QuickFuzz: An Automatic Random Fuzzer for Common File Formats (Haskell 2016)

Write a Blog >>

Sun 18 - Sat 24 September 2016 Nara, Japan

Who

Gustavo Grieco, Martín Ceresa, Pablo Buiras

Track

Haskell 2016

Time Zone

The program is currently displayed in (GMT+09:00) Osaka, Sapporo, Tokyo.

Use conference time zone: (GMT+09:00) Osaka, Sapporo, TokyoSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Thu 22 Sep 2016 09:50 - 10:15 at Noh Theater - Testing Chair(s): Stephanie Weirich

Abstract

Fuzzing is a technique that involves testing programs using invalid
or erroneous inputs. Most fuzzers require a set of valid inputs as a
starting point, in which mutations are then introduced. QuickFuzz is a
fuzzer that leverages QuickCheck-style random test-case generationto automatically test programs that manipulate common file formats
by fuzzing. We rely on existing Haskell implementations of
file-format-handling libraries found on Hackage, the
community-driven Haskell code repository. We have tried QuickFuzz
in the wild and found that the approach is effective in
discovering vulnerabilities in real-world implementations of browsers,
image processing utilities and file compressors among others.
In addition, we introduce a mechanism to automatically derive random generators for the types
representing these formats. QuickFuzz handles most well-known image
and media formats, and can be used to test programs and libraries
written in any language.

DOI

https://doi.org/10.1145/2976002.2976017

Gustavo Grieco

Martín Ceresa

Pablo Buiras

Chalmers University of Technology