AFL icon indicating copy to clipboard operation
AFL copied to clipboard

Published 20 hours ago verified publisher icon google

[Bug] AFL Stuck for a certain input

Open NapongiZero opened this issue 5 years ago • 3 comments

Hello team, I'll try to be as concise as possible.

Intro: I'm fuzzing a program called "tiff2pdf", version 3.9.7 You can get a copy of it here. In short, tiff2pdf converts a TIFF image to a PDF document.

Description/summary: When I'm trying to fuzz tiff2pdf with a certain input, it causes AFL to freeze/crush. afl-fuzz doesn't continue after attempting to dry run with the input. [*] Attempting dry run with 'id:000001,orig:tiff2pdf_error_input'...

Visual proof:

image = Stuck for good. Won't continue from this point on. =

Environment:

  • Ubuntu 16.04.4

  • AFL 2.56b

Steps to reproduce:

In the directory tiff-3.9.7:

  • ./configure

  • make

  • Note: tiff2pdf was compiled with the default makefile option and not with afl-gcc. gcc -g -O2 -Wall -W -o tiff2pdf tiff2pdf.o ../libtiff/.libs/libtiff.a ../port/.libs/libport.a -llzma -ljbig -ljpeg -lz -lm

Command: ./afl-fuzz -Q -i /path/to/inputdir/ -o /path/to/outputdir/ /path/to/tiff2pdf @@

The input that causes the issue: tiff2pdf_error_input.zip An okay input: seed-0.zip

If you can deliver any insight, or any ideas on how to solve this issue, please let me know. I'll continue debugging with gdb to get to the bottom of this issue.

Extra: Running tiff2pdf with the troublesome input (without afl-fuzz): https://pastebin.com/BuT5sdyL

NapongiZero avatar Dec 05 '19 12:12 NapongiZero

Might have solved it, looking more into it. For more information, look at my comment on a related issue: https://github.com/google/AFL/issues/60#issuecomment-567082215

NapongiZero avatar Dec 18 '19 15:12 NapongiZero

Hi, We struggle with the same problem. After an investigation, I have noticed that the same input worked few months ago. 'run_target' returned 'FAULT_TIMEOUT' but never got stuck. I have installed the latest version of AFL in a new virtual machine and retry the case. Unfortunately, got stuck. I don't see any reason to try patching the code in order the go around the bug.

I will be very glad if you can check the issue and try to find what was changed. Looking forward to your solution. Thanks!

lzina avatar Jan 09 '20 12:01 lzina

@NapongiZero @lzina Hi,I met the same problem and get stuck when run

2

[*] Attempting dry run with 'id:000000,time:0,orig:not_kitty.gif'...

I read the comment about #60. Could you share how you fix the problem? Thank you very much!

xxwxxwen avatar Mar 22 '22 01:03 xxwxxwen