libgmp differential fuzzer running on Google's oss-fuzz

Torbjörn Granlund tg at
Wed Jul 11 15:24:26 UTC 2018

Guido Vranken <guidovranken at> writes:

  I built a bignum differential fuzzer [1] that has been running on
  Google's oss-fuzz service [2] for a while. It performs the same
  mathematical operations (addition, subtraction, multiplication,
  modular exponentation, etc) across multiple bignum libraries (
  currently OpenSSL, Go, Rust, C++ Boost, libgmp), compares their
  results and crashes if they don't match. This effort has so far
  found a couple of (minor) bugs in OpenSSL and Go.

What is the "fuzz" in the case of arithmetic?

I understand the test concept of fuzzing as feeding someting (like a
parser) with slightly incorrect input, with the inserted errors being
(pseudo) randomly selected.

Or is fuzzing perhaps a novel term for testing?

  As soon as a mismatch is found, oss-fuzz will send a notification
  e-mail to the developers of the various bignum libraries so the bug
  can be examined and resolved.

  At which e-mail address(es) do the
  developers of libgmp wish to receive these notifications?

Do any perceived errors automatically generate mail?

I do not want a perpetually running test program to send me email.  Some
other GMP developer might want such mail.

But if you find some suspected error in GMP, please investigate it
manually and report it to the gmp-bugs mailing list.

External testing of GMP is a very good thing.  The GMP test suite is
great, but it is written by the very same developers who wrote GMP; we
might have missed some aspect.

Please encrypt, key id 0xC8601622

More information about the gmp-devel mailing list