Open m4b opened 7 years ago
sanxiyn
commented
7 years ago I just realized my mistake. Current rust-fuzz/libfuzzer-sys defaults to maximum 64 bytes when you don't use corpus. Since PE DOS Header is 64 bytes long, this means PE parser wasn't fuzzed at all.
m4b
commented
7 years ago Ya that doesn't surprise me, since I'm sure PE had more bugs. Was Mach fuzzed too? I'm surprised their wouldn't be more bugs there
Might also be good to fuzz the native endian methods, but that will be more work. Might be better to steal the native endian object loader from dryad and use that
sanxiyn
commented
7 years ago I think what's going on is that ELFMAG is [u8; 4], but FAT_MAGIC is u32. So the fuzzer can guess ELF magic byte by byte guided by coverage, but partial guess of Mach magic does not give you any coverage feedback... It's all moot since we will use corpus.
m4b
commented
5 years ago I'd like to see more fuzzing before 1.0 release; in particular the mach-o and PE backends have been somewhat neglected :)
Tracking issue for fuzz related stuff.
We'll start using a corpi now. In particular, I'd like to see PE and Mach backends fuzzed extensively, I'm sure they have more bugs.
/cc @sanxiyn