In this blog post, the author discusses how they fuzzed the ZBar barcode scanning library, uncovering serious bugs such as an out-of-bounds stack buffer write and a memory leak that can lead to arbitrary code execution and a denial-of-service attack, despite the lack of extensive fuzzing on the software. The author highlights the process of instrumenting the build for fuzzing using Nix packages and identifying the fuzzing target within the project. They also detail the crashes discovered by the fuzzer, including an out-of-bounds write bug and a memory leak issue. Additionally, the author shares insights on improving fuzzing campaigns by targeting specific code types and enhancing code coverage.
https://blog.trailofbits.com/2024/10/31/fuzzing-between-the-lines-in-popular-barcode-software/