tags:fuzzingmethodologylibfuzzerlearning_resourceJIT original link: Ring Around The Regex: Lessons learned from fuzzing regex libraries (Part 2) newsletter link: exploits.club Weekly Newsletter 36 - Regex Fuzzing, C++ Metadata, Kernel Streaming, And More
Exploits Club Summary:
Everyoneâs second favorite club is back this week with a new fuzzing post. In Part 2 installment into the regex fuzzing series, @addisoncrump_vr continues his journey breaking down the uses and limitations around fuzzing, specifically in the context of evaluating regex libraries. This time, he looks at PCRE2. The library is already in OSS-Fuzz, but as Addison explains, this doesnât mean all hope is lost. The post then discusses some challenges, including an interesting insight into how coverage-guided fuzzing doesnât reflect a code regionâs behavior. Overall, the fuzzer found a handful of non-critical bugs - which sparked some additional philosophical questions touched on towards the end of the post.
backlinks: Ring Around The Regex - Lessons learned from fuzzing regex libraries (Part 1)