libgmp differential fuzzer running on Google's oss-fuzz
Torbjörn Granlund
tg at gmplib.org
Wed Jul 11 15:24:26 UTC 2018
Guido Vranken <guidovranken at gmail.com> writes:
I built a bignum differential fuzzer [1] that has been running on
Google's oss-fuzz service [2] for a while. It performs the same
mathematical operations (addition, subtraction, multiplication,
modular exponentation, etc) across multiple bignum libraries (
currently OpenSSL, Go, Rust, C++ Boost, libgmp), compares their
results and crashes if they don't match. This effort has so far
found a couple of (minor) bugs in OpenSSL and Go.
What is the "fuzz" in the case of arithmetic?
I understand the test concept of fuzzing as feeding someting (like a
parser) with slightly incorrect input, with the inserted errors being
(pseudo) randomly selected.
Or is fuzzing perhaps a novel term for testing?
As soon as a mismatch is found, oss-fuzz will send a notification
e-mail to the developers of the various bignum libraries so the bug
can be examined and resolved.
At which e-mail address(es) do the
developers of libgmp wish to receive these notifications?
Do any perceived errors automatically generate mail?
I do not want a perpetually running test program to send me email. Some
other GMP developer might want such mail.
But if you find some suspected error in GMP, please investigate it
manually and report it to the gmp-bugs mailing list.
External testing of GMP is a very good thing. The GMP test suite is
great, but it is written by the very same developers who wrote GMP; we
might have missed some aspect.
--
Torbjörn
Please encrypt, key id 0xC8601622
More information about the gmp-devel
mailing list