"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "README.md" between
honggfuzz-2.4.tar.gz and honggfuzz-2.5.tar.gz

About: honggfuzz is a security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with powerful analysis options.

README.md  (honggfuzz-2.4):README.md  (honggfuzz-2.5)
# Honggfuzz # Honggfuzz
## Description ## Description
A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with inte resting analysis options. See the [Usage document](https://github.com/google/hon ggfuzz/blob/master/docs/USAGE.md) for a primer on Honggfuzz use. A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with inte resting analysis options. See the [Usage document](https://github.com/google/hon ggfuzz/blob/master/docs/USAGE.md) for a primer on Honggfuzz use.
## Code ## Code
* Latest stable version: [2.4](https://github.com/google/honggfuzz/releases) * Latest stable version: [2.5](https://github.com/google/honggfuzz/releases)
* [Changelog](https://github.com/google/honggfuzz/blob/master/CHANGELOG) * [Changelog](https://github.com/google/honggfuzz/blob/master/CHANGELOG)
## Features ## Features
* It's __multi-process__ and __multi-threaded__: there's no need to run multip le copies of your fuzzer, as honggfuzz can unlock potential of all your availabl e CPU cores with a single running instance. The file corpus is automatically sha red and improved between all fuzzed processes. * It's __multi-process__ and __multi-threaded__: there's no need to run multip le copies of your fuzzer, as honggfuzz can unlock potential of all your availabl e CPU cores with a single running instance. The file corpus is automatically sha red and improved between all fuzzed processes.
* It's blazingly fast when the [persistent fuzzing mode](https://github.com/go ogle/honggfuzz/blob/master/docs/PersistentFuzzing.md)) is used. A simple/empty _ LLVMFuzzerTestOneInput_ function can be tested with __up to 1mo iterations per s econd__ on a relatively modern CPU (e.g. i7-6700K). * It's blazingly fast when the [persistent fuzzing mode](https://github.com/go ogle/honggfuzz/blob/master/docs/PersistentFuzzing.md) is used. A simple/empty _L LVMFuzzerTestOneInput_ function can be tested with __up to 1mo iterations per se cond__ on a relatively modern CPU (e.g. i7-6700K).
* Has a [solid track record](#trophies) of uncovered security bugs: the __only __ (to the date) __vulnerability in OpenSSL with the [critical](https://www.open ssl.org/news/secadv/20160926.txt) score mark__ was discovered by honggfuzz. See the [Trophies](#trophies) paragraph for the summary of findings to the date. * Has a [solid track record](#trophies) of uncovered security bugs: the __only __ (to the date) __vulnerability in OpenSSL with the [critical](https://www.open ssl.org/news/secadv/20160926.txt) score mark__ was discovered by honggfuzz. See the [Trophies](#trophies) paragraph for the summary of findings to the date.
* Uses low-level interfaces to monitor processes (e.g. _ptrace_ under Linux an d NetBSD). As opposed to other fuzzers, it __will discover and report hijacked/i gnored signals from crashes__ (intercepted and potentially hidden by a fuzzed pr ogram). * Uses low-level interfaces to monitor processes (e.g. _ptrace_ under Linux an d NetBSD). As opposed to other fuzzers, it __will discover and report hijacked/i gnored signals from crashes__ (intercepted and potentially hidden by a fuzzed pr ogram).
* Easy-to-use, feed it a simple corpus directory (can even be empty for the [f eedback-driven fuzzing](https://github.com/google/honggfuzz/blob/master/docs/Fee dbackDrivenFuzzing.md)), and it will work its way up, expanding it by utilizing feedback-based coverage metrics. * Easy-to-use, feed it a simple corpus directory (can even be empty for the [f eedback-driven fuzzing](https://github.com/google/honggfuzz/blob/master/docs/Fee dbackDrivenFuzzing.md)), and it will work its way up, expanding it by utilizing feedback-based coverage metrics.
* Supports several (more than any other coverage-based feedback-driven fuzzer) hardware-based (CPU: branch/instruction counting, __Intel BTS__, __Intel PT__) and software-based [feedback-driven fuzzing](https://github.com/google/honggfuzz /blob/master/docs/FeedbackDrivenFuzzing.md) modes. Also, see the new __[qemu mod e](https://github.com/google/honggfuzz/tree/master/qemu_mode)__ for blackbox bin ary fuzzing. * Supports several (more than any other coverage-based feedback-driven fuzzer) hardware-based (CPU: branch/instruction counting, __Intel BTS__, __Intel PT__) and software-based [feedback-driven fuzzing](https://github.com/google/honggfuzz /blob/master/docs/FeedbackDrivenFuzzing.md) modes. Also, see the new __[qemu mod e](https://github.com/google/honggfuzz/tree/master/qemu_mode)__ for blackbox bin ary fuzzing.
