jm + fuzzing   3

An empirical study on the correctness of formally verified distributed systems
We must recognise that even formal verification can leave gaps and hidden assumptions that need to be teased out and tested, using the full battery of testing techniques at our disposal. Building distributed systems is hard. But knowing that shouldn’t make us shy away from trying to do the right thing, instead it should make us redouble our efforts in our quest for correctness.
formal-verification  software  coding  testing  tla+  chapar  fuzzing  verdi  bugs  papers 
12 weeks ago by jm
Fuzzing Raft for Fun and Publication
Good intro to fuzz-testing a distributed system; I've had great results using similar approaches in unit tests
fuzzing  fuzz-testing  testing  raft  akka  tests 
october 2015 by jm
PSA: don't run 'strings' on untrusted files (CVE-2014-8485)
ffs.
Perhaps simply by the virtue of being a part of that bundle, the strings utility tries to leverage the common libbfd infrastructure to detect supported executable formats and "optimize" the process by extracting text only from specific sections of the file. Unfortunately, the underlying library can be hardly described as safe: a quick pass with afl (and probably with any other competent fuzzer) quickly reveals a range of troubling and likely exploitable out-of-bounds crashes due to very limited range checking
strings  libbfd  gnu  security  fuzzing  buffer-overflows 
october 2014 by jm

Copy this bookmark:



description:


tags: