Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 17 Nov 2014 04:29:27 +0300
From: Alexander Cherepanov <>
Subject: Re: Re: Fuzzing objdump (PR 17512) and readelf (PR

On 2014-11-07 18:58, Robert Święcki wrote:
> 2014-11-07 11:08 GMT+01:00 Yury Gribov <>:
>> On 11/07/2014 07:43 AM, Alexander Cherepanov wrote:
>>> Longer version: I started with the most simple approach I could get
>>> results with and improved it only a little bit so far. There was just no
>>> need for improvements -- until recently I was getting more crashes than
>>> I can analyze (i.e. run through valgrind:-).
>> This looks rather impressive.  Have you considered automatically detecting
>> duplicates by e.g. analyzing stacktraces?
> Feel free to take a look at honggfuzz -
> It provides a crude version of unification on the basis of offending
> program counter (as well as simple disassembly of the offending
> instruction).

Is it really interesting? For objdump many crashes are in quite generic 
functions like bfd_getl16 and PC will not differentiate between them. 
Using full stacktrace is probably too much but using only PC seems to be 
too coarse.

> It also disables address randomization to get repeatable
> crashes. Example output (from testing strings-multiarch):

BTW is there a publicly available corpus of binaries from various 

> Usage:
> honggfuzz -f in/ -r 0.1 -q -- /usr/bin/strings ___FILE___

Alexander Cherepanov

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.