* Works (at least) under GNU/Linux, FreeBSD, NetBSD, Mac OS X, Windows/CygWin and [Android](https://github.com/google/honggfuzz/blob/master/docs/Android.md). * Works (at least) under GNU/Linux, FreeBSD, NetBSD, Mac OS X, Windows/CygWin and [Android](https://github.com/google/honggfuzz/blob/master/docs/Android.md).
* Supports the __persistent fuzzing mode__ (long-lived process calling a fuzze d API repeatedly). More on that can be found [here](https://github.com/google/ho nggfuzz/blob/master/docs/PersistentFuzzing.md). * Supports the __persistent fuzzing mode__ (long-lived process calling a fuzze d API repeatedly). More on that can be found [here](https://github.com/google/ho nggfuzz/blob/master/docs/PersistentFuzzing.md).
* It comes with the __[examples](https://github.com/google/honggfuzz/tree/mast er/examples) directory__, consisting of real world fuzz setups for widely-used s oftware (e.g. Apache HTTPS, OpenSSL, libjpeg etc.). * It comes with the __[examples](https://github.com/google/honggfuzz/tree/mast er/examples) directory__, consisting of real world fuzz setups for widely-used s oftware (e.g. Apache HTTPS, OpenSSL, libjpeg etc.).
* Provides a __[corpus minimization](https://github.com/google/honggfuzz/blob/ master/docs/USAGE.md#corpus-minimization--m)__ mode. * Provides a __[corpus minimization](https://github.com/google/honggfuzz/blob/ master/docs/USAGE.md#corpus-minimization--m)__ mode.
--- ---
skipping to change at line 90 skipping to change at line 90
* [CVE-2010-2497](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2497) * [CVE-2010-2497](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2497)
* [CVE-2010-2498](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2498) * [CVE-2010-2498](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2498)
* [CVE-2010-2499](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2499) * [CVE-2010-2499](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2499)
* [CVE-2010-2500](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2500) * [CVE-2010-2500](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2500)
* [CVE-2010-2519](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2519) * [CVE-2010-2519](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2519)
* [CVE-2010-2520](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2520) * [CVE-2010-2520](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2520)
* [CVE-2010-2527](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2527) * [CVE-2010-2527](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2527)
* Stack corruption issues in the Windows OpenType parser: [#1](https://github. com/xinali/AfdkoFuzz/blob/4eadcb19eacb2fb73e4b0f0b34f382a9331bb3b4/CrashesAnalys is/CrashesAnalysis_3/README.md), [#2](https://github.com/xinali/AfdkoFuzz/blob/m aster/CVE-2019-1117/README.md), [#3](https://github.com/xinali/AfdkoFuzz/tree/f6 d6562dd19403cc5a1f8cef603ee69425b68b20/CVE-2019-1118) * Stack corruption issues in the Windows OpenType parser: [#1](https://github. com/xinali/AfdkoFuzz/blob/4eadcb19eacb2fb73e4b0f0b34f382a9331bb3b4/CrashesAnalys is/CrashesAnalysis_3/README.md), [#2](https://github.com/xinali/AfdkoFuzz/blob/m aster/CVE-2019-1117/README.md), [#3](https://github.com/xinali/AfdkoFuzz/tree/f6 d6562dd19403cc5a1f8cef603ee69425b68b20/CVE-2019-1118)
* [Infinite loop in __NGINX Unit__](https://github.com/nginx/unit/commit/477e8 177b70acb694759e62d830b8a311a736324) * [Infinite loop in __NGINX Unit__](https://github.com/nginx/unit/commit/477e8 177b70acb694759e62d830b8a311a736324)
