Hi! I have played around with the curl-fuzzers running in oss-fuzz. I am impressed by how the existing fuzzers manage to emulate network traffic and get such an extensive coverage!
I am doing some experiments with fuzzing the internals of curl, and so far have found * doh buffer overwrite * doh resource leak * undefined behaviour in doh parsing all of which have been fixed already (thanks Daniel!) There is more in the pipe, but not yet fit for public discussion. I am running the existing fuzzers, to look for under exposed parts of curl. It is however quite slow to get the coverage up, so I wonder if I could get a speed boost by receiving a copy of the fuzz corpus from oss-fuzz? I have spent something like 20 cpu days so far, and still finding new paths. I assume the oss fuzz corpus must have had several cpu years by now. This would help me focus my contributions to where it matters. Thanks, Paul ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
