I'm a huge fan of this project - we're using it to fuzz TensorFlow [1]. (I wrote the initial fuzzers and Frank Chen got the running under OSS-Fuzz). It was surprisingly easy:
and has, thus far, found bugs in the linkages to libpng, libjpeg, strtonum, the proto parser, and some of the internal utility types. I strongly recommend testing out one of the fuzzers on your own code -- libfuzzer and AFL are the most popular.
And -- shameless plugs here -- if anyone's looking for ways to learn about fuzzing and contribute to an open-source project, we'd welcome more fuzzers being contributed to TensorFlow. grins (if you find any nasty bugs that seem exploitable, see the new SECURITY.md readme for how to tell us.)
https://github.com/tensorflow/tensorflow/tree/master/tensorf...
and has, thus far, found bugs in the linkages to libpng, libjpeg, strtonum, the proto parser, and some of the internal utility types. I strongly recommend testing out one of the fuzzers on your own code -- libfuzzer and AFL are the most popular.
And -- shameless plugs here -- if anyone's looking for ways to learn about fuzzing and contribute to an open-source project, we'd welcome more fuzzers being contributed to TensorFlow. grins (if you find any nasty bugs that seem exploitable, see the new SECURITY.md readme for how to tell us.)
[1] Links to some of the changes from the bugs we found are in a writeup I did based upon the experience: https://da-data.blogspot.com/2017/01/finding-bugs-in-tensorf...