Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 7 Nov 2014 11:59:06 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Re: Re: Fuzzing objdump (PR 17512) and readelf (PR
 17531)

Am Fri, 07 Nov 2014 13:08:09 +0300
schrieb Yury Gribov <y.gribov@...sung.com>:

> This looks rather impressive.  Have you considered automatically 
> detecting duplicates by e.g. analyzing stacktraces?

american-fuzzy-lop kind of does that. It creates a hash among the code
path and groups fuzzing samples by that. That's quite convenient.

I am currently playing a lot with this. afl is in a somewhat
experimental state and you'll run into more problems trying to get it
running, but if it runs it is much more convenient than zzuf.
Disadvantage is you need to recompile stuff to work with it and that
sometimes fails, esp. when assembler is involved.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.