You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@avro.apache.org by GitBox <gi...@apache.org> on 2022/07/11 13:56:31 UTC

[GitHub] [avro] evanrichter opened a new pull request, #1761: Rust: add fuzz harness

evanrichter opened a new pull request, #1761:
URL: https://github.com/apache/avro/pull/1761

   The [cargo-fuzz](https://github.com/rust-fuzz/cargo-fuzz) harness can be run with `cargo +nightly fuzz run roundtrip` from the _lang/rust/avro_ folder.
   
   The second commit fixes 1 panic, 1 oom, and 1 infinite loop that the fuzzer found.
   
   ### Jira
   
   - [ ] My PR addresses the following [Avro Jira](https://issues.apache.org/jira/browse/AVRO/) issues and references them in the PR title. For example, "AVRO-1234: My Avro PR"
     - https://issues.apache.org/jira/browse/AVRO-XXX
     - [x] In case you are adding a dependency, check if the license complies with the [ASF 3rd Party License Policy](https://www.apache.org/legal/resolved.html#category-x). Cargo fuzz is dual-licensed under MIT or Apache 2.0 open source license.
   
   ### Tests
   
   - [x] My PR adds fuzz testing
   - [x] The code fixes do not break `cargo test`
   - [x] The code fixes pass fuzz testing and fix all panic/oom/timeout
   
   
   ### Commits
   
   - [ ] My commits all reference Jira issues in their subject lines. In addition, my commits follow the guidelines from "[How to write a good git commit message](https://chris.beams.io/posts/git-commit/)":
     1. Subject is separated from body by a blank line
     1. Subject is limited to 50 characters (not including Jira issue reference)
     1. Subject does not end with a period
     1. Subject uses the imperative mood ("add", not "adding")
     1. Body wraps at 72 characters
     1. Body explains "what" and "why", not "how"
   
   ### Documentation
   
   - [x] In case of new functionality, my PR adds documentation that describes how to use it.
     - No new functionality
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@avro.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [avro] martin-g commented on a diff in pull request #1761: Rust: add fuzz harness

Posted by GitBox <gi...@apache.org>.

martin-g commented on code in PR #1761:
URL: https://github.com/apache/avro/pull/1761#discussion_r917995743


##########
lang/rust/avro/fuzz/Cargo.toml:
##########
@@ -0,0 +1,32 @@
+[package]
+name = "apache-avro-fuzz"
+version = "0.0.0"
+publish = false
+edition = "2018"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = "0.4"
+serde = { version = "1.0.100", features = ["derive"] }
+
+[dependencies.apache-avro]
+path = ".."
+features = ["derive"]
+
+# Prevent this from interfering with workspaces
+[workspace]
+members = ["."]

Review Comment:
   How about moving `fuzz` one folder up ? Next to `avro` and `avro_derive`. 
   This way each crate holds just its own content.
   Some of the members in the workspace won't ever be published.



##########
lang/rust/avro/fuzz/Cargo.toml:
##########
@@ -0,0 +1,32 @@
+[package]
+name = "apache-avro-fuzz"
+version = "0.0.0"
+publish = false
+edition = "2018"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = "0.4"
+serde = { version = "1.0.100", features = ["derive"] }

Review Comment:
   1.0.139



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@avro.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [avro] martin-g merged pull request #1761: AVRO-3575: Rust: add fuzz harness

Posted by GitBox <gi...@apache.org>.

martin-g merged PR #1761:
URL: https://github.com/apache/avro/pull/1761


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@avro.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [avro] evanrichter commented on a diff in pull request #1761: AVRO-3575: Rust: add fuzz harness

Posted by GitBox <gi...@apache.org>.

evanrichter commented on code in PR #1761:
URL: https://github.com/apache/avro/pull/1761#discussion_r918395005


##########
lang/rust/avro/fuzz/Cargo.toml:
##########
@@ -0,0 +1,32 @@
+[package]
+name = "apache-avro-fuzz"
+version = "0.0.0"
+publish = false
+edition = "2018"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = "0.4"
+serde = { version = "1.0.100", features = ["derive"] }

Review Comment:
   Oops, I maybe should have matched the other crates!
   
   The other crates use 1.0.137, should I version bump those, or use 1.0.137?
   
   For now, I've changed it to version = "1" because that should allow cargo to pick the right version for fuzzing and not recompile needlessly. `cargo tree` shows that v1.0.139 was chosen even without bumping the other crates from 137 to 139.



##########
lang/rust/avro/fuzz/Cargo.toml:
##########
@@ -0,0 +1,32 @@
+[package]
+name = "apache-avro-fuzz"
+version = "0.0.0"
+publish = false
+edition = "2018"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = "0.4"
+serde = { version = "1.0.100", features = ["derive"] }
+
+[dependencies.apache-avro]
+path = ".."
+features = ["derive"]
+
+# Prevent this from interfering with workspaces
+[workspace]
+members = ["."]

Review Comment:
   I have moved it up a level, but kept it separate from the workspace still. Fuzzing adds ASAN and coverage instrumentation to the intermediate objects, so sharing a target folder has no benefit for fuzzing, and would invalidate the build cache for normal build profiles.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@avro.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [avro] martin-g commented on pull request #1761: AVRO-3575: Rust: add fuzz harness

Posted by GitBox <gi...@apache.org>.

martin-g commented on PR #1761:
URL: https://github.com/apache/avro/pull/1761#issuecomment-1181434827

   Thank you for the contribution and the fixes, @evanrichter !


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@avro.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org