{"id":25269716,"url":"https://github.com/marcellomaugeri/forkfuzz","last_synced_at":"2025-04-06T05:41:45.351Z","repository":{"id":189141101,"uuid":"641128321","full_name":"marcellomaugeri/forkfuzz","owner":"marcellomaugeri","description":"Official repository for the paper Forkfuzz: Leveraging the Fork-Awareness in Coverage-Guided Fuzzing. ","archived":false,"fork":false,"pushed_at":"2024-03-12T08:23:37.000Z","size":191918,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-05T13:48:40.832Z","etag":null,"topics":["coverage-guided-fuzzing","fuzzing","fuzzing-framework","multiprocess","multiprocessing"],"latest_commit_sha":null,"homepage":"https://link.springer.com/chapter/10.1007/978-3-031-54129-2_17","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/marcellomaugeri.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG","contributing":"CONTRIBUTING.md","funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-05-15T20:54:30.000Z","updated_at":"2025-03-19T13:57:21.000Z","dependencies_parsed_at":"2023-08-18T13:09:53.717Z","dependency_job_id":null,"html_url":"https://github.com/marcellomaugeri/forkfuzz","commit_stats":null,"previous_names":["marcellomaugeri/forkfuzz"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marcellomaugeri%2Fforkfuzz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marcellomaugeri%2Fforkfuzz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marcellomaugeri%2Fforkfuzz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marcellomaugeri%2Fforkfuzz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/marcellomaugeri","download_url":"https://codeload.github.com/marcellomaugeri/forkfuzz/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247441007,"owners_count":20939233,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["coverage-guided-fuzzing","fuzzing","fuzzing-framework","multiprocess","multiprocessing"],"created_at":"2025-02-12T11:18:54.033Z","updated_at":"2025-04-06T05:41:45.329Z","avatar_url":"https://github.com/marcellomaugeri.png","language":"C","readme":"# Forkfuzz\nOfficial repository for the paper \u003ca href=\"https://doi.org/10.1007/978-3-031-54129-2_17\"\u003e\u003ci\u003eForkfuzz: Leveraging the Fork-Awareness in Coverage-Guided Fuzzing\u003c/i\u003e\u003c/a\u003e.\nPlease cite the paper using the provided bib entry if you reference or utilise this work.\n```\n@InProceedings{10.1007/978-3-031-54129-2_17,\n author=\"Maugeri, Marcello\n and Daniele, Cristian\n and Bella, Giampaolo\",\n editor=\"Katsikas, Sokratis\n and Abie, Habtamu\n and Ranise, Silvio\n and Verderame, Luca\n and Cambiaso, Enrico\n and Ugarelli, Rita\n and Pra{\\c{c}}a, Isabel\n and Li, Wenjuan\n and Meng, Weizhi\n and Furnell, Steven\n and Katt, Basel\n and Pirbhulal, Sandeep\n and Shukla, Ankur\n and Ianni, Michele\n and Dalla Preda, Mila\n and Choo, Kim-Kwang Raymond\n and Pupo Correia, Miguel\n and Abhishta, Abhishta\n and Sileno, Giovanni\n and Alishahi, Mina\n and Kalutarage, Harsha\n and Yanai, Naoto\",\n title=\"Forkfuzz: Leveraging theĀ Fork-Awareness inĀ Coverage-Guided Fuzzing\",\n booktitle=\"Computer Security. ESORICS 2023 International Workshops\",\n year=\"2024\",\n publisher=\"Springer Nature Switzerland\",\n address=\"Cham\",\n pages=\"291--308\",\n abstract=\"Fuzzing is a widely adopted technique for automated vulnerability testing due to its effectiveness and applicability throughout the Software Development Life Cycle. Nevertheless, applying fuzzing ``out of the box'' to any system can prove to be a challenging endeavour. Consequently, the demand for target-specific solutions necessitates a substantial amount of manual intervention, which diverges from the automated nature typically associated with fuzzing. For example, prior research identified the lack of a solution for testing multi-process systems effectively. The problem is that coverage-guided fuzzers do not consider the possibility of having a system with more than one process. In this paper, we present Forkfuzz, a ``fork-aware'' fuzzer able to deal with multi-process systems. To the best of our knowledge, Forkfuzz is the first fork-aware fuzzer. It is built on top of Honggfuzz, one of the most popular and effective coverage-guided fuzzers, as reported by the Fuzzbench benchmark. To show its effectiveness, we tested our fuzzer over two classical programming problems: the Dining Philosophers Problem and a version of the Producer-Consumer Problem where the consumer (the child) process crashes for specific inputs. Furthermore, we evaluated Forkfuzz against a real and more complex scenario involving an HTTP server that handles multiple connections through multiple processes. The results of our evaluation demonstrate the effectiveness of Forkfuzz in identifying crashes and timeouts. Finally, we discuss possible improvements and challenges for the development and application of fork-aware fuzzing techniques.\",\n isbn=\"978-3-031-54129-2\"\n}\n```\n\n## 0. Installation\n```\nsudo apt-get install binutils-dev libunwind-dev libblocksruntime-dev clang\nmake\n```\n\n## 1. Dining Philosophers Problem\nThis case study shows a plausible pattern where forked processes stay in a hung state indefinitely without the possibility of exiting.\nTo avoid a process staying in a hung state and occupying resources, most fuzzers incorporate a timeout feature, which terminates a process if its execution time exceeds a specified limit.\nForkfuzz succeeds in detecting the timeout in the deadlocked runs.\n\n```\nexport FORKFUZZ_DIR=[path to forkfuzz]\ncd $FORKFUZZ_DIR/forkfuzz_testcases/dining_philosophers\nCC=$FORKFUZZ_DIR/hfuzz_cc/hfuzz-clang make\n$FORKFUZZ_DIR/honggfuzz -i ./input/ -s -n 1 -N 200 -- ./dining_philosophers.o\n```\n\nNote that deadlocks keep shared memory open, if necessary use this script to clean up the shared memory.\n```\nfor x in $(ipcs -m | awk '{print $2}'); do ipcrm -m $x; done\n```\n\n## 2. Producer Consumer Problem\n```\nexport FORKFUZZ_DIR=./\ncd $FORKFUZZ_DIR/forkfuzz_testcases/producer_consumer\nCC=$FORKFUZZ_DIR/hfuzz_cc/hfuzz-clang make\n$FORKFUZZ_DIR/honggfuzz -f ./input/ -n 1 -N 2 -Q -- ./producer_consumer.o ___FILE___\n```\n\n## 3. Web Server\n```\nexport FORKFUZZ_DIR=./\ncd $FORKFUZZ_DIR/forkfuzz_testcases/web_server\nCC=$FORKFUZZ_DIR/hfuzz_cc/hfuzz-clang make\n_HF_TCP_PORT=8080 $FORKFUZZ_DIR/honggfuzz -i ./corpus --dict $FORKFUZZ_DIR/examples/apache-httpd/httpd.wordlist --workspace ./crashes --output ./new_corpus -N 100 -- ./server\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmarcellomaugeri%2Fforkfuzz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmarcellomaugeri%2Fforkfuzz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmarcellomaugeri%2Fforkfuzz/lists"}