tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Integrating libFuzzer Report #2



On 15.07.2018 16:17, Christos Zoulas wrote:
> In article <CADsJkSte43hAtZLYq4qFDfdv8Lj=F2XV-is132XJ56c8K_T+Xw%mail.gmail.com@localhost>,
> tomsun.0.7 <tomsun.0.7%gmail.com@localhost> wrote:
>> -=-=-=-=-=-
>>
>> Hello, here is the second report for the GSoC project of “Integrate
>> libFuzzer with the Basesystem”:
>> http://blog.netbsd.org/tnf/entry/gsoc_2018_reports_integrate_libfuzzer1
>>
>> In this work, I mainly contributed to the fuzzing of userland programs with
>> different fuzzers. If you have any suggestion or comment, please just reply
>> to me either to this email or under this post!
> 
> Very nicely done. I wonder how we would go about fuzzing nvi and other curses
> based programs; perhaps we can write a wrapper that creates a pty to run them
> in, and use the pty to supply fuzzed input for them.
> 
> christos
> 

We perform a quick experiment in ping(8) with LD_PRELOAD and attach
honggfuzz there with HF_ITER() as suggested by Robert Święcicki on GitHub.

https://github.com/google/honggfuzz/pull/212#issuecomment-403873794

If it will work, it will research this option for new sets of
non-trivial fuzzing software, hopefully including those like nvi.

Other than that libFuzzer will check nvi's regex code.

Attachment: signature.asc
Description: OpenPGP digital signature



Home | Main Index | Thread Index | Old Index