Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Fuzzing: Specially crafted input file results in repeatable crash when compiled with ASAN under Ubuntu/GCC. Allows for limited, controlled OOB read. #50
I found Leanify while doing some research and decided to use Radamsa to test the robustness of the application. It appears pretty solid. I grabbed a ton of test files and then ran this simple loop to generate some more files; for i in $(ls); do cat $i | radamsa; done.
I did note a few things that were interesting, the most of which was a crash noted by ASAN from mutated files that proved hard to debug. I've done the test case reduction already down from several hundred bytes to the smallest byte string I could find that still induced the crash.
I did note that by modifying the length of the input file, the resulting address of the crash could be changed. Note that in the reproduction steps below, amongst the output shows the READ attempt at crash time. Another interesting crash I noted was a WRITE of 1024 bytes in another crash file.
changed the title
Fuzzing: Specially crafted input file results in repeatable crash when compiled with ASAN under Ubuntu/GCC.
May 22, 2019
The address of the read can be controlled by crafting the file so that chunk_length, memory location of p_read, and 0xFFFFFFFF are guessed relative to the desired location. Unsure if the memory can be retrieved from the segfault.
A non-specially crafted example of this is here, pasted in base64:
root@X:~/clones# cat id:000003,sig:11,src:012690,op:flip32,pos:14 | base64