Introduction to libFuzzer
libFuzzer is part of the LLVM package.It allows you to integrate the coverage-guided fuzzer logic into your C/C++ application.One of the best feature of libFuzzer is that it works close with Sanitizer Coverage and bug detecting sanitizers as ASAN,LSAN,MSAN,TSAN,UBSAN.As a consequence of using libFuzzer we can cover a wide range of memory corruption bugs and undesired application behavior such as: Heap/Stack/Global OOB,UAF,MEM LEAKS,Unintialized Mutex use.
Why would one use libFuzzer?
First of all,AFL-Fuzzer is incapable of handling different types of coverage such as tracking the evaluation of comparision instructions aslo AFL was unware of tracking the evaluation of standard functions that return certain values depending on the input,such as strcmp.
Now how does one actually use libFuzzer ?
Here is the canonic example showed on llvm fuzzer page:
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data,size_t Size)
{
DoSomethingWithMyAPI(Data,Size);
return 0;
}
There are two args to LLVMFuzzerTestOneInput,data & size.Data is a buffer of fixed len that is processed by our fuzzer and proccessed by our API.
That said,libFuzzer is tailored towards:
Fuzzing libraries and their APIs,rather than standalone programs.
The behavior should be as deterministic as possible.The same input must result in the same output
The called library should aboit exiting(by exit() or raising signals) for valid code path.
It should avoid mutating the global state as otherwise it will confuse the fuzzer
It may use threads, but all newly spawned threads should be joined before returning to libFuzzer
Collecting diverse sources of coverage as productive as possible
End
Hi
ReplyDeleteHow does the given function relate to research essay and given task of continuous assessment work 1? Please follow the research essay requirements and guideline of essay (via assessment brief 1) to score more in the assessments.
Please do not forget to link it to your major project to show context.
Many thanks
Chirag