* A couple of problems in the [__MATLAB MAT File I/O Library__](https://source forge.net/projects/matio): [#1](https://github.com/tbeu/matio/commit/406438f4979 31f45fb3edf6de17d3a59a922c257), [#2](https://github.com/tbeu/matio/commit/406438 f497931f45fb3edf6de17d3a59a922c257), [#3](https://github.com/tbeu/matio/commit/a 55b9c2c01582b712d5a643699a13b5c41687db1), [#4](https://github.com/tbeu/matio/com mit/3e6283f37652e29e457ab9467f7738a562594b6b), [#5](https://github.com/tbeu/mati o/commit/783ee496a6914df68e77e6019054ad91e8ed6420) * A couple of problems in the [__MATLAB MAT File I/O Library__](https://source forge.net/projects/matio): [#1](https://github.com/tbeu/matio/commit/406438f4979 31f45fb3edf6de17d3a59a922c257), [#2](https://github.com/tbeu/matio/commit/406438 f497931f45fb3edf6de17d3a59a922c257), [#3](https://github.com/tbeu/matio/commit/a 55b9c2c01582b712d5a643699a13b5c41687db1), [#4](https://github.com/tbeu/matio/com mit/3e6283f37652e29e457ab9467f7738a562594b6b), [#5](https://github.com/tbeu/mati o/commit/783ee496a6914df68e77e6019054ad91e8ed6420)
* __Samba__ [tdbdump + tdbtool](http://seclists.org/oss-sec/2018/q2/206), [#2] (https://github.com/samba-team/samba/commit/183da1f9fda6f58cdff5cefad133a86462d5 942a), [#3](https://github.com/samba-team/samba/commit/33e9021cbee4c17ee2f11d02b 99902a742d77293), [#4](https://github.com/samba-team/samba/commit/ac1be895d2501d c79dcff2c1e03549fe5b5a930c), [#5](https://github.com/samba-team/samba/commit/b1e da993b658590ebb0a8225e448ce399946ed83), [#6](https://github.com/samba-team/samba /commit/f7f92803f600f8d302cdbb668c42ca8b186a797f) [CVE-2019-14907](https://www.s amba.org/samba/security/CVE-2019-14907.html) [CVE-2020-10745](https://www.samba. org/samba/security/CVE-2020-10745.html) * __Samba__ [tdbdump + tdbtool](http://seclists.org/oss-sec/2018/q2/206), [#2] (https://github.com/samba-team/samba/commit/183da1f9fda6f58cdff5cefad133a86462d5 942a), [#3](https://github.com/samba-team/samba/commit/33e9021cbee4c17ee2f11d02b 99902a742d77293), [#4](https://github.com/samba-team/samba/commit/ac1be895d2501d c79dcff2c1e03549fe5b5a930c), [#5](https://github.com/samba-team/samba/commit/b1e da993b658590ebb0a8225e448ce399946ed83), [#6](https://github.com/samba-team/samba /commit/f7f92803f600f8d302cdbb668c42ca8b186a797f) [CVE-2019-14907](https://www.s amba.org/samba/security/CVE-2019-14907.html) [CVE-2020-10745](https://www.samba. org/samba/security/CVE-2020-10745.html) [CVE-2021-20277](https://www.samba.org/s amba/security/CVE-2021-20277.html)
* [Crash in __djvulibre__](https://github.com/barak/djvulibre/commit/89d71b01d 606e57ecec2c2930c145bb20ba5bbe3) * [Crash in __djvulibre__](https://github.com/barak/djvulibre/commit/89d71b01d 606e57ecec2c2930c145bb20ba5bbe3)
* [Multiple crashes in __VLC__](https://www.pentestpartners.com/security-blog/ double-free-rce-in-vlc-a-honggfuzz-how-to/) * [Multiple crashes in __VLC__](https://www.pentestpartners.com/security-blog/ double-free-rce-in-vlc-a-honggfuzz-how-to/)
* [Buffer overflow in __ClassiCube__](https://github.com/UnknownShadow200/Clas siCube/issues/591) * [Buffer overflow in __ClassiCube__](https://github.com/UnknownShadow200/Clas siCube/issues/591)
* [Heap buffer-overflow (or UAF) in __MPV__](https://github.com/mpv-player/mpv /issues/6808) * [Heap buffer-overflow (or UAF) in __MPV__](https://github.com/mpv-player/mpv /issues/6808)
* [Heap buffer-overflow in __picoc__](https://gitlab.com/zsaleeba/picoc/issues /44) * [Heap buffer-overflow in __picoc__](https://gitlab.com/zsaleeba/picoc/issues /44)
* Crashes in __OpenCOBOL__: [#1](https://sourceforge.net/p/open-cobol/bugs/586 /), [#2](https://sourceforge.net/p/open-cobol/bugs/587/) * Crashes in __OpenCOBOL__: [#1](https://sourceforge.net/p/open-cobol/bugs/586 /), [#2](https://sourceforge.net/p/open-cobol/bugs/587/)
* DoS in __ProFTPD__: [#1](https://twitter.com/SecReLabs/status/11865482455534 83783) • [#2](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18217) * DoS in __ProFTPD__: [#1](https://twitter.com/SecReLabs/status/11865482455534 83783) • [#2](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18217)
