Futag: Automated fuzz target generator for testing software libraries

Futag: Automated fuzz target generator for testing software libraries

연구 분야: Verification

학회: 2021 Ivannikov Memorial Workshop (IVMEM)

Recently, Fuzzing is one of the most successful techniques to expose bugs in software. For testing large programs or large codebase with many features and entry-points, the creation of fuzz-targets remains a big challenge. In this paper, we introduce Futag – an automated fuzz target generator for testing software libraries. This approach uses static analysis to collect information about source code: data type definitions, dependencies of types, definitions of functions, etc. Futag has found many vulnerabilities in latest version of popular libraries such as: libopenssl, libpng, libjson-c, liblxml2.