Fuzzing rust-minidump for Embarrassment and Crashes – Part 2 – Mozilla Hacks - the Web developer blog
For the last year, we've been working on the development of rust-minidump. The final part in this series takes you through fuzzing rust-minidump.
Hasnain says:
This was a great technical read that explains fuzzing and goes into some of the found issues. I do recommend reading part 1 first - I read it a few weeks ago and was waiting for part 2!
“I think we’ve all heard stories of someone running a shiny new tool on some big project they know nothing about, mass filing a bunch of issues that just say “this tool says your code has a problem, fix it” and then disappearing into the mist and claiming victory.
This is not a pleasant experience for someone trying to maintain a project. You’re dumping a lot on my plate if I don’t know the tool, have trouble running the tool, don’t know exactly how you ran it, etc.
It’s also very easy to come up with a huge pile of issues with very little sense of how significant they are.
Some things are only vaguely dubious, while others are horribly terrifying exploits. We only have so much time to work on stuff, you’ve gotta help us out!
And in this regard 5225225’s contributions were just, bloody beautiful.
Like, shockingly fantastic.”
Posted on 2022-07-01T04:58:36+0000