Open m4b opened 7 years ago
I just realized my mistake. Current rust-fuzz/libfuzzer-sys defaults to maximum 64 bytes when you don't use corpus. Since PE DOS Header is 64 bytes long, this means PE parser wasn't fuzzed at all.
Ya that doesn't surprise me, since I'm sure PE had more bugs. Was Mach fuzzed too? I'm surprised their wouldn't be more bugs there
Might also be good to fuzz the native endian methods, but that will be more work. Might be better to steal the native endian object loader from dryad and use that
I think what's going on is that ELFMAG
is [u8; 4]
, but FAT_MAGIC
is u32
. So the fuzzer can guess ELF magic byte by byte guided by coverage, but partial guess of Mach magic does not give you any coverage feedback... It's all moot since we will use corpus.
I'd like to see more fuzzing before 1.0 release; in particular the mach-o and PE backends have been somewhat neglected :)
Tracking issue for fuzz related stuff.
We'll start using a corpi now. In particular, I'd like to see PE and Mach backends fuzzed extensively, I'm sure they have more bugs.
/cc @sanxiyn