This is basically a small tutorial for libfuzzer, plus a very big trophy case. There's also a part 1. Seemed worth talking about.
2 Likes
The start of the article talks up how embarrassing the issues are, but then the actual issues the fuzzer found don't seem like much?
We've got a fix that wasn't applied to all platforms: fuzzers are amazing at finding these because they'll explore into the fix branch on arm32 then flip the platform identifier over.
An emulated pointer overflow: harmless but something to fix, as said in the article.
Basically what I'm saying is these issues don't look embarrassing to me. They're regular bugs anyone could write, and none of them had impact worse than a crash.
This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.