• This workspace has been inactive for over 11 months, and is scheduled to be reclaimed. Make an edit or click here to mark it as active.
  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Buried in cloud files? We can help with Spring cleaning!

    Whether you use Dropbox, Drive, G-Suite, OneDrive, Gmail, Slack, Notion, or all of the above, Dokkio will organize your files for you. Try Dokkio (from the makers of PBworks) for free today.

  • Dokkio (from the makers of PBworks) was #2 on Product Hunt! Check out what people are saying by clicking here.


Getting Started - Premade VM

Page history last edited by sushant.shankar@... 14 years ago

Instructions for downloading Metafuzz, installing, and getting started through the pre-made VM (catchconv, libraries, should already set up for you)

Send questions to Sushant Shankar (sushant@berkeley.edu).


0. Set up your environment. 


For a virtual machine approach on Windows, try VMWare Player:



1. Download the pre-made VM.


Download the zip file at http://www.metafuzz.com/Metafuzz_VM.zip and unzip the file to a folder.


Go into the folder you unzipped the zip file to, and double-click on the DebianEtch.vmw file. This should open up the pre-loaded VM onto your VM software. If you get the following screen (or some variation of it - this is on VMWare Fusion, for Mac's), click 'I moved it'. The VM should then boot up.



If you are asked to login, the username and password are 'user' and 'user'.


2. Pick a seed file and start running!


Open up a Terminal (Application menu on the top --> Accessories --> Terminal).


Run  'singlemachine <file>' . Try an MP3 file to start (a sample one can be found under /home/user/valgrind-catchconv/seedfiles). Here is a screenshot of running the sample file:



The script will automatically create a directory for the test run, then start Catchconv. Now new bugs found will be uploaded to

http://www.metafuzz.com/ , along with statistics on the progress of the test run.


You can also run Catchconv or zzuf directly by using the following commands:


     docatchconv <seed file> <command>

     dozzuf <seed file> <command>


For example

     dozzuf test.mp3 mplayer test.mp3


will run zzuf with the seed "test.mp3" on the command "mplayer test.mp3".


3. Looking at the test results


Statistics and failing test cases will show up on http://www.metafuzz.com. Here is a screenshot of the first few errors that Catchconv picked up on the test run I showed you above:



Here is what each of the columns mean:

  • Run UUID and Seq. No - Identifier of the test run (to see which errors came from the same run)
  • Stack Hash - Unique identifier of the error and the test run
  • Kind - This tell you the type of error that was generated (InvalidRead, InvalidWrite, SyscallParam, etc.)
  • Program - This tell you the program you were testing on (mplayer, mpg321, gstreamer, etc.)
  • FuzzType - This tell you the tool you used (catchconv, valgrind, etc.)
  • Test Case - You can download the test case that you used to generate this error
  • Submitter - This is to denote who has done these runs. The default email is premade@metafuzz.com. If you want to change the email
    • Go to /home/user/vgcc/bin/cc_envars and change the MF_EMAIL line.
    • Edit the .login and .bashrc in the pre-made VM to include the line "source /home/user/vgcc/bin/cc_envars".


Comments (0)

You don't have permission to comment on this page.