curl / Mailing Lists / curl-library / Single Mail

Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

extending the fuzzers

From: Paul Dreik via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 17 Sep 2019 13:24:57 +0200

Hi!
I have played around with the curl-fuzzers running in oss-fuzz. I am
impressed by how the existing fuzzers manage to emulate network traffic
and get such an extensive coverage!

I am doing some experiments with fuzzing the internals of curl, and so
far have found
* doh buffer overwrite
* doh resource leak
* undefined behaviour in doh parsing
all of which have been fixed already (thanks Daniel!)
There is more in the pipe, but not yet fit for public discussion.

I am running the existing fuzzers, to look for under exposed parts of
curl. It is however quite slow to get the coverage up, so I wonder if I
could get a speed boost by receiving a copy of the fuzz corpus from
oss-fuzz?
I have spent something like 20 cpu days so far, and still finding new
paths. I assume the oss fuzz corpus must have had several cpu years by now.

This would help me focus my contributions to where it matters.

Thanks,
Paul
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-09-17

This message: [ Message body ]
Next message: Daniel Stenberg via curl-library: "Re: extending the fuzzers"
Previous message: Daniel Stenberg via curl-library: "Re: Curl coredump after re-use connection"
Next in thread: Daniel Stenberg via curl-library: "Re: extending the fuzzers"
Reply: Daniel Stenberg via curl-library: "Re: extending the fuzzers"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]