Fuzzing Binaries for Memory Safety Errors with QASan
Andrea Fioraldi, Daniele Cono D’Elia, Leonardo Querzoni
Abstract
Fuzz testing techniques are becoming pervasive for their ever-improving ability to generate crashing trial cases for programs. Memory safety violations however can lead to silent corruptions and errors, and a fuzzer may recognize them only in the presence of sanitization machinery. For closed-source software combining sanitization with fuzzing incurs practical obstacles that we try to tackle with an architecture-independent proposal called QASan for detecting heap memory violations. In our tests QASan is competitive with standalone sanitizers and adds a moderate 1.61x average slowdown to the AFL++ fuzzer while enabling it to reveal more heap-related bugs.
Topics & Concepts
Fuzz testingHeap (data structure)Computer scienceMemory leakMemory safetySoftware bugComputer securitySoftwareEmbedded systemOperating systemMemory managementProgramming languageOverlaySoftware Testing and Debugging TechniquesRadiation Effects in ElectronicsSecurity and Verification in Computing