"Hiromasa Ito" <address@hidden> wrote:
I have written a new test driver and ran a fuzzing campaign on lwIP with
American Fuzzy Lop (AFL).
As a result, I have found nine crashes caused by assertion failures, and they
seem to be bugs.
I have already reported two of them, but still have seven crashes not reported.
https://savannah.nongnu.org/bugs/?51447
https://savannah.nongnu.org/bugs/?55706
There for, I have two questions for developers.
First, how should I report these unreported crashes?
As bug reports, like above.
Should I report them individually, like the ones above?
That depends if they are real separate issues (report individually) or crashes
in the same area (combine in one bug).
If needed, I can upload the test driver, crashed inputs, and the source codes
of lwIP I used.
The crashed inputs are certainly needed!
The test driver would be interesting. You might have noticed we have and AFL
setup in test/fuzz and input files in test/fuzz/inputs. I'd be happy to
incorporate changes if appropriate.
Second, can I write about these crashes in my academic paper?
I'm a master's student in computer science in Japan.
If any bugs cause these crashes, I'd like to write about them in my paper.
If it is inconvenient, please let me know.
Yes, I don't see a problem writing about that.
Regards,
Simon
Best regards,
Hiromasa
_______________________________________________
lwip-devel mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/lwip-devel
_______________________________________________
lwip-devel mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/lwip-devel