Re: [Valgrind-users] Fuzz testing with Valgrind?

[Ildar I. <il...@in...>]

I created some experimental tool called Avalanche which was a king of a fuzzer based on Valgrind.

But that was already quite a long time ago.

You can still have a look

https://code.google.com/p/avalanche/


>Вторник,  1 декабря 2015, 14:04 UTC от "Dallman, John" <joh...@si...>:
>
>I'm starting to look at fuzz testing the mathematical modelling library I work on, which reads complicated data files that are produced by end-users, and could plausibly be used to stage buffer overflow attacks. The basics obviously come first: use -fstack-protector,
take care with string manipulation functions and so on. 
> 
>But while looking at fuzzing systems such as AFL ( http://lcamtuf.coredump.cx/afl/ )
it struck me that the Valgrind execution environment could be used to write a fuzzer that could discover changes in flow of control in response to variations in input files, and thus provide a better feedback mechanism than "Load a file, see if the test program
crashes". 
> 
>Has anyone looked into this in the past? 
> 
>thanks,
> 
>-- 
>John Dallman
> 
>-----------------
>Siemens Industry Software Limited is a limited company registered in England and Wales.
>Registered number: 3476850.
>Registered office: Faraday House, Sir William Siemens Square, Frimley, Surrey, GU16 8QD. 
>------------------------------------------------------------------------------
>Go from Idea to Many App Stores Faster with Intel(R) XDK
>Give your users amazing mobile app experiences with Intel(R) XDK.
>Use one codebase in this all-in-one HTML5 development environment.
>Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
>http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
>_______________________________________________
>Valgrind-users mailing list
>Val...@li...
>https://lists.sourceforge.net/lists/listinfo/valgrind-users