This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: is there a fuzzer for libc?
- From: Konstantin Serebryany <konstantin dot s dot serebryany at gmail dot com>
- To: Siddhesh Poyarekar <siddhesh dot poyarekar at gmail dot com>
- Cc: Rich Felker <dalias at libc dot org>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Tue, 3 Jun 2014 11:00:44 +0400
- Subject: Re: is there a fuzzer for libc?
- Authentication-results: sourceware.org; auth=none
- References: <CAGQ9bdwcMhLU_8-FJQFk9VUJAUWcpRzMeq1WuPrmRvxyXJ3K7w at mail dot gmail dot com> <20140602200155 dot GI507 at brightrain dot aerifal dot cx> <CAAHN_R1U1e9N7eBF70baVZ_pHCRgnSCfPW-544tYkJ0KfXCQdA at mail dot gmail dot com>
Thanks for the answer -- it confirms what I concluded from a quick web search.
There are however some libc functions that might be easier to fuzz
(e.g. gethostbyname),
so I thought that there could be at least something.
On Tue, Jun 3, 2014 at 12:09 AM, Siddhesh Poyarekar
<siddhesh.poyarekar@gmail.com> wrote:
> On 3 June 2014 01:31, Rich Felker <dalias@libc.org> wrote:
>> I actually saw a test report from some group that ran their fuzzer
>> against glibc (I don't have the link right off) but most of the output
>> was noise.
>
> Maybe this is what you're talking about?
>
> http://www.viva64.com/en/b/0237/
PVS-Studio is a static analysis tool, i.e. a completely different
approach compared to dynamic (e.g. AddressSanitizer+fuzzing).
--kcc