On Mon, 2015-10-26 at 23:00 +0300, Alexander Cherepanov wrote: > On 2015-10-07 18:23, Mark Wielaard wrote: > >>> You can build and run elfutils > >>> and the tests with configure --enable-sanitize-undefined to use ubsan > >>> checking. > >> > >> Nice. > > > > I am using it together with the afl fuzzer for finding issues. > > And it found some nasty ones. > > Glad to hear it. Are you keeping the found samples? It would be nice to > have them publicly available as a base for fuzzing other projects too.
No sorry. I probably should. What I usually do is either pick one of the crashers from an old bug like https://bugzilla.redhat.com/show_bug.cgi?id=1170810 and strip any unneeded sections from the file (the afl tools don't seem to be able to reduce these automatically, so you'll have to create a minimal valid ELF file by hand). Or when I write a new testcase I build everything with --enable-sanitize-undefined and run the test under afl with a minimal testfile that is also used in the testsuite as input for a couple of days. Cheers, Mark
