Part 5/9:

With an initial understanding in place, the next logical step was to explore the code by employing fuzzing—a technique utilized extensively in security testing. Fuzzing works by automatically generating random input data to test how software handles unexpected or improper inputs.

Implementing this method, over four thousand crashes were documented during the testing of Szip, with 32 unique failures arising during the process. Such substantial findings were encouraging but also demanding, as each crash point warranted deeper analysis.

Using tools like AFL triage, the crux of the crashes could be isolated to specific functions within the code. This immediate clarity within the elaborate landscape of Szip code beginning to shine a spotlight on which elements were potentially exploitable.