oss-fuzz

Berkeley Churchill berkeleychurchill@gmail.com
Mon Dec 23 06:07:00 GMT 2019


Great, thanks for the feedback!

One of my first tasks will be to support llvm/clang builds.  I've seen some
prior discussion on what's needed for that, but if you have any extra tips
I'll take them.  I'll be sure to create a build target for the fuzzers so
they can be run standalone.

Berkeley

On Mon, Dec 23, 2019 at 3:12 AM Mark Wielaard <mark@klomp.org> wrote:

> Hi Berkeley,
>
> On Fri, 2019-12-20 at 17:21 +0200, Berkeley Churchill wrote:
> > Any interest in integrating with oss-fuzz?  It's a google project
> > that supports open source projects by fuzzing. It allows Google to
> > find and report bugs, especially security bugs, to the project.
> > I'm willing to work on writing fuzzers and performing the integration,
> > if this would be welcome by the maintainers.   Thoughts?
>
> Certainly interested. I have been running afl-fuzz on various utilities
> and test cases. That has found lots of issues. But it isn't very
> structured. And it often needs to go through a completely valid ELF
> file before fuzzing the more interesting data structures inside it.
>
> The only request I would have is that if the fuzzer targets are added
> to elfutils itself then they should also be made to work locally. So
> someone could also use them with e.g. afl-fuzz or some other fuzzing
> framework, or simply as extra testcase.
>
> Please also see:
> https://sourceware.org/git/?p=elfutils.git;f=CONTRIBUTING;hb=HEAD
>
> Cheers,
>
> Mark
>



More information about the Elfutils-devel mailing list