[Gnash-dev] Has gnash been fuzzed?

gnash-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnash-dev] Has gnash been fuzzed?

From:	Jacek Wielemborek
Subject:	[Gnash-dev] Has gnash been fuzzed?
Date:	Wed, 18 Nov 2015 15:35:21 +0100

Hello,

I ran my afl-sid project [1] against gnash against "flvdumper -a @@" and
immediately found a few crashing cases. Here's an example one:

address@hidden:~/fuzz-results/flvdumper/o# flvdumper -a crashes/id\:000000*
FLV File type: Video and Audio
FLV Version: 1 (should always be 1)
FLV Header size: 589824 (should always be 9)
FLV Previous Tag Size was: 0
FLV Tag size is: 131
FLV Previous Tag Size was: 1677738000
FLV Tag size is zero, skipping reading packet body 0
FLV Previous Tag Size was: 1768907873
FLV Tag size is: 6386277
Segmentation fault (core dumped)

address@hidden:~/fuzz-results/flvdumper/o# base64 < crashes/id\:000000*
RkxWAQUAAAAJAAAAAP9/AAAAAAAAAAAAAgAKb25NZXRhRGF0YQgAAAAKAAhkdXJhdGlvbgBAGAAA
AAAAAAAFd2lkdGgAQHaAAAAAAAAABmhlaWdodABAcgAAAAAAAAANdmlkZW9kYXRhcmF0ZQBAeQAA
AAAAAAAJZnJhbWVyYXRlAEAkAAAAAAAAAAx2aWRlb2NvZGVjaWQAQBAAAAAAAAAADWF1ZGlvZGF0
YXJhdGUAQFgAAAAAAAAACmF1ZGlvZGVsYXkAP6N0vGp++dsADGF1ZGlvY29kZWNpZABAAAAAAAAA
AAAMY2FuU2Vla1RvRW5kAQ==

"cwtriage" seems to suggest that after that time I gathered two more
unique crashes, but I'm not willing to share them - I would prefer
actual Gnash developers to perform the fuzzing because they would know
how to create test cases that would maximize the coverage. (ideally this
should be done on a regular basis) I'll be happy to help you with usage
hints on afl-fuzz, I already know this tool quite well.

Let me know if you need any help with fuzzing.

Cheers,
d33tah

[1]: https://github.com/d33tah/afl-sid

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Gnash-dev] Has gnash been fuzzed?, Jacek Wielemborek <=
- Re: [Gnash-dev] Has gnash been fuzzed?, Sandro Santilli, 2015/11/18
  - Re: [Gnash-dev] Has gnash been fuzzed?, Jacek Wielemborek, 2015/11/18
    - Re: [Gnash-dev] Has gnash been fuzzed?, Sandro Santilli, 2015/11/18
    - Re: [Gnash-dev] Has gnash been fuzzed?, Jacek Wielemborek, 2015/11/18
    - Re: [Gnash-dev] Has gnash been fuzzed?, Sandro Santilli, 2015/11/19
    - Re: [Gnash-dev] Has gnash been fuzzed?, Jacek Wielemborek, 2015/11/19
    - Re: [Gnash-dev] Has gnash been fuzzed?, Sandro Santilli, 2015/11/20
    - Re: [Gnash-dev] Has gnash been fuzzed?, Jacek Wielemborek, 2015/11/20
    - Re: [Gnash-dev] Has gnash been fuzzed?, Sandro Santilli, 2015/11/20
    - Re: [Gnash-dev] Has gnash been fuzzed?, Jacek Wielemborek, 2015/11/20

Prev by Date: [Gnash-dev] Make Version modifiable
Next by Date: Re: [Gnash-dev] Make Version modifiable
Previous by thread: [Gnash-dev] Make Version modifiable
Next by thread: Re: [Gnash-dev] Has gnash been fuzzed?
Index(es):
- Date
- Thread