Atheris

3.0.0 verified Fri May 01 auth: no python

A coverage-guided fuzzer for Python and Python extensions, developed by Google. It integrates with libFuzzer and supports fuzzing Python code and native extensions. Version 3.0.0; released active, follow-on of stable API.

pip install atheris

Common errors

error ModuleNotFoundError: No module named 'atheris' ↓

cause atheris is not installed or not available for the current platform.

fix

Install with pip install atheris. On Linux, install clang and libfuzzer-dev. On macOS, it works. On Windows, use WSL.

error ImportError: cannot import name 'FuzzedDataProvider' from 'atheris' ↓

cause Version <3.0.0: FuzzedDataProvider was not available. Or using wrong import path.

fix

Upgrade atheris: pip install --upgrade atheris, and use from atheris import FuzzedDataProvider.

error TypeError: TestOneInput() takes 2 positional arguments but 3 were given ↓

cause User defined TestOneInput with two parameters (data, size) but atheris v3 expects one parameter.

fix

Change function signature to TestOneInput(data). Use FuzzedDataProvider to extract size if needed.

error RuntimeError: Atheris requires libFuzzer, but it is not available ↓

cause libFuzzer not found at runtime, typically because compiler not configured with -fsanitize=fuzzer.

fix

Build/install atheris with the correct sanitizer flags. For pip, ensure clang is installed and libfuzzer-dev is present.

Warnings

deprecated atheris.Mutate is deprecated in v3. Use FuzzedDataProvider for structured mutation. ↓

fix Replace any usage of atheris.Mutate with FuzzedDataProvider methods (e.g., ConsumeInt, ConsumeString, etc.).

breaking In v3, the way FuzzedDataProvider is initialized changed. old: atheris.FuzzedDataProvider(data, to_use_bytes) no longer valid. ↓

fix Instantiate as FuzzedDataProvider(data) and use its methods.

gotcha atheris requires a recent C++ compiler and libFuzzer support. It may not install on Windows or older Linux. Use manylinux wheels or compile from source. ↓

fix On Linux, ensure clang and libfuzzer-dev are installed. For Windows, use WSL.

gotcha Corpus directory: if not specified, atheris uses default; but crashes saved to current directory. Ensure write permissions. ↓

fix Pass a corpus directory to Setup: atheris.Setup(sys.argv, TestOneInput, corpus_prefix='corpus/')

breaking In v2, the TestOneInput function signature was different: it took two arguments (data and size). v3 expects one argument (bytes). ↓

fix Define TestOneInput(data) with a single parameter.

Imports

atheris
```
import atheris
```
Setup
```
from atheris import Setup
```
FuzzedDataProvider
```
from atheris import FuzzedDataProvider
```
Mutate
```
from atheris import Mutate
```
Deprecated in v3; use FuzzedDataProvider instead

Quickstart

Basic fuzzer with FuzzedDataProvider.

import atheris
import sys

def TestOneInput(data):
    fdp = atheris.FuzzedDataProvider(data)
    if len(data) >= 2 and data[0] == ord('b') and data[1] == ord('u'):
        raise RuntimeError('Bug!')

atheris.Setup(sys.argv, TestOneInput)
atheris.Fuzz()