How to handle complex input data in fuzz tests?

[KubaTrojan]

Hello.

I am wondering how to transform (best way) a slice of bytes input from fuzzer to desirable more complex go structure which will be put into tested method.

Example:

func Fuzz(data []byte) int {
    type structA struct {
        a uint64
        b []string
        c int
        d map[string]int
    }

    fulfilledStruct := prepareStructure(data)

    funcToBeTested(fulfilledStruct)

    return 0
}

How prepareStructure() method should look like? Should I split the given data into few parts and then convert it somehow according to types of struct fields?

Are there some plans to provide structure-aware fuzzing in go-fuzz in the nearest future?

[dvyukov]

Hi @KubaTrojan,

I don't think there is "the best" way w/o proper support from the fuzzer. So whatever best-effort way you will figure out. And I guess for such complex types as map[string]int it's not trivial and won't be too good.

There are no plans to improve anything in go-fuzz. At this point it's superseded by the native fuzzing support: https://blog.golang.org/fuzz-beta I see it already supports structure-aware fuzzing in a limited form: https://github.com/golang/go/blob/dev.fuzz/src/testing/fuzz.go#L237-L256

[AdamKorcz]

go-fuzz-headers solves the issue of transforming the byte slice to structs.