Description
Vulnerabilities in software libraries can potentially affect an immense number of different
applications. Consequently, libraries are one of the most critical targets for Fuzzing.
One of the major challenges when fuzzing libraries is the necessity of fuzz drivers.
These are required for fuzzing libraries with many state-of-the-art fuzzers and usually
have to be created manually.
AutoDriver is a tool that automatically generates such fuzz drivers for library fuzzing,
simplifying this process. However, fuzzing, especially with AutoDriver, often produces
overly large and complex crash inputs, making it more challenging to debug the
underlying issues. Several existing tools, known as crash minimizers, aim to tackle
this problem. These conventional minimizers struggle to reduce the size of AutoDriver
crash inputs due to their complex structure.
In this thesis, we develop a structure-aware minimizer that leverages structural
information from AutoDriver to reduce input size more efficiently. For this minimizer,
we adapt several existing algorithms based on Delta Debugging. Furthermore, we
introduce three new algorithms designed to outperform traditional methods.
We evaluate these algorithms and compare the most significant ones against existing
minimizers. Our results demonstrate that utilizing structural information offers substantial
advantages, achieving reductions in input size and minimization speed up to
two orders of magnitude better than existing tools. Additionally, our new algorithms
consistently outperform traditional approaches.
|
