CISPA
Browse
publi-7372 (1).pdf (795.31 kB)

CrabSandwich: Fuzzing Rust with Rust (Registered Report)

Download (795.31 kB)
conference contribution
posted on 2024-04-04, 06:42 authored by Addison CrumpAddison Crump, Dongjia Zhang, Syeda Mahnur AsifSyeda Mahnur Asif, Dominik Maier, Andrea Fioraldi, Thorsten HolzThorsten Holz, Davide Balzarotti
The rust programming language is one of the fastest-growing programming languages, thanks to its unique blend of high performance execution and memory safety. Still, programs implemented in rust can contain critical bugs. Apart from logic bugs and crashes, code in unsafe blocks can still trigger memory corruptions. To find these, the community uses traditional fuzzers like libfuzzer or aflpp, in combination with rust-specific macros. Of course, the fuzzers themselves are still written in memory-unsafe languages. In this paper, we explore the possibility of replacing the input generators with rust, while staying compatible to existing harnesses. Based on the rust fuzzer library libafl, we develop ourtool, a drop-in replacement for the C++ component of cargo-fuzz. We evaluate our tool, written in rust, against the original fuzzer libfuzzer. We show that we are not only able to successfully fuzz all three targets we tested with ourtool, but outperform cargo-fuzz in bug coverage. During our preliminary evaluation, we already manage to uncover new bugs in the pdf crate that could not be found by cargo-fuzz, proving the real-world applicability of our approach, and giving us high hopes for the planned follow-up evaluations.

History

Primary Research Area

  • Threat Detection and Defenses

Name of Conference

International Fuzzing Workshop (FUZZING)

Journal

Proceedings of the 2nd International Fuzzing Workshop

Page Range

39-46

Publisher

Association for Computing Machinery (ACM)

Open Access Type

  • Not Open Access

BibTeX

@conference{Crump:Zhang:Asif:Maier:Fioraldi:Holz:Balzarotti:2023, title = "CrabSandwich: Fuzzing Rust with Rust (Registered Report)", author = "Crump, Addison" AND "Zhang, Dongjia" AND "Asif, Syeda Mahnur" AND "Maier, Dominik" AND "Fioraldi, Andrea" AND "Holz, Thorsten" AND "Balzarotti, Davide", year = 2023, month = 7, journal = "Proceedings of the 2nd International Fuzzing Workshop", pages = "39--46", publisher = "Association for Computing Machinery (ACM)", doi = "10.1145/3605157.3605176" }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC