[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz
From:       Martin Carpenter <martin.carpenter () gmail ! com>
Date:       2019-06-25 21:09:36
Message-ID: 068eb724241a91d08f36f2262c90ae30bf135fa1.camel () gmail ! com
[Download RAW message or body]

On Tue, 2019-06-25 at 16:34 +0200, Florian Weimer wrote:

> Fuzzing is used to show that a function is partial, when it is
> expected to be total

This definition is cute but it misses the case where the function is
defined over its entire domain but sometimes gives the wrong answer.
Fuzzers can find these bugs, as well as C-style crashes. (Simple recipe
for crash-seeking fuzzers is: test harness + abort(3)).


[prev in list] [next in list] [prev in thread] [next in thread]