Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: extending the fuzzers

From: Daniel Stenberg via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 17 Sep 2019 16:03:27 +0200 (CEST)

On Tue, 17 Sep 2019, Paul Dreik via curl-library wrote:

> There is more in the pipe, but not yet fit for public discussion.

I'm grateful for your help and contributions (both past and future). Stuff
like this strengthen curl a lot! Thanks!

> I am running the existing fuzzers, to look for under exposed parts of curl.
> It is however quite slow to get the coverage up, so I wonder if I could get
> a speed boost by receiving a copy of the fuzz corpus from oss-fuzz?

Apparently that's not publicly available. There's however the corpus data in
the curl-fuzzer repo, which is at least something:
https://github.com/curl/curl-fuzzer/tree/master/corpora

> I have spent something like 20 cpu days so far, and still finding new paths.
> I assume the oss fuzz corpus must have had several cpu years by now.

Several yes. OSS-fuzz has been hammering on curl code for years by now. To the
level that we really need to start adding new entry points and adding more
guidance to it to reach into places where it hasn't found by itself. 

-- 
  / daniel.haxx.se | Get the best commercial curl support there is - from me
                   | Private help, bug fixes, support, ports, new features
                   | https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2019-09-17