Applying Modern Fuzzing Techniques to Data Compression Libraries

An exploration of fuzzing techniques applied to open source data compression libraries using LibAFL

Text

Initial situation

Fuzzing is a powerful technique of software testing. It works by generating inputs for a function or program and checking if an undesirable behaviour occurs (e.g. segmentation fault, use-after-free, buffer overflow, integer over- or underflow, etc.). Modern fuzzers use coverage tracing to identify inputs which reach new code paths, in order to increase the chances of finding interesting ones, improving iteration speed. Writing fuzzers from scratch is tricky since the optimization techniques used in state-of-the-art fuzzers are highly complex.

LibAFL is a Library written in Rust, which can be used to quickly write fuzzers for any target. It offers a range of configuration options to tailor any part of the fuzzing chain to any target needs.

Project goal

Compression libraries are widely used when processing user inputs, meaning there is a large interest in safety and security of these pieces of software. The goal of this project is to explore a range of modern fuzzing techniques by applying them to these libraries. If any vulnerabilities or other bugs are found in the course of the project, they will be reported to the concerned parties in a responsible disclosure.

Fuzzing 7-Zip using AFL++
                            
AFL++ fuzzing the UNIX 7-Zip command line tool. No crashes were found after more than two weeks of fuzzing.
Coverage Reporting
                            
Keeping track of coverage during fuzzing in order to get an indication of progress.
Fuzzing takes time
                            
Some of our fuzzers were run for more than 1000 hours.

Solution developed and its benefits

Over the course of this project, we wrote a number of fuzzers for a range of open-source compression software, some niche, some widely used.

The following software was analyzed:

In order to fuzz these targets efficiently, we made use of many modern fuzzing techniques developed in recent years. Some of the explored techniques are:

In-Process Fuzzing
Forkservers
QEMU emulation
Concolic Testing

FuzzingFuzzing is a software testing technique by which random inputs are generated in hopes of finding bugs or vulnerabilities.
CompressionData compression is used to reduce the size of data. The compressed data can be decompressed again, these decompression methods are the main targets of this projects.
LibAFLLibAFL is a Rust library for creating optimized fuzzers for any target.

Semester project IP5
Fall 2024, Dept. of Computer Science
Submitted by Christopher Scherb
2025-01-17

Team

Samuel Burkhardt
Marius Gebhardt

Advisor
Christopher Scherb