oss-sec mailing list archives

Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz

From: Martin Carpenter <martin.carpenter () gmail com>
Date: Tue, 25 Jun 2019 23:09:36 +0200

On Tue, 2019-06-25 at 16:34 +0200, Florian Weimer wrote:

Fuzzing is used to show that a function is partial, when it is
expected to be total


This definition is cute but it misses the case where the function is
defined over its entire domain but sometimes gives the wrong answer.
Fuzzers can find these bugs, as well as C-style crashes. (Simple recipe
for crash-seeking fuzzers is: test harness + abort(3)).

Current thread:

Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz, (continued)
- - - Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Bob Friesenhahn (Jun 25)
    - Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Alex Gaynor (Jun 25)
    - Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Alexander Potapenko (Jun 25)
    - Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Matthew Fernandez (Jun 25)
    - Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Jeff Law (Jun 25)
    - Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Pascal Cuoq (Jun 25)
    - Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Jeff Law (Jun 25)
    - Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Bob Friesenhahn (Jun 25)
    - Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Jeffrey Walton (Jun 25)
    - Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Florian Weimer (Jun 25)
    - Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Martin Carpenter (Jun 26)
    - Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Alexander Potapenko (Jun 24)
    - Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz Bob Friesenhahn (Jun 24)
    - Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz John Haxby (Jun 24)