Displaying 20 results from an estimated 4000 matches similar to: "Does samba provide a fuzzing mode that uses deterministic NTLMSSP_Challenge?"
2017 Feb 01
2
Fuzzing bitcode reader
On Wed, Feb 1, 2017 at 8:45 AM, Mehdi Amini <mehdi.amini at apple.com> wrote:
>
> > On Feb 1, 2017, at 8:34 AM, Michael Kruse via llvm-dev <
> llvm-dev at lists.llvm.org> wrote:
> >
> > Hi all,
> >
> > The blog entry [1] suggest that one of the buildbots constantly fuzzes
> > clang and clang-format. However, the actual bot [2] only tests the
2017 Feb 01
3
Fuzzing bitcode reader
On Wed, Feb 1, 2017 at 9:19 AM, Michael Kruse <llvmdev at meinersbur.de> wrote:
> 2017-02-01 18:07 GMT+01:00 Kostya Serebryany <kcc at google.com>:
> > Yes, I used to run clang-fuzzer and clang-format-fuzzer on this bot, but
> not
> > any more.
> > The reason is simple -- the bot was always red (well, orange) and the
> bugs
> > were never fixed.
>
2017 Feb 01
3
Fuzzing bitcode reader
Hi all,
The blog entry [1] suggest that one of the buildbots constantly fuzzes
clang and clang-format. However, the actual bot [2] only tests the
fuzzer itself over a well-known set of bugs in standard software (eg.
Heartbleed [3] seems to be among them). Has there actually ever been a
buildbot that fuzzes clang/LLVM itself?
Another (obvious?) fuzzing candidate would be the LLVM's bitcode
2017 Aug 29
2
how to auto-report LLVM bugs found by fuzzing?
On Tue, Aug 29, 2017 at 4:13 PM, Justin Bogner <mail at justinbogner.com>
wrote:
> Kostya Serebryany <kcc at google.com> writes:
> > Hi,
> >
> > We have several llvm fuzz targets running on OSS-Fuzz, a continuous
> > automated fuzzing service:
> > https://github.com/google/oss-fuzz
> >
2017 Aug 30
2
how to auto-report LLVM bugs found by fuzzing?
Bugs found by oss-fuzz in llvm are now public:
https://bugs.chromium.org/p/oss-fuzz/issues/list?q=proj-llvm
(and the new ones will be public too).
I've also added llvm-bugs at lists.llvm.org to the list of e-mail recipients:
https://github.com/google/oss-fuzz/blob/master/projects/llvm/project.yaml
On Tue, Aug 29, 2017 at 4:27 PM, Justin Bogner <mail at justinbogner.com>
wrote:
>
2015 Aug 30
2
Fuzzing complex programs
On Sun, Aug 30, 2015 at 9:11 AM, Brian Cain via llvm-dev <
llvm-dev at lists.llvm.org> wrote:
>
>
> On Sun, Aug 30, 2015 at 9:30 AM, Greg Stark via llvm-dev <
> llvm-dev at lists.llvm.org> wrote:
>
>> I have a project I want to do based on Libfuzzer. Is there a separate
>> list for it or should I bring up any ideas for it here?
>>
>> No separate
2017 Aug 29
3
how to auto-report LLVM bugs found by fuzzing?
Hi,
We have several llvm fuzz targets running on OSS-Fuzz, a continuous
automated fuzzing service:
https://github.com/google/oss-fuzz
https://www.usenix.org/sites/default/files/conference/protected-files/usenixsecurity17_slides_serebryany.pdf
It has reported a few bugs in cxa_demangler, clang, and dwarfdump already,
and we expect to add more fuzz targets to it soon (llvm-isel-fuzzer,
2015 Sep 03
2
Fuzzing complex programs
On Thu, Sep 3, 2015 at 6:25 PM, Kostya Serebryany <kcc at google.com> wrote:
> Not sure I understood this correctly.
> Example?
I've made a Postgres module which is dynamically loaded by Postgres as
a shared library from which I can call the fuzzer on the SQL function
of my choice. Postgres has enough meta information about the functions
that I think the eventual interface might
2019 Nov 12
2
Using Libfuzzer on a library - linking the library to the fuzz target
Hi Mitch,
Thank you for the response.
1. You don't need to build the library with `-fsanitize-coverage=...`,
using `-fsanitize=fuzzer-no-link,address` should be sufficient. -
Acknowledged
2. (although you can actually build object files/shared libraries with
-fsanitize=fuzzer, and the libFuzzer main won't be linked, if this makes
your build process easier). - with just the *fuzzer
2019 Nov 12
2
Using Libfuzzer on a library - linking the library to the fuzz target
I am working of using libfuzzer and asan to test out a third-party library.
