Ethereal-dev: Re: [Ethereal-dev] advanced randpkt/fuzz testing?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Gerald Combs <gerald@xxxxxxxxxxxx>
Date: Sat, 14 May 2005 14:25:27 -0500
Thomas Anders wrote:
> Gerald Combs wrote:
> 
>> I think the second idea is essential - we need as many people fuzz
>> testing as possible.  I've added an initial FuzzTesting page on the
>> wiki, along with a link from the Security page.  Should I add a "call
>> for fuzz testers" link to the front page on the main site?
> 
> 
> Are we sure we can keep up with the workload of reported bugs?

Fuzz bugs are presently added to the bug database faster than they're
being fixed, so the answer would be "no."


> E.g. I actually stopped fuzz testing my DOCSIS captures altogether,
> because I kept running into similar bugs over and over and the submitted
> bugs #173 and #174
> 
> http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=173
> http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=174
> 
> haven't been dealt with yet.
> 
> Then, still, it'd be worth trying anyway. ;-)
> If only everyone on ethereal-dev reading this would run fuzz-test.sh on
> a significant subset of his captures overnight, I'd bet we'd find a
> hundred new bugs immediately. Interested?

It sounds like we need two groups of volunteers - one to run fuzz tests
and one to fix any bugs that are found.