New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fuzzing exifprobe #9

Closed
fgeek opened this Issue Mar 2, 2017 · 3 comments

Comments

Projects
None yet
2 participants
@fgeek

fgeek commented Mar 2, 2017

Hello,

I have done some more fuzzing for exifprobe and found additional crashes. I used american fuzzy lop 2.39b for fuzzing and afl-utils for collecting the samples and maintaining the instances. You can find the crashers from http://bugs.fi/media/afl/exifprobe/

I can see with valgrind that some of the samples are leaking memory and gdb exploitable tells that some of the issues causes stack corruption. If you need any more information feel free to contact me.

I do not think that these cases need CVEs at the moment, but patches should be included in projects using exifprobe e.g. Debian. I can re-start fuzzing after you have fixed these issues. Do you btw. have any kind of test automation system? If you do these test cases could minimized and added there to avoid any regressions.

hfiguiere added a commit that referenced this issue Mar 4, 2017

hfiguiere added a commit that referenced this issue Mar 4, 2017

@hfiguiere

This comment has been minimized.

Show comment
Hide comment
@hfiguiere

hfiguiere Mar 4, 2017

Owner

Current state is stack overflow.

Owner

hfiguiere commented Mar 4, 2017

Current state is stack overflow.

hfiguiere added a commit that referenced this issue Mar 5, 2017

Issue #9 - Detect we go past EOF
Sample 17, 42, 44 no longer crash
@hfiguiere

This comment has been minimized.

Show comment
Hide comment
@hfiguiere

hfiguiere Mar 15, 2017

Owner

After this no more sample file crashes here. And I'm using AddressSanitizer.

Owner

hfiguiere commented Mar 15, 2017

After this no more sample file crashes here. And I'm using AddressSanitizer.

@hfiguiere

This comment has been minimized.

Show comment
Hide comment
@hfiguiere

hfiguiere Mar 15, 2017

Owner

Thanks

Owner

hfiguiere commented Mar 15, 2017

Thanks

@hfiguiere hfiguiere closed this Mar 15, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment