Software Open Access
Padhye, Rohan; Lemieux, Caroline
This artifact accompanies the paper "FuzzFactory: Domain-Specific Fuzzing with Waypoints", submitted to OOPSLA 2019.
Paper abstract:
Coverage-guided fuzz testing has gained prominence as a highly effective method of finding security vulnerabilities such as buffer overflows in programs that parse binary data. Recently, researchers have introduced various specializations to the coverage-guided fuzzing algorithm for different domain-specific testing goals, such as finding performance bottlenecks, generating valid inputs, handling magic-byte comparisons, etc. Each such solution can require weeks of development effort and produces a distinct variant of a fuzzing tool. We observe that many of these domain-specific solutions follow a common solution pattern. In this paper, we present FuzzFactory, a framework for rapid prototyping of domain-specific fuzzing applications. FuzzFactory allows users to specify the collection of dynamic domain-specific feedback during test execution. FuzzFactory uses a domain-specific fuzzing algorithm that incorporates such custom feedback to selectively save intermediate inputs, called waypoints, to augment coverage-guided fuzzing. We use FuzzFactory to implement six domain-specific fuzzing applications: three re-implementations of prior work and three novel solutions, and evaluate their effectiveness on benchmarks from Google's fuzzer test suite. We also show how domain-specific feedback can be composed to produce composite applications, which perform better than the sum of their parts. For example, we combine domain-specific feedback about strict equality comparisons and dynamic memory allocations, to enable the automatic generation of ZIP bombs and PNG bombs. We also discover a previously unknown memory leak in libarchive.
Name | Size | |
---|---|---|
fuzzfactory-artifact.tar.gz
md5:1923fb6008ef16d632e37caacef0f1de |
1.1 GB | Download |
LICENSE.txt
md5:d257542ba026d1176360bb6e6fb68094 |
2.1 kB | Download |
README.txt
md5:210dda6d1fd2ee6e1872f8e90ae326f1 |
15.7 kB | Download |
All versions | This version | |
---|---|---|
Views | 266 | 267 |
Downloads | 101 | 101 |
Data volume | 46.7 GB | 46.7 GB |
Unique views | 245 | 246 |
Unique downloads | 64 | 64 |