TheShiftedBit
commented
2 years ago It looks like Micropython doesn't use CPython's C interface for native extensions, so no, Atheris would be unable to work with it. The only way to make it work would be to rewrite all of Atheris' native calls to use the micropython api rather than the cpython api or pybind11. If your goal is to fuzz Micropython itself, your best bet would be to write a much simpler extension that directly called the micropython modules you are interested in. If your goal is to fuzz Python code written for micropython, I would instead recommend mocking out the Micropython-specific APIs and then fuzzing the code on normal CPython.
I have the following open question: If I would compile micropython for Ubuntu (the port/unix) using clang with -fsanitizer passed in CFLAGS and LDFLAGS (linked with libFuzzer). would it be possible to use Atheris to test the API of modules compiled into this micropython for Ubuntu? If so, what would be the approach to have a small POC.
Thanks
PS I'm not very knowledgeable on micropython but from blogs it is said to have CPython 3.4's features. There's a sys.settrace(), but I don't know whether there's the opcode tracing like in CPython 3.8.