[MPlayer-dev-eng] Directed Fuzzing for Mplayer

Attila Kinali attila at kinali.ch
Thu Oct 30 10:10:11 CET 2008


On Wed, 29 Oct 2008 11:48:33 -0400
Vijay Ganesh <vganesh at csail.mit.edu> wrote:

> I am aware of zzuf. My fuzzer is very different. It leverages source code to
> find deeper bugs. I have compared my fuzzer with random fuzzers, and it
> outperforms them in terms of number of distinct bugs found and also 
> have deeper
> call stacks.

How does your fuzzer work and what makes you think it works better
than a random fuzzer? Do you do source code analysis to find possible
exploitable places? If so, is your fuzzer able to report where the
triggered bug in the code is? And how do you make sure your failure
model does not limit the search space of your fuzzer?

			Attila Kinali

-- 
If you want to walk fast, walk alone.
If you want to walk far, walk together.
		-- African proverb



More information about the MPlayer-dev-eng mailing list