I want to know how to analyze the result of "cargo-fuzz"

I am doing run cargo-fuzz, to find memory related bugs in existing crates. Among the crates running cargo-fuzz, some of them are exited with deadly signal. However I don't know whether these signals came from memory related bug. is there anyone know that how to analyze result of cargo-fuzz?

this is my result.

In this case the failure is simply a panic. “deadly signal” is how libFuzzer describes the process intentionally aborting, among other possible situations; it doesn't know anything specific to Rust.

You should ignore that part and concentrate on the panic information — the line thread '<unnamed>' panicked at ... and the line after it. Also look at the stack trace lines to see where the panic occurred.

In this particular case, the panic “a Display implementation returned an error unexpectedly” means that some type's Display::fmt() implementation returned an error even though no IO error occurred. This is an incorrect usage of the error return:

Additionally, the return value of this function is fmt::Result which is a type alias of Result<(), std::fmt::Error>. Formatting implementations should ensure that they propagate errors from the Formatter (e.g., when calling write!). However, they should never return errors spuriously. That is, a formatting implementation must and may only return an error if the passed-in Formatter returns an error. This is because, contrary to what the function signature might suggest, string formatting is an infallible operation. This function only returns a result because writing to the underlying stream might fail and it must provide a way to propagate the fact that an error has occurred back up the stack.

The implementation should be modified so that it never returns an error on its own initiative.

Unfortunately, the stack trace doesn't tell us what type that was, but it must be something that rust_fuzzer_test_input() called to_string() or similar on.

By the way, in future posts please post a text code block, not a screenshot — screenshots are harder to read under various conditions, and also don't let us copy text from them which is useful for searches and for quoting the text in discussion.


This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.