For fuzzing it is often useful to have small sample files as a starting point for malformed inputs. We therefore started a collection of trivial files in various formats. This is likely to grow over time.
If you want to submit some samples please make sure they are really small and trivial (e. g. images with 2-3 pixels height/width, text documents with content like "aaa"). Also make sure that you own all copyrights and agree to publish the files as CC0 / public domain.
This may get out of hand, so I may reject further contributions at some point.
These inputs expose various bugs in applications that have been tested by the Fuzzing Project. All inputs can be considered CC0 / public domain, I encourage people to re-use them, e. g. they could be added to test suites etc.
Some file formats use checksum algorithms to check the sanity of a file. This can make fuzzing harder because the parsing tool may stop to try parsing a file as soon as it detects an invalid checksum. So real bugs may get hidden due to the checksum.
There are two strategies to counter this: Re-calculate the checksum on the fuzzed inputs or patch the software to disable checksum tests.
To make things easier we share a collection of checksum disabling patches for various software packages (zlib, ...).
The Fuzzing Project is run by Hanno Böck