| Vulnerabilities | |||||
|---|---|---|---|---|---|
| Version | Suggest | Low | Medium | High | Critical |
| 0.4.12 | 0 | 0 | 0 | 0 | 0 |
| 0.4.11 | 0 | 0 | 0 | 0 | 0 |
| 0.4.10 | 0 | 0 | 0 | 0 | 0 |
| 0.4.9 | 0 | 0 | 0 | 0 | 0 |
| 0.4.8 | 0 | 0 | 0 | 0 | 0 |
| 0.4.7 | 0 | 0 | 0 | 0 | 0 |
| 0.4.6 | 0 | 0 | 0 | 0 | 0 |
| 0.4.5 | 0 | 0 | 0 | 0 | 0 |
| 0.4.4 | 0 | 0 | 0 | 0 | 0 |
| 0.4.3 | 0 | 0 | 0 | 0 | 0 |
| 0.4.2 | 0 | 0 | 0 | 0 | 0 |
| 0.4.1 | 0 | 0 | 0 | 0 | 0 |
| 0.4.0 | 0 | 0 | 0 | 0 | 0 |
| 0.3.5 | 0 | 0 | 0 | 0 | 0 |
| 0.3.4 | 0 | 0 | 0 | 0 | 0 |
| 0.3.3 | 0 | 0 | 0 | 0 | 0 |
| 0.3.2 | 0 | 0 | 0 | 0 | 0 |
| 0.3.1 | 0 | 0 | 0 | 0 | 0 |
| 0.3.0 | 0 | 0 | 0 | 0 | 0 |
| 0.2.1 | 0 | 0 | 0 | 0 | 0 |
| 0.2.0 | 0 | 0 | 0 | 0 | 0 |
| 0.1.1 | 0 | 0 | 0 | 0 | 0 |
| 0.1.0 | 0 | 0 | 0 | 0 | 0 |
0.4.12 - This version is safe to use because it has no known security vulnerabilities at this time. Find out if your coding project uses this component and get notified of any reported security vulnerabilities with Meterian-X Open Source Security Platform
Maintain your licence declarations and avoid unwanted licences to protect your IP the way you intended.
PROPRIETARY-AND NCSA - AND NCSABarebones wrapper around LLVM's libFuzzer runtime library.
The CPP parts are extracted from compiler-rt git repository with git filter-branch.
libFuzzer relies on LLVM sanitizer support. The Rust compiler has built-in support for LLVM sanitizer support, for now, it's limited to Linux. As a result, libfuzzer-sys only works on Linux.
The recommended way to use this crate with cargo fuzz!.
This crate can also be used manually as following:
First create a new cargo project:
$ cargo new --bin fuzzed
$ cd fuzzed
Then add a dependency on the fuzzer-sys crate and your own crate:
[dependencies]
libfuzzer-sys = "0.4.0"
your_crate = { path = "../path/to/your/crate" }Change the fuzzed/src/main.rs to fuzz your code:
#![no_main]
use libfuzzer_sys::fuzz_target;
fuzz_target!(|data: &[u8]| {
// code to fuzz goes here
});Build by running the following command:
$ cargo rustc -- \
-C passes='sancov-module' \
-C llvm-args='-sanitizer-coverage-level=3' \
-C llvm-args='-sanitizer-coverage-inline-8bit-counters' \
-Z sanitizer=addressAnd finally, run the fuzzer:
$ ./target/debug/fuzzedWhen using libfuzzer-sys, you can provide your own libfuzzer runtime in two ways.
If you are developing a fuzzer, you can set the CUSTOM_LIBFUZZER_PATH environment variable to the path of your local
libfuzzer runtime, which will then be linked instead of building libfuzzer as part of the build stage of libfuzzer-sys.
For an example, to link to a prebuilt LLVM 16 libfuzzer, you could use:
$ export CUSTOM_LIBFUZZER_PATH=/usr/lib64/clang/16/lib/libclang_rt.fuzzer-x86_64.a
$ cargo fuzz run ...Alternatively, you may also disable the default link_libfuzzer feature:
In Cargo.toml:
[dependencies]
libfuzzer-sys = { path = "../../libfuzzer", default-features = false }Then link to your own runtime in your build.rs.
Update the COMMIT=... variable in ./update-libfuzzer.sh with the new
commit hash from llvm-mirror/llvm-project
that you are vendoring.
Re-run the script:
$ ./update-libfuzzer.sh <github.com/llvm-mirror/llvm-project SHA1>
All files in the libfuzzer directory are licensed NCSA.
Everything else is dual-licensed Apache 2.0 and MIT.