[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnash-dev] Has gnash been fuzzed?
From: |
Jacek Wielemborek |
Subject: |
[Gnash-dev] Has gnash been fuzzed? |
Date: |
Wed, 18 Nov 2015 15:35:21 +0100 |
Hello,
I ran my afl-sid project [1] against gnash against "flvdumper -a @@" and
immediately found a few crashing cases. Here's an example one:
address@hidden:~/fuzz-results/flvdumper/o# flvdumper -a crashes/id\:000000*
FLV File type: Video and Audio
FLV Version: 1 (should always be 1)
FLV Header size: 589824 (should always be 9)
FLV Previous Tag Size was: 0
FLV Tag size is: 131
FLV Previous Tag Size was: 1677738000
FLV Tag size is zero, skipping reading packet body 0
FLV Previous Tag Size was: 1768907873
FLV Tag size is: 6386277
Segmentation fault (core dumped)
address@hidden:~/fuzz-results/flvdumper/o# base64 < crashes/id\:000000*
RkxWAQUAAAAJAAAAAP9/AAAAAAAAAAAAAgAKb25NZXRhRGF0YQgAAAAKAAhkdXJhdGlvbgBAGAAA
AAAAAAAFd2lkdGgAQHaAAAAAAAAABmhlaWdodABAcgAAAAAAAAANdmlkZW9kYXRhcmF0ZQBAeQAA
AAAAAAAJZnJhbWVyYXRlAEAkAAAAAAAAAAx2aWRlb2NvZGVjaWQAQBAAAAAAAAAADWF1ZGlvZGF0
YXJhdGUAQFgAAAAAAAAACmF1ZGlvZGVsYXkAP6N0vGp++dsADGF1ZGlvY29kZWNpZABAAAAAAAAA
AAAMY2FuU2Vla1RvRW5kAQ==
"cwtriage" seems to suggest that after that time I gathered two more
unique crashes, but I'm not willing to share them - I would prefer
actual Gnash developers to perform the fuzzing because they would know
how to create test cases that would maximize the coverage. (ideally this
should be done on a regular basis) I'll be happy to help you with usage
hints on afl-fuzz, I already know this tool quite well.
Let me know if you need any help with fuzzing.
Cheers,
d33tah
[1]: https://github.com/d33tah/afl-sid
signature.asc
Description: OpenPGP digital signature
- [Gnash-dev] Has gnash been fuzzed?,
Jacek Wielemborek <=
- Re: [Gnash-dev] Has gnash been fuzzed?, Sandro Santilli, 2015/11/18
- Re: [Gnash-dev] Has gnash been fuzzed?, Jacek Wielemborek, 2015/11/18
- Re: [Gnash-dev] Has gnash been fuzzed?, Sandro Santilli, 2015/11/18
- Re: [Gnash-dev] Has gnash been fuzzed?, Jacek Wielemborek, 2015/11/18
- Re: [Gnash-dev] Has gnash been fuzzed?, Sandro Santilli, 2015/11/19
- Re: [Gnash-dev] Has gnash been fuzzed?, Jacek Wielemborek, 2015/11/19
- Re: [Gnash-dev] Has gnash been fuzzed?, Sandro Santilli, 2015/11/20
- Re: [Gnash-dev] Has gnash been fuzzed?, Jacek Wielemborek, 2015/11/20
- Re: [Gnash-dev] Has gnash been fuzzed?, Sandro Santilli, 2015/11/20
- Re: [Gnash-dev] Has gnash been fuzzed?, Jacek Wielemborek, 2015/11/20