Fuzz testing techniques are becoming pervasive for their ever-improving ability to generate crashing trial cases for programs. Memory safety violations however can lead to silent corruptions and errors, and a fuzzer may recognize them only in the presence of sanitization machinery. For closed-source software combining sanitization with fuzzing incurs practical obstacles that we try to tackle with an architecture-independent proposal called QASan for detecting heap memory violations. In our tests QASan is competitive with standalone sanitizers and adds a moderate 1.61x average slowdown to the AFL++ fuzzer while enabling it to reveal more heap-related bugs.
2020, Proceedings - 2020 IEEE Secure Development, SecDev 2020, Pages 23-30
Fuzzing Binaries for Memory Safety Errors with QASan (04b Atto di convegno in volume)
Fioraldi A., Delia D. C., Querzoni L.
Gruppo di ricerca: Cybersecurity