The results are in. About 5 billion fuzz cases, a few 10 hours streams, and we found 6 unique bugs in OpenBSD ctags. All with an absolutely garbage fuzzer. Some were pretty tricky (uninit stack use, global overflows), but vecemu was able to detect em!
https://twitter.com/gamozolabs/status/1229379329248784385
https://gist.github.com/gamozolabs/ac79a6d755e44d71f5bf0659a0848265
#security #ctags #fuzzing
https://twitter.com/gamozolabs/status/1229379329248784385
https://gist.github.com/gamozolabs/ac79a6d755e44d71f5bf0659a0848265
#security #ctags #fuzzing