Fuzzing rust-minidump for Embarrassment and Crashes

This is basically a small tutorial for libfuzzer, plus a very big trophy case. There's also a part 1. Seemed worth talking about.

2 Likes

The start of the article talks up how embarrassing the issues are, but then the actual issues the fuzzer found don't seem like much?

We've got a fix that wasn't applied to all platforms: fuzzers are amazing at finding these because they'll explore into the fix branch on arm32 then flip the platform identifier over.

An emulated pointer overflow: harmless but something to fix, as said in the article.

Basically what I'm saying is these issues don't look embarrassing to me. They're regular bugs anyone could write, and none of them had impact worse than a crash.