Fuzzing with afl++

Hi, all. So I got FORM fuzzing to work with [afl++](https://github.com/AFLplusplus/AFLplusplus/), and I'd like to consult with you on how to proceed. The scripts are in [form-fuzz](https://github.com/magv/form-fuzz), with some description of how to run them. The workflow is that:
1) We build FORM multiple times with different sanitizers.
2) We launch one fuzzer per sanitizer, and probably a few more (see [the afl docs on this](https://github.com/AFLplusplus/AFLplusplus/blob/stable/docs/fuzzing_in_depth.md)).
3) We wait a bit, and then investigate the crashing files in `/tmp/form-fuzz/out/*/crashes/`.

There is, of course, much more to be done to make this effective and efficient (i.e. the [persistent mode](https://github.com/AFLplusplus/AFLplusplus/blob/stable/instrumentation/README.persistent_mode.md)).

Currently I'm already looking at hundreds of "crashing" files, most of which are either syntax errors, or strange ASAN-related bugs. Some work needs to help the fuzzer distinguish between expected crashes and actual problems. Not sure what the total scope of this work is at the moment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Fuzzing with afl++ #663

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Fuzzing with afl++ #663

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions