FFFuzzer: Filter your fuzz to get accuracy, efficiency and schedulability

Abstract

We present a new black-box mutational fuzzing technology and the corresponding tool which named FFFuzzer to improve the efficiency of fuzzing towards serveral given suspicious vulnerable code blocks. Our main intuition is by adjusting dynamic taint tracing and doing constraint verification, we can build 2 quite light filters to sieve the mutated input, which is the result of fuzzing’s mutation stage, thus FFFuzzer can runs under fuzzing level speed while enjoys better accuracy and schedulability. We collect 14 CVEs that can get enough details to generate a POC from the PDF rendering library poppler’s recent 10 years bug list as our benchmark to fully analyzes FFFuzzer’s real world challenges. And we build 2 mathematical models to do performance analysis. Analysis and experiments show although FFFuzzer has limitations on fuzzing metadata-related vulnerabilities and its efficiency also depends on seed file like traditional fuzzer, FFFuzzer has much powerful parallel-lism and it can run an order of magnitude faster than traditional fuzzer.