As demonstrated in the tutorial, I wrote a fuzz target to fuzz a specific
function in the library. The fuzz target is then linked to the library and
compiles clean and I do see some tests generated by the fuzzer. However, I
have some questions regarding the "right" way to go about doing this. I
have doubts that
2017 Feb 01
2
Fuzzing bitcode reader
2017-02-01 17:45 GMT+01:00 Mehdi Amini <mehdi.amini at apple.com>:
>
>> On Feb 1, 2017, at 8:34 AM, Michael Kruse via llvm-dev <llvm-dev at lists.llvm.org> wrote:
>>
>> Hi all,
>>
>> The blog entry [1] suggest that one of the buildbots constantly fuzzes
>> clang and clang-format. However, the actual bot [2] only tests the
>> fuzzer itself
2017 Jan 27
3
Adding a decoder fuzz target
Hi all,
I'm working on fuzzing Opus with OSS-Fuzz and have started with the
decoder. Attached is a patch to add the corresponding fuzz target. Please
let me know if there are any concerns?
Thanks,
Felicia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xiph.org/pipermail/opus/attachments/20170127/f69951aa/attachment-0001.html>
2017 Feb 10
2
Adding a decoder fuzz target
Thanks for your comments, Ralph and Jean-Marc.
Please find attached the amended patch:
- decodes a sequence of input packets rather than just one (I'm planning on
using the Opus test vectors as the seed corpus)
- decides on decoder setup and FEC independently of the packet data
- uses Opus functions to parse ToC
Cheers,
Felicia
On Sun, Jan 29, 2017 at 9:48 PM Jean-Marc Valin <jmvalin at
2017 Jul 12
2
A Prototype to Track Input Read for Sparse File Fuzzing
Hi everyone,
I wrote a prototype based on LLVM sanitizer infrastructure to improve fuzzing performance, especially over sparse file format. I’d like to upstream it if the anyone thinks it is useful.
Sparse file format are formats that only a small portion of the file data could have impact on the behavior of the program that parses it. Common examples are archive files or a file system image
2015 Aug 30
4
Fuzzing complex programs
I have a project I want to do based on Libfuzzer. Is there a separate
list for it or should I bring up any ideas for it here?
What I have in mind is to fuzz Postgres. Trying to fuzz the SQL
interpreter in general
is not very productive because traditional fuzzers try to execute the
entire program repeatedly and it has a fairly high startup and
shutdown cost. Also the instrumentation-guided
2015 Sep 03
2
Fuzzing complex programs
I'm fairly sure your compiler (or rather linker) errors are coming from the
fact that you are not linking to the C++ runtime library. Use `clang++
-std=c++11 *.o`, and I'm reasonably sure it will do what you want.
--
Mats
On 3 September 2015 at 12:26, Greg Stark via llvm-dev <
llvm-dev at lists.llvm.org> wrote:
> On Sun, Aug 30, 2015 at 3:30 PM, Greg Stark <stark at
2019 Nov 02
2
[PATCH nbdkit 0/2] Implement fuzzing using Clang's libFuzzer.
libFuzzer is Clang's fuzzer, and alternative to using AFL:
https://llvm.org/docs/LibFuzzer.html
I implemented an alternative method of fuzzing for libnbd earlier
today and it's pretty simple:
https://github.com/libguestfs/libnbd/commit/c19a6fbae9a21a7d4693418706c59e81ed256875
However it's considerably more difficult to use libFuzzer with
non-library code -- in this case nbdkit.
2017 Aug 24
2
llvm-mc-[dis]assemble-fuzzer status?
On Tue, Aug 22, 2017 at 4:34 PM, Kostya Serebryany <kcc at google.com> wrote:
>
>
> On Tue, Aug 22, 2017 at 4:21 PM, George Karpenkov <ekarpenkov at apple.com>
> wrote:
>
>> Hi,
>>
>> As a part of a recent move of libFuzzer from LLVM to compiler-rt I am
>> looking into updating the build code
>> for the libraries which use libFuzzer.
2017 Aug 25
3
llvm-mc-[dis]assemble-fuzzer status?
On Fri, Aug 25, 2017 at 8:51 AM, Daniel Sanders <daniel_l_sanders at apple.com>
wrote:
> (removed my @imgtec.com address since it no longer exists)
>
> Sorry for the slow reply, it's a busy time for me right now.
>
> > On 23 Aug 2017, at 00:21, George Karpenkov via llvm-dev <
> llvm-dev at lists.llvm.org> wrote:
> >
> > Hi,
> >
> > As a
2015 Sep 03
2
Fuzzing complex programs
On Thu, Sep 3, 2015 at 11:03 AM, Greg Stark <stark at mit.edu> wrote:
> On Thu, Sep 3, 2015 at 6:54 PM, Kostya Serebryany <kcc at google.com> wrote:
> > Looks correct.
>
> Ah! With a fresh pair of eyes it's obvious what was wrong. I had
> compiled everything with sanitize-coverage except the Fuzzer code
> itself but that included the file with the wrapper