Syntactic Resilience in Greybox Fuzzing: Automated Error Recovery
Abstract
Fuzz testing, an automated technique that introduces random data inputs to systems, has demonstrated remarkable effectiveness in identifying vulnerabilities. Its scalability and automation have made it a focal point of interest in both academic and industrial settings. However, traditional fuzzing techniques often struggle to generate diverse, rare inputs that conform to a program’s input specifications, thereby limiting their full potential. To address these challenges, I propose AFLRepair, a novel approach that applies random mutations to program inputs and subsequently repairs the syntax of any resulting invalid inputs. AFLRepair leverages bytelevel mutations to create a wide array of test cases while ensuring their validity, facilitating the exploration of diverse execution paths within critical program regions. This significantly increases the likelihood of uncovering hidden bugs. Preliminary experiments have revealed a crash on the Lua interpreter. The plan is to continue to validate AFLRepair through comprehensive fuzzing experiments on several open-source software, reporting any vulnerabilities discovered.