It's crazy how much fuzzing has changed in a decade. The fact that you can just write some code in your native language and get top quality fuzzing is incredible. You used to have to put 'pits' together and run peach or honestly just roll your own, no way you'd have access to the instrumentation at the level we do now.
The 'rust fuzzing' experience is really solid. You just 'derive' your way through it and you're 99% done.
> It’s quite natural and more efficient to start this process with something like Vec::with_capacity(list_length). Usually this is fine, but if the minidump is corrupt (or malicious), then this length could be impossibly large and cause us to immediately OOM.
That's a fun one. I `with_capacity` all the time and I guess I hadn't really thought too much about whether the value I pass in is strictly valid every time. Food for though.
Anyway, awesome write up, and great nod to Mario universes, which itself is a wild ride.
The 'rust fuzzing' experience is really solid. You just 'derive' your way through it and you're 99% done.
> It’s quite natural and more efficient to start this process with something like Vec::with_capacity(list_length). Usually this is fine, but if the minidump is corrupt (or malicious), then this length could be impossibly large and cause us to immediately OOM.
That's a fun one. I `with_capacity` all the time and I guess I hadn't really thought too much about whether the value I pass in is strictly valid every time. Food for though.
Anyway, awesome write up, and great nod to Mario universes, which itself is a wild ride.