The rust programming language is one of the fastest-growing programming languages, thanks to its unique blend of high performance execution and memory safety. Still, programs implemented in rust can contain critical bugs. Apart from logic bugs and crashes, code in unsafe blocks can still trigger memory corruptions. To find these, the community uses traditional fuzzers like libfuzzer or aflpp, in combination with rust-specific macros. Of course, the fuzzers themselves are still written in memory-unsafe languages.
In this paper, we explore the possibility of replacing the input generators with rust, while staying compatible to existing harnesses. Based on the rust fuzzer library libafl, we develop ourtool, a drop-in replacement for the C++ component of cargo-fuzz. We evaluate our tool, written in rust, against the original fuzzer libfuzzer. We show that we are not only able to successfully fuzz all three targets we tested with ourtool, but outperform cargo-fuzz in bug coverage. During our preliminary evaluation, we already manage to uncover new bugs in the pdf crate that could not be found by cargo-fuzz, proving the real-world applicability of our approach, and giving us high hopes for the planned follow-up evaluations.
History
Primary Research Area
Threat Detection and Defenses
Name of Conference
International Fuzzing Workshop (FUZZING)
Journal
Proceedings of the 2nd International Fuzzing Workshop
Page Range
39-46
Publisher
Association for Computing Machinery (ACM)
Open Access Type
Not Open Access
BibTeX
@conference{Crump:Zhang:Asif:Maier:Fioraldi:Holz:Balzarotti:2023,
title = "CrabSandwich: Fuzzing Rust with Rust (Registered Report)",
author = "Crump, Addison" AND "Zhang, Dongjia" AND "Asif, Syeda Mahnur" AND "Maier, Dominik" AND "Fioraldi, Andrea" AND "Holz, Thorsten" AND "Balzarotti, Davide",
year = 2023,
month = 7,
journal = "Proceedings of the 2nd International Fuzzing Workshop",
pages = "39--46",
publisher = "Association for Computing Machinery (ACM)",
doi = "10.1145/3605157.3605176"
}