Finding bugs with fuzzing

This is the final article in a series of four about fuzzing in Go:


  • Random testing in Go
  • Fuzz tests in Go
  • Writing a Go fuzz target
  • Finding bugs with fuzzing

In the earlier parts of this series, we introduced the idea of fuzz testing, showed how it works in Go, and wrote a simple fuzz test aimed at detecting bugs in a function named FirstRune (see Part 3 for details). Here it is:

http://surl.li/iwrov

http://surl.li/iwrpa

http://surl.li/iwrph

https://rb.gy/uc6v1

https://bit.ly/3PNiOD3

https://bit.ly/3JMPRn4

https://bit.ly/3rif8iA



func FuzzFirstRune(f *testing.F) {

    f.Add("Hello")

    f.Add("world")

    f.Fuzz(func(t *testing.T, s string) {

        got := runes.FirstRune(s)

        want, _ := utf8.DecodeRuneInString(s)

        if want == utf8.RuneError {

            t.Skip() // don't bother testing invalid runes

        }

        if want != got {

            t.Errorf("given %q (0x%[1]x): want '%c' (0x%[2]x)",

                s, want)

            t.Errorf("got '%c' (0x%[1]x)", got)

        }

    })

}


https://lookerstudio.google.com/reporting/ce66ca8a-e883-4691-89eb-9a7c33363b6c/

https://lookerstudio.google.com/reporting/108ca284-0ca0-4bbc-88f4-6a7f35df534b

https://lookerstudio.google.com/reporting/4ac73e3e-1b57-41f8-add0-36f0b2568cbc

https://lookerstudio.google.com/reporting/66eddd49-ffad-4db8-8a34-da7d2c55ecc1/

https://lookerstudio.google.com/reporting/33250894-8727-4948-9f3e-2bb11ff68ec5

As usual when developing a program guided by tests, we wrote a cheerfully rubbish implementation of FirstRune that does basically nothing, just to validate that our test is useful:


func FirstRune(s string) rune {

    return 0

}

https://lookerstudio.google.com/reporting/24f5ad6d-eeaa-45e6-8373-8bf92d7ad64a/

https://lookerstudio.google.com/reporting/73c46cc4-11f1-42ff-a011-1586a554cc2d/


If the test didn’t fail with this function, we might start to worry a bit about whether it would detect any bugs. But it does indeed report, reassuringly:


go test -fuzz .


fuzz: elapsed: 0s, gathering baseline coverage: 0/2 completed

failure while testing seed corpus entry: FuzzFirstRune/seed#1

fuzz: elapsed: 0s, gathering baseline coverage: 0/2 completed

--- FAIL: FuzzFirstRune (0.02s)

    --- FAIL: FuzzFirstRune (0.00s)

        runes_test.go:22: given "world" (0x776f726c64): want 'w'

        (0x77)

        runes_test.go:24: got '' (0x0)



In other words, asking for the first rune in the string "world" gives us the rune value 0, which is incorrect: it should be 'w'. Result, happiness.


Now that we’ve validated our bug detector, we can go ahead and write a slightly more plausible version of FirstRune (though, as we’ll see, there is still a problem lurking):


func FirstRune(s string) rune {

    return rune(s[0])

}

Popular posts from this blog

Why Do 4K Cameras Need Special SD Cards

 Why Do 4K Cameras Need Special SD Cards? https://hardware2talk.com/one-cloud-two-nets-chint-intelligent-power-in-hannover/ https://forum.iabi.or.id/discussion/205/what-are-wild-card-city-casino https://www.tdedchangair.com/webboard/viewtopic.php?t=1345 http://www.love66.me/viewthread.php?tid=1113& Most new cameras are capable of shooting 4K video. But your camera may refuse to record 4K video to some SD cards—fortunately, this is normal behavior. But why do 4K cameras require special SD cards? And which SD cards should you buy for your 4K camera? https://www.wolala.love/thread-11396-1-1.html https://forum.trapeza.ru/viewtopic.php?t=30486 http://mail.bricomania.com/foro/2-informatica/35451-ya-elegi http://mystrotain.free.fr/forum/showthread.php?tid=51344 High-Resolution Video Takes Up a Ton of Data http://dalzone.ru/threads/ivent-treasure-trove-the-hunt-for-philosophy.266/ http://eldoradofus.free.fr/forum/viewtopic.php?pid=12777 https://forum.resmihat.kz/viewtopic.php?t=596673 ...
Read more

Canon IJ Printer Setup Guide for MAC

 Canon IJ Printer Setup Guide for MAC The steps for Canon printer setup for Mac using wireless connection are given below: Turn on your printer, Mac and Wifi router. Then, go to https://ij.start.canon  on your mac to download the driver Follow the instructions appearing on the screen. Then, open ‘Apple’ menu on your Mac and choose System and Preference>Printer and Scanner From the next prompt screen click on the + sign and select your canon printer from the list of shown printers. Click on the ‘Add’ button and your canon printer setup for mac is done.  http://mystrotain.free.fr/forum/showthread.php?tid=67979 https://worldbattlingent.com/showthread.php?tid=7390 https://www.tedpublications.com/forum/showthread.php?tid=139829 https://ordemdospsicologos.org/forum/showthread.php?tid=1363 https://www.gamingfraternity.com/showthread.php?tid=10043 https://expectingtheunexpected.com/showthread.php?tid=1622 https://www.forum.interstate420productions.com/viewtopic.php?t=13164 htt...
Read more

TreeSize

The Powerful Graphical Manager For Your Storage Systems Analyze Data On Any Storage System Visualize The Usage of Storage Capacities Organize And Clean Up Storage Systems Efficiently https://tree-size.github.io/ https://treesize.tumblr.com/ What is TreeSize? https://treesize.renderforestsites.com/ https://treesizee.wordpress.com/ https://lookerstudio.google.com/reporting/862c378a-5bee-4a68-b9e3-b3a9da38eba5/ With TreeSize, you can analyze your most important storage systems and directly manage and clean up your files. You can evaluate space usage with statistics and charts, create reports or search for old or duplicate files based on specific criteria – manually, or automatically according to a schedule.TreeSize can move, archive, delete, but also bulk rename files across systems and much more. Organizing and cleaning up has never been easier.Benefit from our experience as market leader – TreeSize has been cleaning up hard drives since 1997! https://www.linkedin.com/pulse/what-treesize...
Read more

Cool Things You Can Do With Bing Chat AI

 Cool Things You Can Do With Bing Chat AI The AI chatbot space is starting to heat up. Microsoft has its version of ChatGPT — called the "new Bing" or "Bing Chat AI". Table of Contents Create Comparison Tables Draw Text Art Date and Time Conversions Turn Web Pages Into Quizzes Get Up to Speed on Current Events Create Comparison Tables One advantage of Bing Chat AI is that it can search the web for the most recent information. The great thing is that it can process the information and deliver it to you in many formats - comparison tables included. The easiest way to do this is to ask it to "build a table comparing the specifications of the Surface Laptop 4 and the M2 MacBook Air." Whichever prompt you go with, Bing will go ahead and look for the most important specifications and put them in a readable table. Draw Text Art Drawing text art is also known as ASCII and depends on command-line tools, text characters, a...
Read more