Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 7 Nov 2014 08:54:21 -0800
From: Michal Zalewski <>
To: oss-security <>
Subject: Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531)

> I am currently playing a lot with this. afl is in a somewhat
> experimental state and you'll run into more problems trying to get it
> running, but if it runs it is much more convenient than zzuf.

The current versions should be pretty stable, but if you bump into any
problems, please just poke me!=)

Afl is kind of cool for tools like binutils or fileutils because it
can synthesize many formats or format variations on its own, e.g.:

But yeah, there's plenty of low-hanging fruit in libbfd right now, so
non-instrumented fuzzing will get you pretty damn far, too.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.