How can I check for expected behavior in addition to finding vulnerabilities?

Hi there.

Is there a way to check for expected behavior in addition to finding vulnerabilities?

Thanks,
Dan

1 Like

By default, Mayhem looks for crashes in a program. Specifically, we are looking for anything that raises a UNIX signal, such as a SIGSEGV or SIGFPE. With advanced triage, we look for issues a bit more carefully (i.e. tracking memory usage), and with fuzzing targets we use the instrumentation to decide whether or not there is a defect. However, you can easily extend this behavior in your fuzzing target using the principle of asserting certain behavior in the code. For example, if you know that inverse_transform(transform(x)) is supposed to return the original value of x, you can assert that this is true:

assert(inverse_transform(transform(x)) == x);

If this is not the case, then you can call something like abort() or panic() in your code. Calling abort() or panic() raises a UNIX signal just like the one’s we are looking for in fuzzing. That way, you can check for expected behavior using Mayhem!

2 Likes