tags:fuzzingmethodologylibfuzzer original link: Ring Around The Regex: Lessons learned from fuzzing regex libraries (Part 1) newsletter link: exploits.club Weekly Newsletter 28
Exploits Club Summary:
secret.club (no relation) put out an interesting post this week related to fuzzing regex libraries. Interestingly, author @addisoncrump_vr notes up front, “targets and bugs described below are instead offered as a study for fuzzing design decisions and understanding where fuzzing fails.” The blog takes a look at rust-lang/regex, in which Addison analyzes the OSS-Fuzz harness and describes ways it can be changed, including the pros and cons of each change (which can sometimes be counterintuitive). The post ends with the results and takeaways and a promise to follow up with part two covering PCRE2.