Error handling code is often critical but difficult to test in reality. As a result, many hard-to-find bugs exist in error handling code and may cause serious security problems once triggered. Fuzzing has become a widely used technique for finding software bugs nowadays. Fuzzing approaches mutate and/or generate various inputs to cover infrequently-executed code. However, existing fuzzing approaches are very limited in testing error handling code, because some of this code can be only triggered by occasional errors (such as insufficient memory and network-connection failures), but not specific inputs. Therefore, existing fuzzing approaches in general cannot effectively test such error handling code. In this paper, we propose a new fuzzing framework named FIFUZZ, to effectively test error handling code and detect bugs. The core of FIFUZZ is a context-sensitive software fault injection (SFI) approach, which can effectively cover error handling code in different calling contexts to find deep bugs hidden in error handling code with complicated contexts. We have implemented FIFUZZ and evaluated it on 9 widely-used C programs. It reports 317 alerts which are caused by 50 unique bugs in terms of the root causes. 32 of these bugs have been confirmed by related developers. We also compare FIFUZZ to existing fuzzing tools (including AFL, AFLFast, AFLSmart and FairFuzz), and find that FIFUZZ finds many bugs missed by these tools. We believe that FIFUZZ can effectively augment existing fuzzing approaches to find many real bugs that have been otherwise missed.
|Original language||English (US)|
|Title of host publication||Proceedings of the 29th USENIX Security Symposium|
|Number of pages||18|
|State||Published - 2020|
|Event||29th USENIX Security Symposium - Virtual, Online|
Duration: Aug 12 2020 → Aug 14 2020
|Name||Proceedings of the 29th USENIX Security Symposium|
|Conference||29th USENIX Security Symposium|
|Period||8/12/20 → 8/14/20|
Bibliographical noteFunding Information:
We thank our shepherd, Deian Stefan, and anonymous reviewers for their helpful advice on the paper. This work was mainly supported by the China Postdoctoral Science Foundation under Project 2019T120093. Kangjie Lu was supported in part by the NSF award CNS-1931208. Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of NSF. Jia-Ju Bai is the corresponding author.