Harness int my_system(char* str) { printf(">>> Call system: %s\n", str); for(int i=0; str[i]; i++) if((unsigned char)(str[i]) > 128) { fprintf(stderr, "invalid system: %s\n", str); abort(); } // return system(str); return 0; } FILE* my_popen(char* str, char* mode) { printf(">>> Call popen: %s\n", str); for(int i=0; str[i]; i++) if((unsigned char)(str[i]) > 128) { fprintf(stderr, "invalid popen: %s\n", str); abort(); } // return popen(str, mode); return NULL; } // in main { // .

Write a harness int main(int argc, char **argv) { register int ch; int dumplvl, pas, eval; char *mode; FILE *fp; progname = argv[0]; dumplvl = eval = 0; debug = quiet = FALSE; pas = TRUE; #ifdef WIN32 mode = "rb"; #else mode = "r"; #endif while ((ch = getopt(argc, argv, "acivuldqs:")) != -1) switch (ch) { case 'a': dumplvl |= (ED_CAM | ED_IMG | ED_VRB); break; case 'c': dumplvl |= ED_CAM; break; case 'i': dumplvl |= ED_IMG; break; case 'v': dumplvl |= ED_VRB; break; case 'u': dumplvl |= ED_UNK; break; case 'l': pas = FALSE; break; case 'd': debug = TRUE; break; case 'q': quiet = TRUE; break; case 's': delim = optarg; break; case '?

Write a harness The code in exif.c is poorly written, and I suspect there are vulnerabilities in it. That’s why I’ve chosen to fuzz the ProcessExifDir function here. It is called after user rotates a jpeg file and press the “save” button. Harness: int harness(const char * fname, int new_angle) { int fail = FALSE; int exif_angle = 0; int a; if(new_angle == 0) return TRUE; // use jhead functions ResetJpgfile(); // Start with an empty image information structure.

I am going to fuzz real-world programs to find out vulnerabilities. The first step is to find some “proper” targets, which are easy to expose bugs under fuzz testing. Debian packages is a large collection of widely used programs. We will focus on programs included by Debian 11 “bullseye” distribution, and answer the questions below: How many packages have at least one associated CVE? How many CVEs does each package have on average?