* [Multiple security problems in ImageIO (iOS/MacOS)](https://googleprojectzer o.blogspot.com/2020/04/fuzzing-imageio.html) * [Multiple security problems in ImageIO (iOS/MacOS)](https://googleprojectzer o.blogspot.com/2020/04/fuzzing-imageio.html)
* [Memory corruption in __htmldoc__](https://github.com/michaelrsweet/htmldoc/ issues/370) * [Memory corruption in __htmldoc__](https://github.com/michaelrsweet/htmldoc/ issues/370)
* [Memory corruption in __OpenDetex__](https://github.com/pkubowicz/opendetex/ issues/60) * [Memory corruption in __OpenDetex__](https://github.com/pkubowicz/opendetex/ issues/60)
skipping to change at line 191 skipping to change at line 191
* [__RcppDeepStateTools__: A Linux-specific R package, with R functions for ru nning the DeepState test harness](https://github.com/akhikolla/RcppDeepStateTool s/commit/0b85b0b8b2ab357a0840f45957e2cb285d98d430) * [__RcppDeepStateTools__: A Linux-specific R package, with R functions for ru nning the DeepState test harness](https://github.com/akhikolla/RcppDeepStateTool s/commit/0b85b0b8b2ab357a0840f45957e2cb285d98d430)
* [__Materialize__: A streaming database for real-time applications](https://g ithub.com/MaterializeInc/materialize/pull/5519/commits/5eb09adb687c4980fc899582c efaa5e43d6e8ce7) * [__Materialize__: A streaming database for real-time applications](https://g ithub.com/MaterializeInc/materialize/pull/5519/commits/5eb09adb687c4980fc899582c efaa5e43d6e8ce7)
* [__Rust-Bitcoin__](https://github.com/rust-bitcoin/rust-lightning/pull/782) * [__Rust-Bitcoin__](https://github.com/rust-bitcoin/rust-lightning/pull/782)
* [__Substrate__: A next-generation framework for blockchain innovation](https ://github.com/rakanalh/substrate/pull/5) * [__Substrate__: A next-generation framework for blockchain innovation](https ://github.com/rakanalh/substrate/pull/5)
* [__Solana__: A fast, secure, and censorship resistant blockchain](https://gi thub.com/solana-labs/solana/issues/14707) * [__Solana__: A fast, secure, and censorship resistant blockchain](https://gi thub.com/solana-labs/solana/issues/14707)
* [__fwupd__: A project that aims to make updating firmware on Linux automatic , safe and reliable](https://github.com/fwupd/fwupd/pull/2666) * [__fwupd__: A project that aims to make updating firmware on Linux automatic , safe and reliable](https://github.com/fwupd/fwupd/pull/2666)
* [__polkadot__: Implementation of a https://polkadot.network node in Rust bas ed on the Substrate framework](https://github.com/paritytech/polkadot/pull/2021/ commits/b731cfa34e330489ecd832b058e82ce2b88f75f5) * [__polkadot__: Implementation of a https://polkadot.network node in Rust bas ed on the Substrate framework](https://github.com/paritytech/polkadot/pull/2021/ commits/b731cfa34e330489ecd832b058e82ce2b88f75f5)
* [__P0__: Fuzzing ImageIO](https://googleprojectzero.blogspot.com/2020/04/fuz zing-imageio.html) * [__P0__: Fuzzing ImageIO](https://googleprojectzero.blogspot.com/2020/04/fuz zing-imageio.html)
* [__TrapFuzz__: by P0](https://github.com/googleprojectzero/p0tools/tree/ma ster/TrapFuzz) * [__TrapFuzz__: by P0](https://github.com/googleprojectzero/p0tools/tree/ma ster/TrapFuzz)
* [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest)
* [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+ honggfuzz%22&type=Code) * [_and multiple Rust projects_](https://github.com/search?q=%22extern+crate +honggfuzz%22&type=Code)
## Contact ## Contact
* User mailing list: [honggfuzz@googlegroups.com](mailto:honggfuzz@googlegroup s.com), sign up with [this link](https://groups.google.com/forum/#!forum/honggfu zz). * User mailing list: [honggfuzz@googlegroups.com](mailto:honggfuzz@googlegroup s.com), sign up with [this link](https://groups.google.com/forum/#!forum/honggfu zz).
__This is NOT an official Google product__ __This is NOT an official Google product__
 End of changes. 4 change blocks. 
4 lines changed or deleted 4 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)