Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fuzzing exifprobe #9

Closed
fgeek opened this issue Mar 2, 2017 · 3 comments
Closed

fuzzing exifprobe #9

fgeek opened this issue Mar 2, 2017 · 3 comments

Comments

@fgeek
Copy link

@fgeek fgeek commented Mar 2, 2017

Hello,

I have done some more fuzzing for exifprobe and found additional crashes. I used american fuzzy lop 2.39b for fuzzing and afl-utils for collecting the samples and maintaining the instances. You can find the crashers from http://bugs.fi/media/afl/exifprobe/

I can see with valgrind that some of the samples are leaking memory and gdb exploitable tells that some of the issues causes stack corruption. If you need any more information feel free to contact me.

I do not think that these cases need CVEs at the moment, but patches should be included in projects using exifprobe e.g. Debian. I can re-start fuzzing after you have fixed these issues. Do you btw. have any kind of test automation system? If you do these test cases could minimized and added there to avoid any regressions.

hfiguiere added a commit that referenced this issue Mar 4, 2017
hfiguiere added a commit that referenced this issue Mar 4, 2017
Samples now crash differently.
@hfiguiere
Copy link
Owner

@hfiguiere hfiguiere commented Mar 4, 2017

Current state is stack overflow.

hfiguiere added a commit that referenced this issue Mar 5, 2017
Sample 17, 42, 44 no longer crash
hfiguiere added a commit that referenced this issue Mar 15, 2017
@hfiguiere
Copy link
Owner

@hfiguiere hfiguiere commented Mar 15, 2017

After this no more sample file crashes here. And I'm using AddressSanitizer.

@hfiguiere
Copy link
Owner

@hfiguiere hfiguiere commented Mar 15, 2017

Thanks

@hfiguiere hfiguiere closed this Mar 15, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.