mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-08 08:11:34 +00:00

Changes:
- Move advanced content to docs/.
- Add links.
- Fix links.
- Restructure content.

2021-08-12 23:06:34 +02:00

1.1 KiB

Raw Blame History

Going beyond crashes

Fuzzing is a wonderful and underutilized technique for discovering non-crashing design and implementation errors, too. Quite a few interesting bugs have been found by modifying the target programs to call abort() when say:

Two bignum libraries produce different outputs when given the same fuzzer-generated input,
An image library produces different outputs when asked to decode the same input image several times in a row,
A serialization / deserialization library fails to produce stable outputs when iteratively serializing and deserializing fuzzer-supplied data,
A compression library produces an output inconsistent with the input file when asked to compress and then decompress a particular blob.

Implementing these or similar sanity checks usually takes very little time; if you are the maintainer of a particular package, you can make this code conditional with #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION (a flag also shared with libfuzzer and honggfuzz) or #ifdef __AFL_COMPILER (this one is just for AFL).

1.1 KiB Raw Blame History

Going beyond crashes

1.1 KiB

Raw Blame History