libgmp differential fuzzer running on Google's oss-fuzz

Niels Möller nisse at
Thu Jul 12 08:58:31 UTC 2018

Guido Vranken <guidovranken at> writes:

> I built a bignum differential fuzzer [1] that has been running on
> Google's oss-fuzz service [2] for a while. It performs the same
> mathematical operations (addition, subtraction, multiplication,
> modular exponentation, etc) across multiple bignum libraries (
> currently OpenSSL, Go, Rust, C++ Boost, libgmp), compares their
> results and crashes if they don't match.

You may want to add mini-gmp to the list of tested libraries, even if
it's not strictly a "library". It is likely to have different bugs than

Also beware that valgrind-based testing of gmp requires support for
recent instructions. The oss-fuzz tests of gnutls have recently suffered
from valgrind having problems with instructions such as mulx (I'm
assuming most of these tests are on x86_64 architecture).

Feel free to cc my work address (nisse at on any resulting


Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.

More information about the gmp-devel mailing list