Hi Murtaza, On Thu, Oct 28, 2021 at 09:47:40AM -0700, Murtaza Izzee via Elfutils-devel wrote: > Wanted to add elfutils to OSS-Fuzz. libelf is used in many distributions > and seems like a good target to have some fuzz testing on > > https://github.com/google/oss-fuzz/pull/6670 > > Would love to hear your thoughts.
We have been using afl (American Fuzzy Lop) in an ad-hoc way to find issues. I have used OSS-Fuzz for some other projects, but found it very painful to get any results out if you don't have a google account. If you can set it up so that it posts the results and artifacts to the mailinglists that would be great. If possible I would try write something a bit more specific than just reusing eu-readelf. When using eu-readelf you'll basically first have to go through libdwfl and libdw initialization, there are various sanity checks that probably mean the fuzzer will not reach libelf for more interesting input files. Take a peek at some of the simpler elf tests (under test) if you want to really fuzz libelf itself. Maybe using elfcpy and then elfcmp to make sure the copy is really identical would make a fun fuzzcase. Cheers, Mark
