Brussels / 4 & 5 February 2017


Modern Fuzzing of Media-processing projects

Keeping media processing secure and stable

The talk gives an overview of fuzzing of media formats based on our experience in Google Chrome. Besides those tips and tricks, we will also share how Open Media developers may join a recently announced OSS-Fuzz project to use a powerful (thousands of CPU cores) and automated fuzzing infrastructure for free.

In this talk, we will be speaking about guided in-process approach to fuzzing of Media-processing projects. We will explain advantages of continuous fuzzing using libFuzzer fuzzing engine, different memory tools such as AddressSanitizer and others fuzzing engines as well.

Media processing is always a complex thing. An appropriate and fine-tuned fuzz testing is a great way to uncover lots of security and stability issues. Just remember Stagefright or FFmpeg and a thousand fixes, for example.

At the end of the talk, we will share success stories of libFuzzer application for fuzzing of Media processing in Chromium browser and other projects.

Also we will present OSS-Fuzz project aimed to help Open Source Software to have continuous fuzzing at scale.

The talk is meant for C/C++ developers and test engineers working on Media-processing projects. After the talk, attendees will be able to write libFuzzer-based fuzzers, will know how to analyze performance of their fuzzers, how to improve them, and, finally, will be able to increase test coverage of their projects by adding of continuous fuzz testing.


Photo of Max Moroz Max Moroz