Fuzz - 4.0 - Challenging constraints

Fuzzers are made to be automated testing, aims to create a crash, collect details around it, and it should be able to reproduce the same crashes afterwards.

When you write a fuzzers, here are some of the challenging issues you should focus.

Missing testing some dangerous code branches

if (var_1 ) {
 //..somehow skipped dangerous code path
} else {
 // safe code path
}

Fuzzers can be easy to skip some dangerous code branches, try to fuzz the app with higher level of code coverage.

Keep in minds that high level code coverage doesnt mean that you have tested every conditions in that. For example: a function called 10 times and it will produce a crash. In code coverage requirement, it only need to be tested once.

Bit packing issues

Its very hard to detect logic bugs via fuzzing programming requires bit memory manipulation, the data chunk may be harmful and fuzzing its very hard to test those cases out.