Skip to content

rwhitworth/fuzzing-utils

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

72 Commits

LD_PRELOAD

LD_PRELOAD

 
 

dictionaries

dictionaries

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

fix-dict.pl

fix-dict.pl

 
 

make_testcases.sh

make_testcases.sh

 
 

Repository files navigation

fuzzing-utils

Fixes

jimtcl

qlibc

Compress::LZ4

mruby

funtools

Gravity

Espruino

libetpan

simple.vm 

libmaxminddb

mujs

yet-another-brainfuck-interpreter

mjs

partcl

cperl

corewar

yabfc

zForth

openjpeg

off

tinygltf

nymph

parrot

Wren

Closed without commits

Note: It is a-okay that some items are determined to not be real issues.
It is up to individual developers to determine the severity of bug reports.

Outstanding

libcintelhex

libucl

v7

MoarVM

rrdtool-1.x

tre

8cc

gettext-tiny

radare2

mujs

Core-War

ravi

huo

newt

hunspell

id3v2lib

cperl

yabfc

ejdb

kona

rix

Things not to fuzz

List of things fuzzed that found very little or no issues via AFL. These may be worth revisiting with libfuzzer, ASAN enabled, etc.

  • perl5 - heavily fuzzed by the community, but still tons of bugs to be found. Tons. Difficult to report bugs and get traction on fixing them, so not worth the time
  • MRI ruby
  • mruby - very heavily fuzzed by the community, due to bug bounties. One issue found, but reported by another contributor as well.
  • libgif - outstanding bug/CVE confirmed, but no new issues found
  • jq
  • lua
  • luajit
  • libsndfile - nothing found via afl-fuzz after weeks of fuzzing. Very vulnerable with lots of active security issues being found, but I'll leave it to others
  • libarchive - nothing found via afl-fuzz after weeks of fuzzing. Very vulnerable with lots of active security issues being found, but I'll leave it to others
  • libgd
  • liblnk
  • CSV::XS
  • Lemon lexer/parser as part of SQLite3 - issues will not be resolved by developers
  • imageworsener
  • json-parser
  • parson
  • tinyrb - project dead, no reason to report bugs
  • libxml2 - libFuzzer found nothing, also noted other netizens testing with libFuzzer
  • libmaxminddb - clean. afl-fuzz found one issue previously, but now finding nothing. libFuzzer also finding nothing now.
  • tinyexpr - nothing found after many days of fuzzing
  • cc65 - issues will not be resolved by developers

Issue Template

Hello, I was using American Fuzzy Lop (afl-fuzz) to fuzz input to the PROGRAM_NAME program on Linux. Is fixing the crashes from these input files something you're interested in? The input files can be found here: URL

The files can be executed as ./PROGRAM_NAME id_filename to cause seg faults.

Let me know if I can provide any more information to help narrow down this issue.

AFL options

export CC=afl-clang-fast 
export CXX=afl-clang-fast++
export AFL_HARDEN=1
export AFL_NO_BUILTIN=1
export AFL_INST_RATIO=100
export AFL_DONT_OPTIMIZE=1
export AFL_EXIT_WHEN_DONE=1
export AFL_SKIP_CRASHES=1
unset AFL_NO_ARITH
# LD_PRELOAD=/usr/local/lib/afl/libdislocator.so

echo 1 >/proc/sys/kernel/sched_child_runs_first
echo 1 >/proc/sys/kernel/sched_autogroup_enabled
echo never > /sys/kernel/mm/transparent_hugepage/enabled
sysctl kernel.pid_max=1000000

gdb

ulimit -c unlimited ; ./binary id_filename ; gdb --batch --eval-command=bt ./binary core

valgrind

valgrind ./binary id_filename 2>&1 | less

debian box setup

apt-get install -y --no-install-recommends cmake make llvm llvm-dev libfuzzer-3.8-dev clang gcc g++ gdb perl git python ruby flex bison tmux
wget http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz
tar xvzf afl-latest.tgz

About

Summer of 2017 fuzzing project

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages