LLVM's LibFuzzer Is Uncovering New Bugs With Fuzzing
Written by Michael Larabel in LLVM on 9 April 2015 at 05:10 PM EDT. 6 Comments
LibFuzzer was recently added to LLVM as a library for in-process fuzzing. LibFuzzer combined with other open-source fuzzing capabilities make it easy for uncovering new bugs within LLVM and other projects.

LibFuzzer can provide a guided fuzzer for independent libraries by writing just one simple function. There's also the clang-format-fuzzer and clang-fuzzer utilities that have been built atop LibFuzzer.

In a new LLVM.org blog post about LLVM fuzzing, Kostya Serebryany explained, "We have implemented two fuzzers on top of LibFuzzer: clang-format-fuzzer and clang-fuzzer. Clang-format is mostly a lexical analyzer, so giving it random bytes to format worked perfectly and discovered over 20 bugs. Clang however is more than just a lexer and giving it random bytes barely scratches the surface, so in addition to testing with random bytes we also fuzzed Clang in token-aware mode. Both modes found bugs; some of them were previously detected by AFL, some others were not: we’ve run this fuzzer with AddressSanitizer and some of the bugs are not easily discoverable without it."

LibFuzzer is already being used to find bugs in other software projects and as a test it was able to find OpenSSL's Heartbleed bug in less than one minute. More details on LibFuzzer and LLVM fuzzing in general can be found via this blog post.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week