On 15.07.2018 16:17, Christos Zoulas wrote: > In article <CADsJkSte43hAtZLYq4qFDfdv8Lj=F2XV-is132XJ56c8K_T+Xw%mail.gmail.com@localhost>, > tomsun.0.7 <tomsun.0.7%gmail.com@localhost> wrote: >> -=-=-=-=-=- >> >> Hello, here is the second report for the GSoC project of “Integrate >> libFuzzer with the Basesystemâ€: >> http://blog.netbsd.org/tnf/entry/gsoc_2018_reports_integrate_libfuzzer1 >> >> In this work, I mainly contributed to the fuzzing of userland programs with >> different fuzzers. If you have any suggestion or comment, please just reply >> to me either to this email or under this post! > > Very nicely done. I wonder how we would go about fuzzing nvi and other curses > based programs; perhaps we can write a wrapper that creates a pty to run them > in, and use the pty to supply fuzzed input for them. > > christos > We perform a quick experiment in ping(8) with LD_PRELOAD and attach honggfuzz there with HF_ITER() as suggested by Robert Święcicki on GitHub. https://github.com/google/honggfuzz/pull/212#issuecomment-403873794 If it will work, it will research this option for new sets of non-trivial fuzzing software, hopefully including those like nvi. Other than that libFuzzer will check nvi's regex code.
Attachment:
signature.asc
Description: OpenPGP digital signature