Shuangxiang Kan (University of New South Wales), Xiao Cheng (Macquarie University), Yuekang Li (University of New South Wales)
Fuzz testing is a cornerstone technique for uncovering vulnerabilities and improving the reliability of software systems. Recent studies reveal that the primary bottleneck in modern coverage-guided fuzzing lies not within the fuzzers themselves, but in the construction of fuzz drivers—particularly their limited flexibility in exploring option parameters within library APIs. Existing approaches predominantly focus on mutating input data, often neglecting configuration options that fundamentally influence API behavior and may conceal critical vulnerabilities. To address this gap, we present MUTATO, a new multi-dimensional fuzz driver enhancement approach that systematically and adaptively mutates both input data and option parameters using a coverage-guided, epsilon-greedy strategy. Unlike prior work that requires intrusive modifications to fuzzers or targets only program-level options, MUTATO operates at the driver level, ensuring fuzzer-agnostic applicability and seamless integration with both manual and automatically generated drivers. We further introduce an option parameter fuzzing language (OPFL) to guide the enhancement of drivers. Extensive experiments on 10 widely used C/C++ libraries demonstrate that MUTATO-enhanced drivers achieve, on average, 14% and 13% higher code coverage compared to original AFL++ and LibFuzzer drivers, respectively, and uncover 12 previously unknown vulnerabilities, including 3 CVEs. Notably, we identified 4 vulnerabilities within 5 hours in APIs that OSS-Fuzz had failed to detect despite more than 18,060 hours of fuzzing effort.