Brussels / 31 January & 1 February 2015


Fuzzing (on) FreeBSD

(Mostly) automated bug discovery with security/afl

Fuzzing can help to find various kinds of bugs automatically. It may also highlight "weak" spots that deserve manual code inspection.

Both FreeBSD itself and the ports we use daily contain bugs that have yet to be discovered and fixed.

American fuzz lop (security/afl) is a fast intrumented fuzzer available in ports.

I'll present a couple of bugs that were already found with it and describe the code modifications that were used to increase the efficiency.


Fabian Keil