I already yell around 5-10 times a day at my computer

Just for fun though, there's a footgun hidden in the example code, too. As the recv buffer has a hardcoded length limit of 1024 bytes, directly casting the input buffer into a struct that contains a user-controlled length field is not really a good idea. If somehow the codebase got updated in a certain way and the memcpy destination was a heap allocation, it may lead to information leak. E.g. ask the server to echo a 65535-byte data chunk from a 1024-byte input.

"like literally yelling at the code" proceeds not to yell at the code

Why is fuzzing better than boundary tests?...after watching I withdraw my question.

Use -fsanitize=fuzzer,address and you should be able to find another bug in the parse code. If the input is less than the size of the struct you would read outside the memory. Does not always cause crash without address sanitizer. However not a bug in the program due to the receiving buffer size.

I love this type of videos where you show a useful tool and an example using this tool, and what's even cooler is the fact that using it you were able to detect a bug that wasn't intentional

That's why I used to use unsigned everywhere by default, until negative values are explicitly required by design. And yes, using e.g. -1 magic value to represent things like a non-existent index is a bad design. Don't do it.

I already do this every day

It would be really funny if he said "there's no more bugs in this code" and libfuzzer just crashed.

I publish fuzzers. Applied to tech roles for nineteen months without success. Hiring teams are ass.

Satisfied customer here, been doing this for the last 10 years 10/10 - my code has feared me ever since

Ah, there's a name for it. I do this regularly the manual way in my own projects, though granted those are all smaller projects where my scope of potential issues is "is there some way a user can force invalid data down this thing's throat". Useful to know if I ever manage to get a real job, lol(being a dev without a college degree is the dark souls of job hunting, I swear)

Segmentation fault (Core dumped)

Amazing brother, you have the gift of communicate complex concepts into simple terms. Thanks! Glad to find your channel! ;)

Well, because I am so good at messing up function calls by using function pointers and structs/unions, I need no help. The code would yell either way nevertheless.

id love a video of you describing your linux setup. i use wsl and customize very few things but would love more insight into your setup for vim and tmux/whatever multi shell youre using

I didn't quite catch why 7:45 is an issue. Would anyone mind please clarifying?

why did i think we might actually be yelling at code?

Interesting, I have no idea this type of testing exists. Thanks man

at first we code safely by yelling in time elaborate rituals involving chanting, holy oils and incense is necessary to please the machine spirit and banish demonic bugs

It reminds me some OOM error bug that got in project that was caused by using msgpack library (Java). The msgpack library deserializes byte stream into some objects - it was deserializing a base64 string to object. Apparently the library supports read a big array of bytes. Msgpack reads the message in sequence - does not know what data comes next - when the byte with flag for huge byte arrays comes in it pre-allocates array of 2^32-1 byte-elements. Found it because we had a malformed string that was not object we wanted to deserialize but rather random string. Later to confirm to architects that any idiot with msgpack documentation, paper and pencil can do it - prepared a base64 string on paper that mimic the good object to deserialize and then put the bytes of memory doom. They wanted to do some happy checking of first few bytes - after short demonstration - they changed their minds. With some java like fuzzer I would do that automatically (and probably the error could be found earlier), but fun of playing with bytes was awesome.

While this tool is awesome as is, is there any way to get it into an IDE? I think productivity would go up a lot of you can just select a function and some extension can do all the work for you returning only the result. Maybe I'm overlooking something that'd make you not want to use an extension like that but I think it'd be cool

As always chef's kiss!

Hi, sorry of the OT but I have a Rust/C question nobody was able to point me in the right direction. With redhook (unmaintained lib) I used LD_PRELOAD to override getenv which worked fine in NodeJs but Rust did not care about it at all. Do you know what is different or what should I read to understand how this all work? Thank you so much

Flag '-g' makes stack traces of gdb or any sanitizer look pretty. Use it.

