Hello, I ran my afl-sid project [1] against gnash against "flvdumper -a @@" and immediately found a few crashing cases. Here's an example one:
root@h:~/fuzz-results/flvdumper/o# flvdumper -a crashes/id\:000000* FLV File type: Video and Audio FLV Version: 1 (should always be 1) FLV Header size: 589824 (should always be 9) FLV Previous Tag Size was: 0 FLV Tag size is: 131 FLV Previous Tag Size was: 1677738000 FLV Tag size is zero, skipping reading packet body 0 FLV Previous Tag Size was: 1768907873 FLV Tag size is: 6386277 Segmentation fault (core dumped) root@h:~/fuzz-results/flvdumper/o# base64 < crashes/id\:000000* RkxWAQUAAAAJAAAAAP9/AAAAAAAAAAAAAgAKb25NZXRhRGF0YQgAAAAKAAhkdXJhdGlvbgBAGAAA AAAAAAAFd2lkdGgAQHaAAAAAAAAABmhlaWdodABAcgAAAAAAAAANdmlkZW9kYXRhcmF0ZQBAeQAA AAAAAAAJZnJhbWVyYXRlAEAkAAAAAAAAAAx2aWRlb2NvZGVjaWQAQBAAAAAAAAAADWF1ZGlvZGF0 YXJhdGUAQFgAAAAAAAAACmF1ZGlvZGVsYXkAP6N0vGp++dsADGF1ZGlvY29kZWNpZABAAAAAAAAA AAAMY2FuU2Vla1RvRW5kAQ== "cwtriage" seems to suggest that after that time I gathered two more unique crashes, but I'm not willing to share them - I would prefer actual Gnash developers to perform the fuzzing because they would know how to create test cases that would maximize the coverage. (ideally this should be done on a regular basis) I'll be happy to help you with usage hints on afl-fuzz, I already know this tool quite well. Let me know if you need any help with fuzzing. Cheers, d33tah [1]: https://github.com/d33tah/afl-sid
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnash-dev mailing list [email protected] https://lists.gnu.org/mailman/listinfo/gnash-dev
