Since one week, I did lot of fuzzing on our internal network stack and that
allows me to find couple af nasty bugs (infinite loop with memory leak,
index out of range error and some corrupt data with bad use of slice).
So first of all, I want to thank you for this great golang variant of AFL.
I put more and more stuff to test into func Fuzz(data []byte) for
increasing my fuzing scope on this network stack.
My fuzz test does lot modifications or append on the byte array that is
passed with func Fuzz(data []byte)
I notice that :
- If I don't copy the data []byte, I have high rate (~1/500) but without
crasher
- If I copy* the data []byte, I have expected rate (~1/10000)
* : the copy is done like this :
func Fuzz(roData [] data) int {
rwData := make([]data, len(roData))
copy(rwData, roData)
...
}
Should I consider this original data as read only data or this behavior
could hidden another nasty bug?
Thx in adv
Regard
Jérôme
Le vendredi 7 août 2015 10:43:32 UTC+2, Dmitry Vyukov a écrit :
On Thursday, August 6, 2015 at 10:40:09 PM UTC+2, Damian Gryski wrote:
CloudFlare just had a great blog post on their work fuzzing
https://github.com/miekg/dns :
https://blog.cloudflare.com/dns-parser-meet-go-fuzzer/
In addition, bugs have been fuzzed in InfluxDB, CockroachDB, Caddy,
Apcera's gnatsd, and Google's Open Location Code. The full list of
trophies in https://github.com/dvyukov/go-fuzz/blob/master/README.md
keeps growing.
If you need some help getting started, please ask either here, IRC,
Gopher Slack, or Twitter under #golangfuzz , #golang, or even to me
directly at @dgryski.
Hi!On Monday, July 27, 2015 at 3:58:04 PM UTC+2, Damian Gryski wrote:
By now hopefully everybody has heard about Dmitry Vyukov's go-fuzz:
https://github.com/dvyukov/go-fuzz
Some successes:By now hopefully everybody has heard about Dmitry Vyukov's go-fuzz:
https://github.com/dvyukov/go-fuzz
CloudFlare just had a great blog post on their work fuzzing
https://github.com/miekg/dns :
https://blog.cloudflare.com/dns-parser-meet-go-fuzzer/
In addition, bugs have been fuzzed in InfluxDB, CockroachDB, Caddy,
Apcera's gnatsd, and Google's Open Location Code. The full list of
trophies in https://github.com/dvyukov/go-fuzz/blob/master/README.md
keeps growing.
If you need some help getting started, please ask either here, IRC,
Gopher Slack, or Twitter under #golangfuzz , #golang, or even to me
directly at @dgryski.
Great effort!
I am also ready to help. In particular if you have any issues with go-fuzz
itself, or with corpus collection or writing of the Fuzz function.
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