2:38 in, I expect your issue is that you didn't check the length argument in your payload. This should pop up with many static analyzers. But I get it, it's just an example. Fuzzing is more for discovering weird edge cases and undefined behaviors as I understand it. Or I'm totally wrong and length was not the issue :D

I'm partial to American Fuzzy Lop, which compiles C++ code so that it knows which branches were taken. Can Rust code be fuzzed the same way, and is there a way to fuzz Haskell code that does something similar?

“Port 1337” that took me a second. Very funny

Does it statically analyze the wrapped function to deduce how to do the fuzzing? I’m struck by how it got the magic word immediately.

Those if statements are not very readable, but that is the prefered way, implementations details rather than intensions or requirements, if that is what people do then there is no alternative. Para pensar, señores.

This was awesome. Fuzz all the things.

I was hoping for Torvalds kind of screaming at someone else code, but I guess this is fine.

0:05 should have been the end lmao

Also related but not the same: Property-based testing, those who haven't tried it will be amazed at it's usefulness.

I really like the terminal environment you're using, how can I get my setup to look like that?

This is so cool, does something like this also exist in the Java world?

I yell at code all day.

This is cool af

How does this compare to concolic testing?

pretty cool.

how do i remove the path stuff inside my exe.. i see it exposes my directory in the exe.

Instructions unclear I’ve been yelling at code this whole time

1:09 I already can guess r will be less than REQ_SIZE because recv doesn't have WAIT_ALL flag.

simple good video

At 2:33 i see the bug. He copies data based on the user inputed length on a buffer that ia limited to 64 bytes. I will watch more to see if this is what the fuzzer finds

I presume this fuzzer actually looks at the soruce code of the program, to predict how to best gain different outputs? It is not just random text generator?

can you share the code with the bug ? thanks

This seems great. I expect those eagle eyed developers saw the h- >len value, and thought to themselves about how user input is always evil :p but hey, the unsigned one did surprise me too! Luckily i like writing u32 u64 et al.

My favorite part of testing is "cat /dev/urandom | ./a.out" But that's specifically for testing proper error handling.

6:41 shell users everywhere are screaming at you there's no need to use cat, just use the

I thought you were doing like me and really cursing while programming, well that will prevent me from cursing

This is how that belt makes your child stronger

Hi ! I don’t understand the unsigned problem. Could someone explain?

Fuzzing is how Zenbleed was found!

What’s that you say? I’m not retarded I’m just left handed. This video just made me literally cry 😭

I could see the bug even before the first test iteration...

go fuzz 🎉

2:30 not validated user input

Although slightly off-topic, I was wondering if you could make a video explaining how cheat codes function in games like GTA San Andreas or Vice City. How they interact with the memory and what processes occur behind the scenes. I'd really appreciate a deep dive into this. Thank you!

goat

Wow, sharp transitions should be smoothed out, otherwise this is an ultra-useful video

Even faster with a switch statement? You are already using a switch statement!

Limit the stack size to zero.😂

I love Rust

i = 4; cout

I'll use Zig

Rust is good, but confusing for me

You weren't yelling at the code wth

a

This guy: "Make your code safer by yelling at it. That's right, LITERALLY yelling at your code, in a very literal sense, can make your code, literally, safer. Legit stretch those vocal chords, open your mouth all the way, and just let out the biggest scream at the very top of your lungs, at your code, to make it safer!" This guy 20 seconds later: "So this process involves feeding random data into your program and..."

*Pauses video 29 seconds in* You can't say LITERALLY yelling at your code if you don't mean to actually YELL at it vocally. That's the opposite of what LITERALLY means. :/

You need a pump gun to fix your code.😂

8:27 Wrong. switch statements are not faster than switch statements.

Rust is silly.

23h ago

at 0:24 you said tha it's about "literally yelling at your code", but i didnt hear any yelling, though. Literally yelling means moving your face muscles to produce loud noise, yet during all your vide you were very calm. Why did you lie about this technique?

third

0:24 two incorrect uses of "literally" in less than half a minute. Congrats

First..!!!!😁🤩😍💯💥✨💫🔥👍🏻👏🏻✊🏻🤜🏻🤛🏻🙌🏻🫶🏻🙏🏻👌🏻

first

This is too powerful... people should just stick to Python