CrabSandwich: Fuzzing Rust with Rust (Registered Report)

The Rust programming language is one of the fastest-growing programming languages, thanks to its unique blend of high performance execution and memory safety. Still, programs implemented in Rust can contain critical bugs. Apart from logic bugs and crashes, code in unsafe blocks can still trigger memory corruptions. To find these, the community uses traditional fuzzers like LibFuzzer or AFL++, in combination with Rust-specific macros. Of course, the fuzzers themselves are still written in memory-unsafe languages. In this paper, we explore the possibility of replacing the input generators with Rust, while staying compatible to existing harnesses. Based on the Rust fuzzer library LibAFL, we develop CrabSandwich, a drop-in replacement for the C++ component of cargo-fuzz. We evaluate our tool, written in Rust, against the original fuzzer LibFuzzer. We show that we are not only able to successfully fuzz all three targets we tested with CrabSandwich, but outperform cargofuzz in bug coverage. During our preliminary evaluation, we already manage to uncover new bugs in the pdf crate that could not be found by cargo-fuzz, proving the real-world applicability of our approach, and giving us high hopes for the planned follow-up evaluations.