[oss-security] Re: Fuzzing objdump (PR 17512) and readelf (PR 17531)

Yury Gribov y.gribov@samsung.com
Fri Nov 7 11:43:00 GMT 2014


On 11/07/2014 01:59 PM, Hanno Böck wrote:
> Am Fri, 07 Nov 2014 13:08:09 +0300
> schrieb Yury Gribov <y.gribov@samsung.com>:
>
>> This looks rather impressive.  Have you considered automatically
>> detecting duplicates by e.g. analyzing stacktraces?
>
> american-fuzzy-lop kind of does that. It creates a hash among the code
> path and groups fuzzing samples by that. That's quite convenient.

[Cc-ing Binutils ML back again]

Yeah, I think there was even an article in one of recent PLDIs which 
discussed different approaches to filtering duplicates arising in 
compiler fuzz testing (they did various combinations of stacktraces, 
Valgrind output, program coverage, etc.).  I was just curious how well 
this works for real world tasks like objdump crashes.

-Y



More information about the Binutils mailing list