Hacker News new | past | comments | ask | show | jobs | submit login

Why does it use fuzzed input in the first place? Couldn’t one just use random input from the beginning instead? It would be effectively equivalent but fuzzing of a "hello" string seems to be roundabout.



Well, "hello" is pretty random. :) It was probably just used for dramatic effect in the demo, and you have to start with something - of course even a 0 byte file would be enough.

You could also have a started with a valid .jpg with lots of complicated embedded exif metadata sections etc, and have a good chance of triggering bugs in those code paths without having to "discover exif" first.


From the article: it works without any special preparation: there is nothing special about the "hello" string.


He said it took a day to find good jpg images. If you started the program with a valid input, then it would take much less time to explore the other code paths.


In this case "hello" was just a pseudorandom starter to seed the fuzzer.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: