Riking Riking - 4 months ago 23
C Question

How do I fuzz a stdarg.h function?

I've written a function similar to printf in operation, and I want to fuzz it to check for bugs. afl-fuzz gives me a input file, but I'm struggling to think of a way to turn this into varargs input.

Is there any way to dynamically construct a va_list or otherwise dynamically construct the argument list?


dyncall appears to have been written to do what you want, although I have not personally used it.

An alternative approach would be to generate source code that calls the function in question with a lot of inputs. It is much less elegant, but It should be straightforward to program.