You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I decided to do some fuzz-testing on your project with AFL++ as it seemed like an interesting task. I found some issues. I used the octocat picture you used as an example as input for the fuzzer:
AFL++ morphed the file into the one contained in this zip: crash6.zip
and then run it as follows: im2a -p -g <crash-file>
You will get the following error from ASAN:
Note: I had to comment out the precompiler options #if IMAGEMAGICK_VERSION >= 0x7 for ImageMagick version 7 as my version is below that (as you will see in the Versions section) and otherwise I could not compile im2a with the AFL compilers.
There were some other crashes as well, but they don't seem reproducible outside AFL.
If you would like to fuzz the program yourself, I used the following command: afl-fuzz -i <folder_containing_input_pic> -o <output_folder> -m none /path/to/im2a -p -g @@.
Beware, I did not find any issues (save for some timeouts) before an hour had passed. I ran this for a total of 12 hours. ~3000 crashes occurred, but the unique issues were only 7, of which the only manually reproducible one I shared with you.
I used the following versions for OS/software/libraries:
Versions:
im2a: 0.6.2 / commit 8a2111b (current master)
Fuzzer: AFL++ 4.0.0c
OS: Kali Linux 2022.3 (kali-rolling)
ImageMagick: 6.9.11
libncurses: 6.3+20220423-2
The text was updated successfully, but these errors were encountered:
Hi,
I decided to do some fuzz-testing on your project with AFL++ as it seemed like an interesting task. I found some issues. I used the octocat picture you used as an example as input for the fuzzer:
AFL++ morphed the file into the one contained in this zip: crash6.zip
If you compile im2a the following way:
Compilation steps
./bootstrapAFL_USE_ASAN=1 ./configure CC=/usr/bin/afl-gcc CXX=/usr/bin/afl-g++ --enable-debugmake installand then run it as follows:
im2a -p -g <crash-file>You will get the following error from ASAN:
Note: I had to comment out the precompiler options
#if IMAGEMAGICK_VERSION >= 0x7for ImageMagick version 7 as my version is below that (as you will see in the Versions section) and otherwise I could not compile im2a with the AFL compilers.There were some other crashes as well, but they don't seem reproducible outside AFL.
If you would like to fuzz the program yourself, I used the following command:
afl-fuzz -i <folder_containing_input_pic> -o <output_folder> -m none /path/to/im2a -p -g @@.Beware, I did not find any issues (save for some timeouts) before an hour had passed. I ran this for a total of 12 hours. ~3000 crashes occurred, but the unique issues were only 7, of which the only manually reproducible one I shared with you.
I used the following versions for OS/software/libraries:
Versions:
im2a: 0.6.2 / commit 8a2111b (current master)
Fuzzer: AFL++ 4.0.0c
OS: Kali Linux 2022.3 (kali-rolling)
ImageMagick: 6.9.11
libncurses: 6.3+20220423-2
The text was updated successfully, but these errors were encountered: