This is the mail archive of the elfutils-devel@sourceware.org mailing list for the elfutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: oss-fuzz

From: Mark Wielaard <mark at klomp dot org>
To: Berkeley Churchill <berkeleychurchill at gmail dot com>, elfutils-devel at sourceware dot org
Date: Mon, 23 Dec 2019 02:12:07 +0100
Subject: Re: oss-fuzz
References: <CAMT_tviDwmQC-DkDHz0OsJ=KhVGKVY3iuhERu+8s3vjhc5P5Rw@mail.gmail.com>

Hi Berkeley,

On Fri, 2019-12-20 at 17:21 +0200, Berkeley Churchill wrote:
> Any interest in integrating with oss-fuzz?  It's a google project
> that supports open source projects by fuzzing. It allows Google to
> find and report bugs, especially security bugs, to the project.
> I'm willing to work on writing fuzzers and performing the integration,
> if this would be welcome by the maintainers.   Thoughts?

Certainly interested. I have been running afl-fuzz on various utilities
and test cases. That has found lots of issues. But it isn't very
structured. And it often needs to go through a completely valid ELF
file before fuzzing the more interesting data structures inside it.

The only request I would have is that if the fuzzer targets are added
to elfutils itself then they should also be made to work locally. So
someone could also use them with e.g. afl-fuzz or some other fuzzing
framework, or simply as extra testcase.

Please also see:
https://sourceware.org/git/?p=elfutils.git;f=CONTRIBUTING;hb=HEAD

Cheers,

Mark

Follow-Ups:
- Re: oss-fuzz
  - From: Berkeley Churchill

References:
- oss-fuzz
  - From: Berkeley Churchill

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]