ouspg · mikkoyli · Aug 10, 2016 · Aug 18, 2016 · Aug 25, 2016 · Aug 25, 2016
diff --git a/stubs/rust/Dockerfile b/stubs/rust/Dockerfile
@@ -0,0 +1,37 @@
+FROM ouspg/libfuzzer-base
+
+# Enviroment variables used by the fuzzer
+
+ENV TARGET "rust"
+
+#Install dependencies and fetch the source.
+RUN apt-get update && \
+    apt-get upgrade -y && \
+    apt-get install curl sudo -y && \
+    apt-get autoremove -y && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+# Add key for clang-3.9 sources
+RUN curl -f -L http://apt.llvm.org/llvm-snapshot.gpg.key|sudo apt-key add -
+
+# Add sources for Clang-3.9
+RUN echo "deb http://apt.llvm.org/xenial/ llvm-toolchain-xenial-3.9 main" >> /etc/apt/sources.list
+RUN echo "deb-src http://apt.llvm.org/xenial/ llvm-toolchain-xenial-3.9 main" >> /etc/apt/sources.list
+
+#Install dependencies and fetch the source.
+RUN apt-get update && \
+    apt-get install clang-3.9 -y && \
+    apt-get autoremove -y && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+# Install Rust nightly build
+RUN curl -f -L https://static.rust-lang.org/rustup.sh -O && sh rustup.sh --channel=nightly
+
+ADD rust-fuzzer.rs /src/rust/
+RUN mkdir -p /work/rust/
+
+#Build
+ADD build.sh /src/scripts/
+RUN bash /src/scripts/build.sh
diff --git a/stubs/rust/README.md b/stubs/rust/README.md
@@ -0,0 +1,27 @@
+# rust
+
+# Purpose
+
+Rust is a systems programming language that is fast, prevents segfaults, and guarantees thread safety.
+
+What is included?
+
+* [`rust-fuzzer.cc`](rust-fuzzer.cc)-stub to act as the interface between the `libfuzzer` and the test target
+* [`build.sh`](build.sh)-script to build the library, and the stub and to link them with the fuzzer
+* [`Dockerfile`](Dockerfile) to automate build of Docker image
+
+# Building
+
+## Building container
+
+```console
+docker-compose build rust
+```
+
+# Running
+
+## Starting the container
+
+```console
+docker-compose run rust
+```
diff --git a/stubs/rust/build.sh b/stubs/rust/build.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+export CXXFLAGS="-fsanitize=address -fsanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp"
+export CXX="clang++"
+export CFLAGS="-fsanitize=address -fsanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp"
+export CC="clang"
+export LDFLAGS="-fsanitize=address -fsanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp"
+
+set -ex
+
+cd /src/rust
+rustc rust-fuzzer.rs --emit=llvm-bc --crate-type=lib
+clang-3.9 $CFLAGS -dynamic-linker -std=c++11 \
+    -Iinclude -L.libs \
+    /usr/local/lib/rustlib/x86_64-unknown-linux-gnu/lib/libstd-411f48d3.so \
+    rust-fuzzer.bc -lFuzzer -o rust-fuzzer -lpthread -lm -lstdc++
diff --git a/stubs/rust/rust-fuzzer.rs b/stubs/rust/rust-fuzzer.rs
@@ -0,0 +1,28 @@
+#![feature(libc)]
+#[crate_type = "lib"]
+#[no_std]
+#[allow(ctypes)]
+
+extern crate libc;
+
+use std::io::{self, Read};
+
+#[no_mangle]
+pub extern fn LLVMFuzzerTestOneInput(data: *const std::ffi::CString, size: libc::size_t) {
+let mut input = String::new();
+    println!("starting!");
+    if input.starts_with("a") {
+        println!("a");
+        if input.starts_with("ab") {
+            println!("ab");
+            if input.starts_with("abc") {
+                println!("abc");
+                unsafe {
+                    let x: *mut usize = 0 as *mut usize;
+                    *x = 0xBEEF;
+                }
+            }
+        }
+    }
+
+}