Problem
It seems using black_box in fuzz targets does not have the desired effect, when it is used invalid memory access is not detected when running with cargo fuzz run --sanitizer=memory ....
Therefore (assuming I did not make a mistake in my test setup) I would be useful to:
- mention prominently in the documentation that
black_box should not be used for fuzz tests
- mention alternatives
Reproduction steps
Version information:
Ubuntu 24.04
Linux Kernel 6.6.87.2-microsoft-standard-WSL2
cargo 1.94.0-nightly (6d1bd93c4 2026-01-10)
cargo-fuzz 0.13.1
Steps:
mkdir fuzztest
cd fuzztest
cargo init --lib
cargo fuzz init
- Edit
fuzz/fuzz_targets/fuzz_target_1.rs:
#![no_main]
use libfuzzer_sys::fuzz_target;
fuzz_target!(|data: &[u8]| {
unsafe {
let a = std::mem::MaybeUninit::<[usize; 4]>::uninit();
let a = a.assume_init();
std::hint::black_box(a[2]);
}
});
cargo +nightly fuzz run --sanitizer=memory fuzz_target_1 -- -runs=5
❌ Bug: No memory error is detected
- Change
fuzz_target_1.rs:
let a = a.assume_init();
- std::hint::black_box(a[2]);
+ println!("{}", a[2]);
}
cargo +nightly fuzz run --sanitizer=memory fuzz_target_1 -- -runs=5
ℹ️ As expected: The memory error is detected
Notes:
- While this is a quite contrived example, I had originally noticed this when fuzzing a compression library where it made a difference as well whether I passed the result to
black_box vs println!.
- For this simple example using
cargo fuzz run ... --dev helps; for the actual compression library I am fuzzing it does not seem to help.
Problem
It seems using
black_boxin fuzz targets does not have the desired effect, when it is used invalid memory access is not detected when running withcargo fuzz run --sanitizer=memory ....Therefore (assuming I did not make a mistake in my test setup) I would be useful to:
black_boxshould not be used for fuzz testsprintln!works but probably has quite some overheadfuzz_target!does not support a return value (respectively only supportsCorpus)It might therefore be useful if libfuzzer-sys offerred some kind of "black box" function?
(have also asked on the forum for alternatives now)
Reproduction steps
Version information:
Steps:
mkdir fuzztestcd fuzztestcargo init --libcargo fuzz initfuzz/fuzz_targets/fuzz_target_1.rs:cargo +nightly fuzz run --sanitizer=memory fuzz_target_1 -- -runs=5❌ Bug: No memory error is detected
fuzz_target_1.rs:cargo +nightly fuzz run --sanitizer=memory fuzz_target_1 -- -runs=5ℹ️ As expected: The memory error is detected
Notes:
black_boxvsprintln!.cargo fuzz run ... --devhelps; for the actual compression library I am fuzzing it does not seem to help.