[llvm-dev] Fuzzing bitcode reader

Mehdi Amini via llvm-dev llvm-dev at lists.llvm.org
Wed Feb 1 08:45:33 PST 2017


> On Feb 1, 2017, at 8:34 AM, Michael Kruse via llvm-dev <llvm-dev at lists.llvm.org> wrote:
> 
> Hi all,
> 
> The blog entry [1] suggest that one of the buildbots constantly fuzzes
> clang and clang-format. However, the actual bot [2] only tests the
> fuzzer itself over a well-known set of bugs in standard software (eg.
> Heartbleed [3] seems to be among them).

Isn’t it this stage? http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-fuzzer/builds/2755/steps/stage2%2Fasan%2Bassertions%20check-fuzzer/logs/stdio

> Has there actually ever been a
> buildbot that fuzzes clang/LLVM itself?
> 
> Another (obvious?) fuzzing candidate would be the LLVM's bitcode
> reader. I ran afl-fuzz on it and it found lots of failed assertions
> within seconds. Isn't fuzzing done on a regular basis as [1] suggests
> should be done? Should I report the crashes found by it?

The bitcode reader is known to not be robust against malformed inputs.

— 
Mehdi


More information about the llvm-dev mailing list