This is the mail archive of the
mailing list for the glibc project.
Re: is there a fuzzer for libc?
- From: Rich Felker <dalias at libc dot org>
- To: Konstantin Serebryany <konstantin dot s dot serebryany at gmail dot com>
- Cc: Siddhesh Poyarekar <siddhesh dot poyarekar at gmail dot com>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Tue, 3 Jun 2014 14:34:34 -0400
- Subject: Re: is there a fuzzer for libc?
- Authentication-results: sourceware.org; auth=none
- References: <CAGQ9bdwcMhLU_8-FJQFk9VUJAUWcpRzMeq1WuPrmRvxyXJ3K7w at mail dot gmail dot com> <20140602200155 dot GI507 at brightrain dot aerifal dot cx> <CAAHN_R1U1e9N7eBF70baVZ_pHCRgnSCfPW-544tYkJ0KfXCQdA at mail dot gmail dot com> <CAGQ9bdxQuAbCmVOzywWjiLZycuT=Dis=HV0RYxdg4MBO5PMuEQ at mail dot gmail dot com>
On Tue, Jun 03, 2014 at 11:00:44AM +0400, Konstantin Serebryany wrote:
> Thanks for the answer -- it confirms what I concluded from a quick web search.
> There are however some libc functions that might be easier to fuzz
> (e.g. gethostbyname),
> so I thought that there could be at least something.
Sure, one class of functions that aren't too hard to fuzz is functions
which take only integer and pointer-to-string arguments with no
constraints on them. However it still may be hard to hit the
meaningful cases. I think fuzzing gethostbyname would be pretty slow
since you'd end up waiting for the dns request to fail for nearly
every random string you generated.