Finding bugs with fuzzing

This is the final article in a series of four about fuzzing in Go:


  • Random testing in Go
  • Fuzz tests in Go
  • Writing a Go fuzz target
  • Finding bugs with fuzzing

In the earlier parts of this series, we introduced the idea of fuzz testing, showed how it works in Go, and wrote a simple fuzz test aimed at detecting bugs in a function named FirstRune (see Part 3 for details). Here it is:

http://surl.li/iwrov

http://surl.li/iwrpa

http://surl.li/iwrph

https://rb.gy/uc6v1

https://bit.ly/3PNiOD3

https://bit.ly/3JMPRn4

https://bit.ly/3rif8iA



func FuzzFirstRune(f *testing.F) {

    f.Add("Hello")

    f.Add("world")

    f.Fuzz(func(t *testing.T, s string) {

        got := runes.FirstRune(s)

        want, _ := utf8.DecodeRuneInString(s)

        if want == utf8.RuneError {

            t.Skip() // don't bother testing invalid runes

        }

        if want != got {

            t.Errorf("given %q (0x%[1]x): want '%c' (0x%[2]x)",

                s, want)

            t.Errorf("got '%c' (0x%[1]x)", got)

        }

    })

}


https://lookerstudio.google.com/reporting/ce66ca8a-e883-4691-89eb-9a7c33363b6c/

https://lookerstudio.google.com/reporting/108ca284-0ca0-4bbc-88f4-6a7f35df534b

https://lookerstudio.google.com/reporting/4ac73e3e-1b57-41f8-add0-36f0b2568cbc

https://lookerstudio.google.com/reporting/66eddd49-ffad-4db8-8a34-da7d2c55ecc1/

https://lookerstudio.google.com/reporting/33250894-8727-4948-9f3e-2bb11ff68ec5

As usual when developing a program guided by tests, we wrote a cheerfully rubbish implementation of FirstRune that does basically nothing, just to validate that our test is useful:


func FirstRune(s string) rune {

    return 0

}

https://lookerstudio.google.com/reporting/24f5ad6d-eeaa-45e6-8373-8bf92d7ad64a/

https://lookerstudio.google.com/reporting/73c46cc4-11f1-42ff-a011-1586a554cc2d/


If the test didn’t fail with this function, we might start to worry a bit about whether it would detect any bugs. But it does indeed report, reassuringly:


go test -fuzz .


fuzz: elapsed: 0s, gathering baseline coverage: 0/2 completed

failure while testing seed corpus entry: FuzzFirstRune/seed#1

fuzz: elapsed: 0s, gathering baseline coverage: 0/2 completed

--- FAIL: FuzzFirstRune (0.02s)

    --- FAIL: FuzzFirstRune (0.00s)

        runes_test.go:22: given "world" (0x776f726c64): want 'w'

        (0x77)

        runes_test.go:24: got '' (0x0)



In other words, asking for the first rune in the string "world" gives us the rune value 0, which is incorrect: it should be 'w'. Result, happiness.


Now that we’ve validated our bug detector, we can go ahead and write a slightly more plausible version of FirstRune (though, as we’ll see, there is still a problem lurking):


func FirstRune(s string) rune {

    return rune(s[0])

}

Popular posts from this blog

How to Turn on the Keyboard Light on an HP Laptop

This article explains how to turn on the keyboard backlighting on an HP laptop. It may vary slightly for some, particularly older models, but most HP laptops use the same method and have the key in the same place. https://treesize.renderforestsites.com/ https://sfcscannow.renderforestsites.com/ How to Turn on Keyboard Backlighting on HP Laptops HP has made the process of turning on keyboard backlighting extremely easy. Most modern HP laptops only require that you press a single key to toggle the keyboard lighting on and off. Turn your HP laptop on using its power button. Locate the keyboard backlighting key on your keyboard. It will be located in the row of Function F keys along the top of the keyboard and looks like three squares with three lines flashing out from the left-hand square. Press it. The keyboard lighting should then turn on. You can toggle it off again by pressing the same key. https://wiztree.renderforestsites.com/ Using the Luminance Keys You can adjust the brightness o...
Read more

Cool Things You Can Do With Bing Chat AI

 Cool Things You Can Do With Bing Chat AI The AI chatbot space is starting to heat up. Microsoft has its version of ChatGPT — called the "new Bing" or "Bing Chat AI". Table of Contents Create Comparison Tables Draw Text Art Date and Time Conversions Turn Web Pages Into Quizzes Get Up to Speed on Current Events Create Comparison Tables One advantage of Bing Chat AI is that it can search the web for the most recent information. The great thing is that it can process the information and deliver it to you in many formats - comparison tables included. The easiest way to do this is to ask it to "build a table comparing the specifications of the Surface Laptop 4 and the M2 MacBook Air." Whichever prompt you go with, Bing will go ahead and look for the most important specifications and put them in a readable table. Draw Text Art Drawing text art is also known as ASCII and depends on command-line tools, text characters, a...
Read more

How to Install the Google Play Store on an Amazon Fire Tablet

 Amazon Fire Tablets restrict you to the Amazon Appstore, but they run Fire OS, a custom version of Android. That means you can install Google’s Play Store to gain access to millions of Android apps and games, including Google apps like Gmail, Chrome, Google Maps, and more. https://www.linkedin.com/pulse/ijstartcanon-setup-canon-printer-download-install-web-instant-1f/ https://www.linkedin.com/pulse/123hpcomsetup-install-hp-printer-setup-connect-web-instant/ https://www.linkedin.com/pulse/disneypluscombegin-activate-disneyplus-common-faqs-disney-web-instant/ https://www.linkedin.com/pulse/amazoncommytv-web-instant/ https://www.linkedin.com/pulse/mcafeecomactivate-web-instant/ The best part of installing the Play Store on your Fire Tablet is that it doesn’t require any in-depth “hacking” like rooting or running scripts from a PC. It’s just a matter of downloading and installing a few APK files from the tablet itself, and you’ll be up and running with the Play Store just like your re...
Read more

The 10 Best Road Trip Planner Apps for 2023

 Planning a road trip can be fun but also stressful. Road trip planner apps can take some of that stress away by helping you plan, organize, and manage your travel before and during your trip. Forget about stashing bulky maps in your glove compartment, trying to decide where to stop, or just winging it. Instead, download these apps to give you peace of mind so that you can spend more time enjoying your trip. 1. Automate Your Trip Planning and Organization: Google Travel https://sfc-scannow.github.io/ You can count on Google to make your trip planning a breeze. Pre-constructed day plans are available for hundreds of the world's most popular destinations, which you can customize to your liking. It's one of the most versatile travel planner apps out there, giving you one convenient place to see your hotel, rental car, and restaurant bookings. Visit Google Travel  2. Find and Book a Last-Minute Place to Stay: Hotels.com https://www.linkedin.com/pulse/sfc-scannow-how-run-sfcscannow...
Read more