search for: fuzzing

...ldbot that fuzzes clang/LLVM itself? > Yes, I used to run clang-fuzzer and clang-format-fuzzer on this bot, but not any more. The reason is simple -- the bot was always red (well, orange) and the bugs were never fixed. Currently we run clang-fuzzer (but not clang-format-fuzzer) on our internal fuzzing infra and Richard has fixed at least one bug found this way. http://llvm.org/viewvc/llvm-project?view=revision&revision=291030 My llvm fuzzing bot was pretty naive and simple. If we want proper continuous fuzzing for parts of LLVM we either need to build a separate "real" continuous...

..., Justin Bogner <mail at justinbogner.com> > > wrote: > > > >> Kostya Serebryany <kcc at google.com> writes: > >> > Hi, > >> > > >> > We have several llvm fuzz targets running on OSS-Fuzz, a continuous > >> > automated fuzzing service: > >> > https://github.com/google/oss-fuzz > >> > https://www.usenix.org/sites/default/files/conference/ > protected-files/ > >> usenixsecurity17_slides_serebryany.pdf > >> > > >> > It has reported a few bugs in cxa_demangler, clan...

On Wed, Mar 18, 2020 at 01:46:14PM -0400, habib dan aouta wrote: > Hello Richard, > > Hope you are doing well. My name is Habib and I am current student > at the University of North Carolina at Charlotte(U.S). I am > currently following your Libnbd client fuzzing tutorial from the > Wordpress articles [https://rwmj.wordpress.com/2019/10/09/using-american-fuzzy-lop-on-network-clients/#content] > and I am having issues compiling the > Libnbd-wrapper.c file. After some research I am missing the > Libnbd.so library file that I cannot seems to find...

On Tue, Aug 29, 2017 at 4:13 PM, Justin Bogner <mail at justinbogner.com> wrote: > Kostya Serebryany <kcc at google.com> writes: > > Hi, > > > > We have several llvm fuzz targets running on OSS-Fuzz, a continuous > > automated fuzzing service: > > https://github.com/google/oss-fuzz > > https://www.usenix.org/sites/default/files/conference/protected-files/ > usenixsecurity17_slides_serebryany.pdf > > > > It has reported a few bugs in cxa_demangler, clang, and dwarfdump > already, > > and we exp...

...the buildbots constantly fuzzes clang and clang-format. However, the actual bot [2] only tests the fuzzer itself over a well-known set of bugs in standard software (eg. Heartbleed [3] seems to be among them). Has there actually ever been a buildbot that fuzzes clang/LLVM itself? Another (obvious?) fuzzing candidate would be the LLVM's bitcode reader. I ran afl-fuzz on it and it found lots of failed assertions within seconds. Isn't fuzzing done on a regular basis as [1] suggests should be done? Should I report the crashes found by it? Michael [1] http://blog.llvm.org/2015/04/fuzz-all-clang...

...and clang-format-fuzzer on this bot, but > not > > any more. > > The reason is simple -- the bot was always red (well, orange) and the > bugs > > were never fixed. > > > > Currently we run clang-fuzzer (but not clang-format-fuzzer) on our > internal > > fuzzing infra > > and Richard has fixed at least one bug found this way. > > http://llvm.org/viewvc/llvm-project?view=revision&revision=291030 > > > > My llvm fuzzing bot was pretty naive and simple. > > If we want proper continuous fuzzing for parts of LLVM we either need...

Hi, We have several llvm fuzz targets running on OSS-Fuzz, a continuous automated fuzzing service: https://github.com/google/oss-fuzz https://www.usenix.org/sites/default/files/conference/protected-files/usenixsecurity17_slides_serebryany.pdf It has reported a few bugs in cxa_demangler, clang, and dwarfdump already, and we expect to add more fuzz targets to it soon (llvm-isel-fuzzer, c...

...d - *apifunc()*. The libfuzzer log has a line which says - *apifunc() resp=0x7ff38f83ac20 uninitialized, fixing it*. I am not sure what this means. Also, I can see that the apifunc is called and it runs but it does not show up in the *NEW_FUNC[x/xxx]: *log lines in the libfuzzer output. To enable fuzzing. First I build the library with the following libfuzzer flags. *-fsanitize=fuzzer-no-link,address -fsanitize-coverage=edge,indirect-calls* I also had to make a blacklist to avoid some buffer overflow and use after free error during this build. After this, I link the fuzz target with the library an...

...r (or compiler-rt). What version of compiler-rt/llvm/clang are you trying this with? - This was an oversight on my part, it was a log dump from the library and somehow I mistook it be from libfuzzer. (I am using Clang 9 btw). 4. Have you tried visualising the coverage <https://github.com/google/fuzzing/blob/master/tutorial/libFuzzerTutorial.md#visualizing-coverage> that the fuzz target is generating? It may give you an insight as to why your desired function under test isn't being hit. - Yes, I am using lcov for coverage and do see the relevant methods being exercised. I am wondering if t...

