This is the mail archive of the
mailing list for the binutils project.
Re: [oss-security] Re: Fuzzing objdump (PR 17512) and readelf (PR 17531)
- From: Robert ÅwiÄcki <robert at swiecki dot net>
- To: oss-security at lists dot openwall dot com
- Cc: Alexander Cherepanov <cherepan at mccme dot ru>, binutils at sourceware dot org
- Date: Fri, 7 Nov 2014 16:58:44 +0100
- Subject: Re: [oss-security] Re: Fuzzing objdump (PR 17512) and readelf (PR 17531)
- Authentication-results: sourceware.org; auth=none
- References: <545C4DEF dot 5030600 at mccme dot ru> <545C9A09 dot 7030007 at samsung dot com>
2014-11-07 11:08 GMT+01:00 Yury Gribov <email@example.com>:
> On 11/07/2014 07:43 AM, Alexander Cherepanov wrote:
>> Longer version: I started with the most simple approach I could get
>> results with and improved it only a little bit so far. There was just no
>> need for improvements -- until recently I was getting more crashes than
>> I can analyze (i.e. run through valgrind:-).
> This looks rather impressive. Have you considered automatically detecting
> duplicates by e.g. analyzing stacktraces?
Feel free to take a look at honggfuzz - https://code.google.com/p/honggfuzz/
It provides a crude version of unification on the basis of offending
program counter (as well as simple disassembly of the offending
instruction). It also disables address randomization to get repeatable
crashes. Example output (from testing strings-multiarch):
honggfuzz -f in/ -r 0.1 -q -- /usr/bin/strings ___FILE___