[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [xen-devel] [fuzz] [x86 emulator] Input size



Hello,


In the x86 instruction emulator fuzzer, when checking wether the input size is correct, we are checking for this bounds : DATA_OFFSET < size < INPUT_SIZE.


The fact is that INPUT_SIZE is actually the size of the data buffer in the fuzz_corpus structure. This way, AFL is not able to have full control over this entry, as we are actually filling this buffer for at most
INPUT_SIZE - DATA_OFFSET.


If I understand the fuzzer correctly, we really need to give full control on this to AFL so that we can get some "random" from it.


I am wondering if the bounds should rather be :
DATA_OFFSET < size < sizeof (struct fuzz_corpus)
but maybe I am missing something here 🙂



Thanks,

--
Paul Semel

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.