Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Panic on malformed input #27
I have recently discovered that previous fuzzing attempts on lewton (namely the lewton target in https://github.com/rust-fuzz/targets) were using the OGG stream API and did not disable CRC32 check in
I have patched the ogg crate to disable crc32 check during fuzzing. After this honggfuzz-rs has immediately discovered an input that causes an out-of-bounds access in lewton. Thanks to Rust's memory safety guarantees this is not a critical security issue (like it would be in C), but it could still be used to perform a denial-of-service attack.
The panic message is
My fuzzing setup is available at https://github.com/Shnatsel/lewton-fuzz, more info on using it can be found in the rust-fuzz/targets issue. This panic is blocking any further fuzzing attempts. I will run another round of fuzzing once this panic is resolved.
This was referenced
Jun 27, 2018
I'm afraid 14kb is as small as I can get it. lewton_#27_min_testcase.ogg.gz
AFL's testcase minimization mode produces a non-crashing file for whatever reason (this is probably a bug in AFL.rs), and cargo-fuzz cannot be used because lewton allocates enormous amounts of virtual memory, which causes address sanitizer to freak out on pretty much any malformed input.