similar to: Fuzz on Dynamically-Linked ELF MIPS

Hi all, Going straight to the question, is it possible to take a MIPS ELF binary which is dynamically-linked and generate its LLVM IR in order to either execute it in an x86_64 machine or fuzz an arbitrary function from that binary? This problem seems simple to solve but I've had some issues on finding useful tools to tackle it. Recently I had a look at rev.ng but as usual it is limited to

https://bugzilla.mindrot.org/show_bug.cgi?id=2271 Bug ID: 2271 Summary: Regression test #89 "fuzz Ed25519 sig" fails under Solaris Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: Solaris Status: NEW Severity: normal Priority: P5 Component:

Hi Felicia, Overall the patch looks good to me and it's a pretty reasonable starting points. Some minor comments below. On 10/02/17 02:44 PM, Felicia Lim wrote: > - decodes a sequence of input packets rather than just one (I'm planning > on using the Opus test vectors as the seed corpus) I remember from experimenting with AFL that it didn't like the test vectors because they

Hi all, I'm working on fuzzing Opus with OSS-Fuzz and have started with the decoder. Attached is a patch to add the corresponding fuzz target. Please let me know if there are any concerns? Thanks, Felicia -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.xiph.org/pipermail/opus/attachments/20170127/f69951aa/attachment-0001.html>

Hi Felicia, Here's a few comments/questions on your patch: > static void ParseToc(const uint8_t toc, TocInfo *const info) { Any particular reason you don't use the Opus functions for parsing the ToC? It seems like opus_packet_get_nb_samples(), opus_packet_get_bandwidth(), and opus_packet_get_nb_channels() should do the trick. > int LLVMFuzzerTestOneInput(const uint8_t *data,

I am working of using libfuzzer and asan to test out a third-party library. As demonstrated in the tutorial, I wrote a fuzz target to fuzz a specific function in the library. The fuzz target is then linked to the library and compiles clean and I do see some tests generated by the fuzzer. However, I have some questions regarding the "right" way to go about doing this. I have doubts that

Thanks for your comments, Ralph and Jean-Marc. Please find attached the amended patch: - decodes a sequence of input packets rather than just one (I'm planning on using the Opus test vectors as the seed corpus) - decides on decoder setup and FEC independently of the packet data - uses Opus functions to parse ToC Cheers, Felicia On Sun, Jan 29, 2017 at 9:48 PM Jean-Marc Valin <jmvalin at

Hi Mitch, Thank you for the response. 1. You don't need to build the library with `-fsanitize-coverage=...`, using `-fsanitize=fuzzer-no-link,address` should be sufficient. - Acknowledged 2. (although you can actually build object files/shared libraries with -fsanitize=fuzzer, and the libFuzzer main won't be linked, if this makes your build process easier). - with just the *fuzzer

I've been using rpart with R (1.3.0 Windows) for some time. I recently ran one of my research data sets through the rpart routine and produced a classification tree. I tried to replicate the results of the rpart analysis on another machine of mine and discovered some startling differences in the results. Puzzled, I went back to the raw data residing on both machines. I printed out

So I installed Libnbd which worked fined and then I was trying to run Libnbd-fuzz-wrapper.c and with afl using : afl-fuzz -i fuzzing/testcase_dir -o fuzzing/sync_dir -M fuzz01 \./fuzzing/libnbd-fuzz-wrapper @@ when I try that command it gives me an error saying Libnbd-fuzz-wrapper.c is not an EFL binary. Then I tried to compile Libnbd-fuzz-wrapper.c first into an executable file and then I

So I installed Libnbd which worked fined and then I was trying to run Libnbd-fuzz-wrapper.c and with afl using : afl-fuzz -i fuzzing/testcase_dir -o fuzzing/sync_dir -M fuzz01 \./fuzzing/libnbd-fuzz-wrapper @@ when I try that command it gives me an error saying Libnbd-fuzz-wrapper.c is not an EFL binary. Then I tried to compile Libnbd-fuzz-wrapper.c first into an executable file and then I

On Tue, Aug 29, 2017 at 4:13 PM, Justin Bogner <mail at justinbogner.com> wrote: > Kostya Serebryany <kcc at google.com> writes: > > Hi, > > > > We have several llvm fuzz targets running on OSS-Fuzz, a continuous > > automated fuzzing service: > > https://github.com/google/oss-fuzz > >

Bugs found by oss-fuzz in llvm are now public: https://bugs.chromium.org/p/oss-fuzz/issues/list?q=proj-llvm (and the new ones will be public too). I've also added llvm-bugs at lists.llvm.org to the list of e-mail recipients: https://github.com/google/oss-fuzz/blob/master/projects/llvm/project.yaml On Tue, Aug 29, 2017 at 4:27 PM, Justin Bogner <mail at justinbogner.com> wrote: >

I think the fuzzing effort is useful, and don't mind that they are logged to llvm-bugs; but do we really need to get >100 emails each of which has no comment? --paulr alias Mr. Grumpy

On Wed, Feb 1, 2017 at 8:45 AM, Mehdi Amini <mehdi.amini at apple.com> wrote: > > > On Feb 1, 2017, at 8:34 AM, Michael Kruse via llvm-dev < > llvm-dev at lists.llvm.org> wrote: > > > > Hi all, > > > > The blog entry [1] suggest that one of the buildbots constantly fuzzes > > clang and clang-format. However, the actual bot [2] only tests the

Hi, We have several llvm fuzz targets running on OSS-Fuzz, a continuous automated fuzzing service: https://github.com/google/oss-fuzz https://www.usenix.org/sites/default/files/conference/protected-files/usenixsecurity17_slides_serebryany.pdf It has reported a few bugs in cxa_demangler, clang, and dwarfdump already, and we expect to add more fuzz targets to it soon (llvm-isel-fuzzer,

Hi, Recently I want to fuzz samba systematically (instead of functional fuzzing like OSS-Fuzz/samba). However, the fuzzer acts like smbclient and needs to establish a connection with the samba server via NTLM authentication. The NTLMSSP_Challenge sent by the server is not deterministic, which can render the fuzzing based on previously captured traffic futile. Does samba provide a fuzzing mode

On Wed, Feb 1, 2017 at 9:19 AM, Michael Kruse <llvmdev at meinersbur.de> wrote: > 2017-02-01 18:07 GMT+01:00 Kostya Serebryany <kcc at google.com>: > > Yes, I used to run clang-fuzzer and clang-format-fuzzer on this bot, but > not > > any more. > > The reason is simple -- the bot was always red (well, orange) and the > bugs > > were never fixed. >

Hi all, The blog entry [1] suggest that one of the buildbots constantly fuzzes clang and clang-format. However, the actual bot [2] only tests the fuzzer itself over a well-known set of bugs in standard software (eg. Heartbleed [3] seems to be among them). Has there actually ever been a buildbot that fuzzes clang/LLVM itself? Another (obvious?) fuzzing candidate would be the LLVM's bitcode

On Thu, Sep 3, 2015 at 11:03 AM, Greg Stark <stark at mit.edu> wrote: > On Thu, Sep 3, 2015 at 6:54 PM, Kostya Serebryany <kcc at google.com> wrote: > > Looks correct. > > Ah! With a fresh pair of eyes it's obvious what was wrong. I had > compiled everything with sanitize-coverage except the Fuzzer code > itself but that included the file with the wrapper