Hi Marc,
On 05.10.2011 14:55, Marc-André Laverdière wrote:
Why bother about this? Why not use what's available out there? Well...
- Fuzzgrind isn't well documented and won't work out of the box,
- zzuf has too many bells and whistles, and won't guarantee that every
byte has been messed up with. I used it to generate a lot of cases, and
it fills a disk quickly enough
- Peachfuzz and others that rely on a specification: well, we have file
formats with hundreds of pages specified.
I suggest using the "CERT Basic Fuzzing Framework":
http://www.cert.org/blogs/certcc/2010/05/cert_basic_fuzzing_framework.html
It looks very promising, and is quite easy to use (once you created a
good start script for using it with OOo).
Actually, CERT did test it also with OOo.
Malte.
Context
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.