Buffer overflow through fuzzing with AFL++ #12
Description
Hi,
I decided to do some fuzz-testing on your project with AFL++ as it seemed like an interesting task. I found some issues. I used the octocat picture you used as an example as input for the fuzzer:
AFL++ morphed the file into the one contained in this zip: crash6.zip
If you compile im2a the following way:
Compilation steps
- Pull from git
./bootstrapAFL_USE_ASAN=1 ./configure CC=/usr/bin/afl-gcc CXX=/usr/bin/afl-g++ --enable-debugmake install
and then run it as follows:
im2a -p -g <crash-file>
You will get the following error from ASAN:
Note: I had to comment out the precompiler options #if IMAGEMAGICK_VERSION >= 0x7 for ImageMagick version 7 as my version is below that (as you will see in the Versions section) and otherwise I could not compile im2a with the AFL compilers.
There were some other crashes as well, but they don't seem reproducible outside AFL.
If you would like to fuzz the program yourself, I used the following command:
afl-fuzz -i <folder_containing_input_pic> -o <output_folder> -m none /path/to/im2a -p -g @@.
Beware, I did not find any issues (save for some timeouts) before an hour had passed. I ran this for a total of 12 hours. ~3000 crashes occurred, but the unique issues were only 7, of which the only manually reproducible one I shared with you.
I used the following versions for OS/software/libraries:
Versions:
im2a: 0.6.2 / commit 8a2111b (current master)
Fuzzer: AFL++ 4.0.0c
OS: Kali Linux 2022.3 (kali-rolling)
ImageMagick: 6.9.11
libncurses: 6.3+20220423-2