[Valgrind-users] Fuzz testing with Valgrind?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I'm starting to look at fuzz testing the mathematical modelling library I work on, which reads complicated data files that are produced by end-users, and could plausibly be used to stage buffer overflow attacks. The basics obviously come first: use -fstack-protector, take care with string manipulation functions and so on.

But while looking at fuzzing systems such as AFL (http://lcamtuf.coredump.cx/afl/) it struck me that the Valgrind execution environment could be used to write a fuzzer that could discover changes in flow of control in response to variations in input files, and thus provide a better feedback mechanism than "Load a file, see if the test program crashes".

Has anyone looked into this in the past?

thanks,

--
John Dallman

-----------------
Siemens Industry Software Limited is a limited company registered in England and Wales.
Registered number: 3476850.
Registered office: Faraday House, Sir William Siemens Square, Frimley, Surrey, GU16 8QD.