Introduce the cargo-fuzz setup that found the chunker crash

featherbread · featherbread · commit 98d9149043b1 · 2025-02-23T12:33:09.000-08:00
This is only lightly edited from the setup that discovered the bug I
fixed in xt v0.19.4. All I did was specify the libfuzzer-sys version
more explicitly, sort the formats alphabetically, and rename the target
from fuzz_target_1 to something better.

I'm also going to set up a fuzz target specific to reader inputs.
diff --git a/fuzz/.gitignore b/fuzz/.gitignore
@@ -0,0 +1,4 @@
+target
+corpus
+artifacts
+coverage
diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock
diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
@@ -0,0 +1,21 @@
+[package]
+name = "xt-fuzz"
+version = "0.0.0"
+publish = false
+edition = "2021"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = "0.4.9"
+
+[dependencies.xt]
+path = ".."
+
+[[bin]]
+name = "slice_detected_all_formats"
+path = "fuzz_targets/slice_detected_all_formats.rs"
+test = false
+doc = false
+bench = false
diff --git a/fuzz/fuzz_targets/slice_detected_all_formats.rs b/fuzz/fuzz_targets/slice_detected_all_formats.rs
@@ -0,0 +1,14 @@
+#![no_main]
+
+use std::io;
+
+use libfuzzer_sys::fuzz_target;
+
+use xt::Format;
+
+fuzz_target!(|data: &[u8]| {
+	let _ = xt::translate_slice(data, None, Format::Json, io::sink());
+	let _ = xt::translate_slice(data, None, Format::Msgpack, io::sink());
+	let _ = xt::translate_slice(data, None, Format::Toml, io::sink());
+	let _ = xt::translate_slice(data, None, Format::Yaml, io::sink());
+});

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +target
 +corpus
 +artifacts
 +coverage