{"title":"Futag:用于测试软件库的自动模糊目标生成器","authors":"Chi Thien Tran, S. Kurmangaleev","doi":"10.1109/ivmem53963.2021.00021","DOIUrl":null,"url":null,"abstract":"Recently, Fuzzing is one of the most successful techniques to expose bugs in software. For testing large programs or large codebase with many features and entry-points, the creation of fuzz-targets remains a big challenge. In this paper, we introduce Futag – an automated fuzz target generator for testing software libraries. This approach uses static analysis to collect information about source code: data type definitions, dependencies of types, definitions of functions, etc. Futag has found many vulnerabilities in latest version of popular libraries such as: libopenssl, libpng, libjson-c, liblxml2.","PeriodicalId":360766,"journal":{"name":"2021 Ivannikov Memorial Workshop (IVMEM)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Futag: Automated fuzz target generator for testing software libraries\",\"authors\":\"Chi Thien Tran, S. Kurmangaleev\",\"doi\":\"10.1109/ivmem53963.2021.00021\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Recently, Fuzzing is one of the most successful techniques to expose bugs in software. For testing large programs or large codebase with many features and entry-points, the creation of fuzz-targets remains a big challenge. In this paper, we introduce Futag – an automated fuzz target generator for testing software libraries. This approach uses static analysis to collect information about source code: data type definitions, dependencies of types, definitions of functions, etc. Futag has found many vulnerabilities in latest version of popular libraries such as: libopenssl, libpng, libjson-c, liblxml2.\",\"PeriodicalId\":360766,\"journal\":{\"name\":\"2021 Ivannikov Memorial Workshop (IVMEM)\",\"volume\":\"18 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 Ivannikov Memorial Workshop (IVMEM)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ivmem53963.2021.00021\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 Ivannikov Memorial Workshop (IVMEM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ivmem53963.2021.00021","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Futag: Automated fuzz target generator for testing software libraries
Recently, Fuzzing is one of the most successful techniques to expose bugs in software. For testing large programs or large codebase with many features and entry-points, the creation of fuzz-targets remains a big challenge. In this paper, we introduce Futag – an automated fuzz target generator for testing software libraries. This approach uses static analysis to collect information about source code: data type definitions, dependencies of types, definitions of functions, etc. Futag has found many vulnerabilities in latest version of popular libraries such as: libopenssl, libpng, libjson-c, liblxml2.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
