RubberDucky.codes

Seed Corpus Notes for Deserialization Fuzzing

CATEGORY: NOTES DATE: 2025-12-30

Research by badjuju - Red Orca

#reversing #fuzzing #tooling

Compact experiment log on building a minimal corpus for binary deserialization fuzzing in internal message handlers.

Summary

Built an initial corpus with valid, truncated, and overlong payloads to improve fuzz coverage in a custom parser.

Initial Cases

  1. Canonical message with all required fields.
  2. Truncated length prefix.
  3. Nested object count exceeding allocated boundary.
  4. Unexpected type discriminator values.

Early runs produced one high-value crash in bounds handling around nested arrays.

Related Posts