search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Well There’s Your Problem: Isolating the Crash-Inducing Bits in a Fuzzed File

Technical Note
By
In this 2012 report, Allen Householder describes an algorithm for reverting bits from a fuzzed file to those found in the original seed file to recreate the crash.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2012-TN-018
DOI (Digital Object Identifier)
10.1184/R1/6585893.v1
Subjects

Abstract

Mutational input testing (fuzzing, and in particular dumb fuzzing) is an effective technique for discovering vulnerabilities in software. However, many of the bitwise changes in fuzzed input files are not relevant to the actual software crashes found. This report describes an algorithm that efficiently reverts bits from the fuzzed file to those found in the original seed file, keeping only the minimal bits required to recreate the crash under investigation. This technique reduces the complexity of analyzing a crashing test case by eliminating the changes to the seed file that are not essential to the crash being evaluated.

SHARE
Download PDF
Cite This Technical Note

Householder, A. (2012, October 1). Well There’s Your Problem: Isolating the Crash-Inducing Bits in a Fuzzed File. (Technical Note CMU/SEI-2012-TN-018). Retrieved April 18, 2024, from https://doi.org/10.1184/R1/6585893.v1.

@techreport{householder_2012,
author={Householder, Allen},
title={Well There’s Your Problem: Isolating the Crash-Inducing Bits in a Fuzzed File},
month={Oct},
year={2012},
number={CMU/SEI-2012-TN-018},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6585893.v1},
note={Accessed: 2024-Apr-18}
}

Householder, Allen. "Well There’s Your Problem: Isolating the Crash-Inducing Bits in a Fuzzed File." (CMU/SEI-2012-TN-018). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, October 1, 2012. https://doi.org/10.1184/R1/6585893.v1.

A. Householder, "Well There’s Your Problem: Isolating the Crash-Inducing Bits in a Fuzzed File," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2012-TN-018, 1-Oct-2012 [Online]. Available: https://doi.org/10.1184/R1/6585893.v1. [Accessed: 18-Apr-2024].

Householder, Allen. "Well There’s Your Problem: Isolating the Crash-Inducing Bits in a Fuzzed File." (Technical Note CMU/SEI-2012-TN-018). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Oct. 2012. https://doi.org/10.1184/R1/6585893.v1. Accessed 18 Apr. 2024.

Householder, Allen. Well There’s Your Problem: Isolating the Crash-Inducing Bits in a Fuzzed File. CMU/SEI-2012-TN-018. Software Engineering Institute. 2012. https://doi.org/10.1184/R1/6585893.v1

Ask a question about this Technical Note