LLVM's LibFuzzer Is Uncovering New Bugs With Fuzzing

Written by Michael Larabel in LLVM on 9 April 2015 at 05:10 PM EDT. 6 Comments
LLVM
LibFuzzer was recently added to LLVM as a library for in-process fuzzing. LibFuzzer combined with other open-source fuzzing capabilities make it easy for uncovering new bugs within LLVM and other projects.

LibFuzzer can provide a guided fuzzer for independent libraries by writing just one simple function. There's also the clang-format-fuzzer and clang-fuzzer utilities that have been built atop LibFuzzer.

In a new LLVM.org blog post about LLVM fuzzing, Kostya Serebryany explained, "We have implemented two fuzzers on top of LibFuzzer: clang-format-fuzzer and clang-fuzzer. Clang-format is mostly a lexical analyzer, so giving it random bytes to format worked perfectly and discovered over 20 bugs. Clang however is more than just a lexer and giving it random bytes barely scratches the surface, so in addition to testing with random bytes we also fuzzed Clang in token-aware mode. Both modes found bugs; some of them were previously detected by AFL, some others were not: we’ve run this fuzzer with AddressSanitizer and some of the bugs are not easily discoverable without it."

LibFuzzer is already being used to find bugs in other software projects and as a test it was able to find OpenSSL's Heartbleed bug in less than one minute. More details on LibFuzzer and LLVM fuzzing in general can be found via this blog post.
6 Comments
Related News
Proposal Raised To Deprecate "-Ofast" For The LLVM/Clang Compiler
LLVM's BOLT Being Adapted To Analyze Security Hardening Of Binaries
LLVM/Clang 18.1 Released With Intel AVX10.1 Work, Adds Clearwater Forest & Panther Lake
Meta Continues Working On BOLT'ing The Linux Kernel For Greater Performance
LLVM/Clang Can Work Fine As A GCC Replacement For Linux Distributions
LLVM 18.1-rc1 Released For Enabling New Intel CPU Features, More C23 & C++23
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
NVIDIA's Open GPU Linux Kernel Driver Will Soon Be The Default For Turing & Newer GPUs
Torvalds Voices Thoughts On Linux Mitigating Unexpected Arithmetic Overflows/Underflows
Framework Laptop EC Driver Being Prepared For Linux
Zed Code Editor Making Progress On Linux Support
ReactOS "Open-Source Windows" Making Good Strides On SMP CPU Support
GNOME Took In $556k Last Year While Spending $675.9k
SteamOS 3.6 Preview Released With Linux 6.5, Updated Arch Linux & Mesa 24.1
Red Hat Announces RHEL AI