...hem on a > fixed set of inputs to ensure they don't bit-rot (and to use them as > regression tests). > This will require us to tweak the cmake machinery to allow building fuzz > target with regular flags (no coverage). > 2. There should also be a bot that actually runs continuous fuzzing. > Our buildbots are not suitable for this, so I was planing to add the llvm > fuzzers to OSS-Fuzz (https://github.com/google/oss-fuzz) > We already run the cxa_demangler fuzzer there with quite a bit of success. > clang-fuzzer is now running on oss-fuzz, and here are two trophies so...

Hi, Recently I want to fuzz samba systematically (instead of functional fuzzing like OSS-Fuzz/samba). However, the fuzzer acts like smbclient and needs to establish a connection with the samba server via NTLM authentication. The NTLMSSP_Challenge sent by the server is not deterministic, which can render the fuzzing based on previously captured traffic futile. Does samba provid...

Hi all, I'm working on fuzzing Opus with OSS-Fuzz and have started with the decoder. Attached is a patch to add the corresponding fuzz target. Please let me know if there are any concerns? Thanks, Felicia -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.xiph.org/pipermail/opus/att...

So I installed Libnbd which worked fined and then I was trying to run Libnbd-fuzz-wrapper.c and with afl using : afl-fuzz -i fuzzing/testcase_dir -o fuzzing/sync_dir -M fuzz01 \./fuzzing/libnbd-fuzz-wrapper @@ when I try that command it gives me an error saying Libnbd-fuzz-wrapper.c is not an EFL binary. Then I tried to compile Libnbd-fuzz-wrapper.c first into an executable file and then I get the following error: libnbd-fuz...

So I installed Libnbd which worked fined and then I was trying to run Libnbd-fuzz-wrapper.c and with afl using : afl-fuzz -i fuzzing/testcase_dir -o fuzzing/sync_dir -M fuzz01 \./fuzzing/libnbd-fuzz-wrapper @@ when I try that command it gives me an error saying Libnbd-fuzz-wrapper.c is not an EFL binary. Then I tried to compile Libnbd-fuzz-wrapper.c first into an executable file and then I get the following error: libnbd-fuz...

I have a generic function test.equal <- function(obj1, obj2, ...) UseMethod("test.equal") however, the only argument that specific methods use is "fuzz" so I would like to change this to test.equal <- function(obj1, obj2, fuzz=???) UseMethod("test.equal") The problem is that some methods use slightly different default values for fuzz than others. How should

...rs/sanitizer-x86_64-linux-fuzzer/builds/2755/steps/stage2%2Fasan%2Bassertions%20check-fuzzer/logs/stdio To me it looks like just the compilation and the unit+regression tests ("ninja check-fuzzer", not even depending on clang). It also completes in only 10 minutes, which is not a lot for fuzzing. Michael

...; decode a single packet. How does the fuzzer handle testing for bugs that > only happen for a given sequence of input packets? > > Cheers, > > Jean-Marc > > > > > On 27/01/17 02:48 PM, Felicia Lim wrote: > > Hi all, > > > > I'm working on fuzzing Opus with OSS-Fuzz and have started with the > > decoder. Attached is a patch to add the corresponding fuzz target. > > Please let me know if there are any concerns? > > > > Thanks, > > Felicia > > > > > > _____________________________________________...

...p://download.libguestfs.org/libnbd/1.0-stable/ > <http://download.libguestfs.org/libnbd/1.0-stable/> and then > uncompressed it on linux ubuntu and then I followed the steps on the > GitHub readme to run with AFL-fuzz on this link > https://github.com/libguestfs/libnbd/blob/master/fuzzing/README > <https://github.com/libguestfs/libnbd/blob/master/fuzzing/README> . Since fuzzing is a relatively experimental feature it's probably best to start with the git repository: https://github.com/libguestfs/libnbd To build from git you will need a few extra dependencies, but it&...

...s become much more > stable and I've also changed jobs. > > That said, I'd like to set up a bot to make use of these tools, As soon as these fuzz targets build, don't immediately crash, and have someone who cares about them, I can add them to OSS-Fuzz for automated continuous fuzzing. > it's mostly a matter of finding time for it. That's normally difficult but > I should be able to do that in the next few weeks. > > > If yes, the code should be compilable, and ideally there should be a > buildbot. > > If no, maybe we should remove it, or move...

Hi, I need you help. I've been reading and searching on Google for a while know to try to get my gamepad (joystick, whatever) to work. Of course that the gamepad works fine under GNU/linux natives apps, like ZNES. First of all, is not a gamepad or joystick actually, it's an adaptor that lets me connect 2 PSII joysticks in one USB port. The module I'm using is joydev, and I'm