This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: is there a fuzzer for libc?


On Mon, Jun 02, 2014 at 11:17:29PM +0400, Konstantin Serebryany wrote:
> Hi,
> 
> Did anyone ever wrote a fuzzer for libc (generator of random inputs
> for libc functions)?
> We have an AddressSanitizer-instrumented build of glibc, it would be
> interesting to give it some stress.

I actually saw a test report from some group that ran their fuzzer
against glibc (I don't have the link right off) but most of the output
was noise. Fuzzing C functions is difficult in principle because,
unless the function takes no pointer arguments, the vast majority of
possible inputs will invoke undefined behavior and there is
fundamentally no way for the function to defend against this. So to do
meaningful fuzzing, you need to exclude all such inputs (except
possibly a set that ignorant programmers are likely to pass, and that
you want to catch for hardening purposes) and generate calls that
actually satisfy the interface contract of the function in nontrivial
ways. For instance to fuzz printf- and scanf-family functions you need
a valid format string and arguments of the right types, to fuzz glob
you need an initially-valid glob structure, to fuzz wcsnrtombs you
need appropriate buffers and correct length data for them, to fuzz
getaddrinfo you need a valid hints structure, etc.

This would actually be a really great project -- and I hope anybody
doing it would make it general enough that we could use it on musl in
addition to glibc, and maybe other libcs too, even on other platforms.
If anybody is sufficiently qualified (or motivated to learn) and
willing to work on this, I'm happy to help guide/mentor/review.

Rich


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]