Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 13 Jul 2015 10:57:00 +0800
From: Kai Zhao <>
Subject: Re: more robustness

Hi Alexander,

> I'm not happy that you're making any changes to loader.c at all, but the
> changes are relatively small, so this may be acceptable.

Yes, I did not want to change the loader.c either. Before change the
loader.c, I copy those functions and change little to fuzz.c by the

Most of the loader.c are copied into fuzz.c, so I think it would be better
use the loader.c instead of copy it. So I tried to reuse the loader.c.
Fortunately, the changes are relatively small.

> OK, although this brings up the question: why were not these found by
> fuzzing earlier, prior to --fuzz option?

All the new bugs are found by the new fuzz methods: insert_chars(). This
function insert chars from -128 to 127 before each char of the hash, with
1, 10, 100, 1000, 10000 times of duplicate. This method is supported by
the follow patch.



Content of type "text/html" skipped

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