Date Added: Jun 2009
Recently, integer bugs, including integer overflow, width conversion, and signed/unsigned conversion errors, have risen to become a common root cause for serious security vulnerabilities. The authors introduce new methods for discovering integer bugs using dynamic test generation on x86 binaries, and they describe key design choices in efficient symbolic execution of such programs. They implemented their methods in a prototype tool SmartFuzz, which they use to analyze Linux x86 binary executables. They also created a reporting service, metafuzz.com, to aid in triaging and reporting bugs found by SmartFuzz and the black-box fuzz testing tool zzuf.