MAflood: Multithreaded Fuzzing Techniques Basedon Dual-Pruning Models

Automated software vulnerability mining is a kind of challenging research in the security field. In automated software vulnerabilitymining field. Many works have shown that fuzzing is pretty effective. On the other hand, fuzzing has been widely studiedand applied in both academia and industry area. By analyzing the limitations of popular fuzzing technologies (such as AFL),this article constructs a double streamlined model, which can improve the utilization rate of test cases between differentthreads in multi-threaded situations, thereby increasing the coverage. Moreover, on the basis of the fuzzing method AFL, weadded the core of AddressSanitizer, a kind of memory detection tool, to build a new fuzzing method MAflood. In order toverify the effectiveness of MAflood, the LAVA-M test programs and the actual project ffjpeg are selected as the test objects.The experimental results show that MAflood has the varying degrees of improvement in path coverage than AFL. In addition,MAflood found a new vulnerability, CNVD-2020-48928, in the actual project ffjpeg.