Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
libFuzzer integration + bug report #1035
This commit places the basics for libFuzzer integration with one
To add more fuzzers please add them to ./fuzz directory.
Also a memory corruption bug is found using this fuzzer which
Attached is the crash for the mg_parse_http fuzzer + screenshot of the backtrace.
I think this should also be given a CVE for a memory corruption vulnerability.
I'll be happy to contribute more fuzzers after this bug is fixed so it won't fail the other fuzzers.
Also, I'll be happy to contribute an integration to Fuzzit (I'm the CEO of the company) which will enable continuous fuzzing for the project for free as it's an open-source project. you can read also about systemd case study here.
To reproduce run
cd fuzz make ./fuzz/mg_parse_http/mg_parse_http
Hi. I saw this posted on reddit and am in no way affiliated with the project, but it looks like you've accidentally committed the 2.7MB fuzzing binary which likely isn't meant to be in the repo.
I had a brief go at running the fuzzer myself and it looks like the crash is the result of an incorrect assumption on the behaviour of
This patch fixes the issue by checking that the first character of the status code isn't a space, and hence fixes the crash as it can no longer be given a string of 4 spaces which it would read off of:
I also beefed up the fuzzer locally to test the other paths and nothing else was flagged up. Feel free to use it if you'd like:
Also I notice the undefined behaviour sanitizer isn't enabled in the root Makefile? Nothing was flagged up when it was enabled, but integer overflow is a very common issue and that sanitizer is ideal for detecting it.
@cpq You welcome. I wanted to follow-up and see if you guys are interested in integrating the fuzzers with our (Fuzzit) Continuous Fuzzing as a Service platform. My biased opinion:) is that it is crucial for the stability and security of native code applications. Feel free to ping my at email@example.com.