fuzzer-test-suite/woff2-2016-05-06 at master · google/fuzzer-test-suite

History

Name		Name	Last commit message	Last commit date
parent directory ..
README.md		README.md
build.sh		build.sh
crash-696cb49b6d7f63e153a6605f00aceb0d7738971a		crash-696cb49b6d7f63e153a6605f00aceb0d7738971a
oom-9d24534a23b3ce397f21f62fb23ba9c5e9213107		oom-9d24534a23b3ce397f21f62fb23ba9c5e9213107
target.cc		target.cc
test-libfuzzer.sh		test-libfuzzer.sh

README.md

Finds a multi-byte-write-heap-buffer-overflow bug in Woff2

Time to find: < 20 minutes, requires the seed corpus (downloaded as seeds dir). Reproducer provided.

ERROR: AddressSanitizer: heap-buffer-overflow
WRITE of size 6707 at 0x62300000534d thread T0
    #0 0x4a95d3 in __asan_memcpy
    #1 0x62fa5c in woff2::Buffer::Read(unsigned char*, unsigned long) src/./buffer.h:86:7
    #2 0x62fa5c in woff2::(anonymous namespace)::ReconstructGlyf src/woff2_dec.cc:500
    #3 0x62fa5c in woff2::(anonymous namespace)::ReconstructFont src/woff2_dec.cc:917
    #4 0x62fa5c in woff2::ConvertWOFF2ToTTF src/woff2_dec.cc:1282

Also hits OOMs. Time to find < 1 minute, with an empty corpus. Reproducer provided.

==30135== ERROR: libFuzzer: out-of-memory (used: 2349Mb; limit: 2048Mb)
   To change the out-of-memory limit use -rss_limit_mb=<N>

   Live Heap Allocations: 3749936468 bytes from 2254 allocations; showing top 95%
   3747609600 byte(s) (99%) in 1 allocation(s)
   ...
   #6 0x62e8f6 in woff2::ConvertWOFF2ToTTF src/woff2_dec.cc:1274
   #7 0x660731 in LLVMFuzzerTestOneInput FTS/woff2-2016-05-06/target.cc:13:3

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

woff2-2016-05-06

woff2-2016-05-06

README.md

Files

woff2-2016-05-06

Directory actions

More options

Directory actions

More options

Latest commit

History

woff2-2016-05-06

Folders and files

parent directory

README.md