avalanche
23 views
Skip to first unread message
Malgorzata Stefanowicz
Dec 20, 2011, 5:34:53 PM12/20/11
to Avalanche-users
Hi. I'm new to fuzzers and avalanche. i was wonder if it is possible
to check sample c program for buffer overflow only. For example for
this file:
int main () {
int buffer[10];
buffer[20] = 10;
}
Also was wonder if i can supply the data to my program from command
line rather than file?
Thank you.
to check sample c program for buffer overflow only. For example for
this file:
int main () {
int buffer[10];
buffer[20] = 10;
}
Also was wonder if i can supply the data to my program from command
line rather than file?
Thank you.
Michael
Dec 22, 2011, 4:05:45 AM12/22/11
to Avalanche-users
Hello!
Avalanche uses valgrind plugins to run program and detect any errors.
We support only memcheck and helgrind (and our own covgrind), and
therefore can only report errors detected by them. Buffer overflow for
this example will not be detected neither by helgrind (it specified in
concurrency errors) nor memcheck (it works with dynamic memory only).
Also, we do not filter detected errors, so there is no way to check
for only one type.
I'm afraid that the answer to your second question is again 'no'.
Avalanche works with input sources for which the actual size of data
is known before the interaction - and this is not true for interactive
input.
On Dec 21, 2:34 am, Malgorzata Stefanowicz
Avalanche uses valgrind plugins to run program and detect any errors.
We support only memcheck and helgrind (and our own covgrind), and
therefore can only report errors detected by them. Buffer overflow for
this example will not be detected neither by helgrind (it specified in
concurrency errors) nor memcheck (it works with dynamic memory only).
Also, we do not filter detected errors, so there is no way to check
for only one type.
I'm afraid that the answer to your second question is again 'no'.
Avalanche works with input sources for which the actual size of data
is known before the interaction - and this is not true for interactive
input.
On Dec 21, 2:34 am, Malgorzata Stefanowicz
Reply all
Reply to author
Forward
0 new messages