Here is a snippet of code:
struct somedata {
char mychar;
int myint;
unsigned short myushort;
string mystring;
};
void some_func(somedata *data) {
/* does something with data */
}
How do you write a perfect fuzzing function to test the correct functionality, security, and robustness of this code?
By perfect I mean complete tests that cover all cases (if possible). Say: out of range values, different data types, etc..
You do not have source code for some_func.
It seems that I got fuzzing wrong.
Fuzz testing is a simple technique that can have a profound effect on your code quality. In fuzzing we inject random bad data into an application to see what breaks
Because Fuzzing != Testing, we do not build perfect test-cases or test all possible cases, instead we just generate random bad data and insert it into the application.
A Typical fuzzing function for the mentioned code would be:
void fuzzTesting ()
{
//create somedata
somedata data;
//generate a random vector
srand(time(NULL)); //seed = current_time
//bufferOverflow
int i= 200000
while(i>=0)
{
r = rand()
data.mychar = r;
data.myint = r;
data.myushort = r;
some_func(&data);
--i;
}
//Format String
int i= 200000
while(i>=0)
{
r = rand()
data.mychar = '%s' + r;
data.myint = '%s' + r;
data.myushort = '%s' + r;
some_func(&data);
--i;
}
//Integer overflow
int i= 200000
while(i>=0)
{
r = rand()
data.mychar = r + 0xffffffff;
data.myint = r + 0xffffffff;
data.myushort = r + 0xffffffff;
some_func(&data);
--i;
}
}
for more fuzz testing vectors and details see this wikipage