A simple script to run zzuf and quit when an error occurs.
This script calls the zzuf fuzzer using a random seed on an input file you provide (by modifying the script with the input file name).
Then, it runs a command (that you provide by modifying the script) on the result of the most recent fuzzing.
Finally, it checks the return value of the command that was run on the fuzzed input.
The script will try again with a new fuzzed input on the following return values:
- 0 -- no error
- 1-126 -- handled error
- 255 -- I don't remember why it ignores 255!
If the return value is between 127-254, it quits and alerts the user, as this value is returned upon abnormal termination (segfault, OOM killed, protection error, etc.).
- Make the script executable if it is not.
- Put an input file example in the working directory (smaller inputs are generally better, to allow the fuzzer to focus mostly on the header and other structures).
- Modify the script's
zzufcall to fuzz the new input file. - Add a suitable command that will run your program (preferably noninteractively for maximum speed)
- Run
./crash_hunt.sh - When
crash_hunt.shterminates, investigate the fuzzed input by running your test command manually.
Email pahp@d.umn.edu