| HN Mirror

If I'd done anything significant, I would, but all I did was confirm the suspicion that this old c-language GNU tool hadn't been exhaustively fuzzed. I'm sure the recutils team can do a perfectly fine job fuzzing it themselves.

Or perhaps you could write a blog post on how to use a fuzzer so we can all learn from your findings?

jcims 2338 days ago

Something about this request gets under my skin like nothing I've read on HN in a very long time.

It was weird. I decided to take it as a compliment. But as it's an unearned one, I think I probably won't write a blog post about it.

Indeed it's a compliment. And also a humble request because I'm interested in this subject. Perhaps my way of expression was not the best? But I'll take some time to see what other resources are available there.

I'm serious that you can read the (excellent) Quick Start for AFL, pick a C program (try recutils!) and get afl-fuzz running very quickly, and it's really sort of self-explanatory once it's running. It's a really well-built piece of software.

cpach 2338 days ago

Sometimes people write strange things ¯\_(ツ)_/¯

The Github page for afl-fuzz has a really excellent Getting Started doc.

Sounds cool. Could you share the link to their official git repo?

https://github.com/google/AFL

Hmm. Doesn't look like very "hands on" to me (README.md). Or then I just couldn't find the document you mentioned in the previous post. But I guess one has to learn these things by trial and error then.