使用afl来fuzz libtiff

发表于 2020-08-25 |

源码下载：

http://download.osgeo.org/libtiff/

编译：

export CC=afl-clang-fast
export CXX=afl-clang-fast++
./configure --disable-shared
make

我们确定目标是fuzz tiff2pdf

下载测试用例

1	wget https://lcamtuf.coredump.cx/afl/demo/afl_testcases.tgz

我们使用afl_testcases/tiff/full/images里面的即可

最小化测试用例

1	afl-cmin -i testcase_full -o testcase_cmin ./tools/tiff2pdf @@ /dev/null

最终6000多个减少到800个

corpus minimization tool for afl-fuzz by <[email protected]>

[*] Testing the target binary...
[+] OK, 101 tuples recorded.
[*] Obtaining traces for input files in 'testcase_full'...
    Processing file 6399/6399...
[*] Sorting trace sets (this may take a while)...
[+] Found 12057 unique tuples across 6399 files.
[*] Finding best candidates for each tuple...
    Processing file 6399/6399...
[*] Sorting candidate list (be patient)...
[*] Processing candidates and writing output files...
    Processing tuple 12057/12057...
[+] Narrowed down to 817 files, saved in 'testcase_cmin'.

开fuzz

1	afl-fuzz -i testcase_cmin/ -o afl_output/ tools/tiff2pdf @@ /dev/null

假如你看不到评论，可能是你访问Disqus被墙了，请使用代理访问