzz ``` -------------------------------- ### Honggfuzz Fuzzing Function (Fuzzing Build) Source: https://docs.rs/honggfuzz/0.5.58/src/honggfuzz/lib The primary implementation of the `fuzz` function used when building with `cargo hfuzz`. It sets up a panic hook to abort the process on panic, which aids in bug analysis. It then retrieves input data from the honggfuzz runtime via `HF_ITER` and passes it to the provided closure. This function is intended for persistent fuzzing and expects the closure to be unwind-safe. ```rust # use honggfuzz::fuzz; # use std::mem::MaybeUninit; # #[cfg(all(fuzzing, not(fuzzing_debug))))] # lazy_static::lazy_static! { # static ref PANIC_HOOK: () = { # std::panic::set_hook(Box::new(|_| { # std::process::abort(); # })) # }; # } # # #[cfg(all(fuzzing, not(fuzzing_debug))))] # pub fn fuzz(closure: F) # where # F: FnOnce(&[u8]), # { # // sets panic hook if not already done # lazy_static::initialize(&PANIC_HOOK); # # // get buffer from honggfuzz runtime # let buf; # # let mut buf_ptr = MaybeUninit::<*const u8>::uninit(); # let mut len_ptr = MaybeUninit::::uninit(); # # unsafe { # HF_ITER(buf_ptr.as_mut_ptr(), len_ptr.as_mut_ptr()); # let buf_ptr = buf_ptr.assume_init(); # let len = len_ptr.assume_init(); # buf = std::slice::from_raw_parts(buf_ptr, len); # } # # closure(buf); # } # fn main() { # // Example usage (this part would be in your actual fuzz target) # fuzz(|data| { # // Process the fuzzing data # println!("Received {} bytes of data", data.len()); # }); # } ``` -------------------------------- ### Fuzz a closure with honggfuzz in Rust Source: https://docs.rs/honggfuzz/0.5.58/honggfuzz/fn The `fuzz` function takes a closure that accepts a byte slice (`&[u8]`) containing random data. For continuous fuzzing, this function should be called within an infinite loop. The closure must be unwind-safe. ```rust pub fn fuzz(closure: F) where F: FnOnce(&[u8]), ``` ```rust loop { fuzz(|data|{ if data.len() != 3 {return} if data[0] != b'h' {return} if data[1] != b'e' {return} if data[2] != b'y' {return} panic!("BOOM") }); } ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.