Abstract:Fuzzing is the main technology of software vulnerability mining. It can randomly generate test cases and dynamically execute programs that can cover deeper branches. However, there is a certain blindness in mutation in fuzzing technology, and the frequency of random mutation samples executing the same path is very high, resulting in redundancy of mutation samples, thus reducing the test efficiency. This paper proposes and implements a guided grey-box fuzzing method CTM (Control Flow Test Case Generate And Mutation) based on control flow analysis. CTM first statically analyzes the target binary program to obtain the program control flow graph, then analyzes the execution rarity of the program path according to the program control flow, then identifies the sensitive functions on the execution path to calculate the program execution path proportion, and solves and generates test cases; The position of non-format key information is mutated in the testing process; Finally, according to the feedback information of branch coverage, the execution path constraint information is solved by heuristic rules to generate new test case samples. CTM improves the probability of fuzzing to generate test cases that satisfy complex branch conditions through guided test cases and locating mutation methods, thereby improving code coverage and reducing mutation sample redundancy. In order to verify the effectiveness of this method, this paper selects real applications such as readelf and gif2png for testing, and compares it with the mainstream Fuzzing software Driller and AFL in the industry. The test results show that CTM's ability to detect crashes and explore new paths has been improved.