使用afl来fuzz libtiff

源码下载:

http://download.osgeo.org/libtiff/

编译:

1
2
3
4
export CC=afl-clang-fast
export CXX=afl-clang-fast++
./configure --disable-shared
make

我们确定目标是fuzz tiff2pdf

下载测试用例

1
wget https://lcamtuf.coredump.cx/afl/demo/afl_testcases.tgz

我们使用afl_testcases/tiff/full/images里面的即可

最小化测试用例

1
afl-cmin -i testcase_full -o testcase_cmin ./tools/tiff2pdf @@ /dev/null

最终6000多个减少到800个

1
2
3
4
5
6
7
8
9
10
11
12
13
14
corpus minimization tool for afl-fuzz by <[email protected]>

[*] Testing the target binary...
[+] OK, 101 tuples recorded.
[*] Obtaining traces for input files in 'testcase_full'...
Processing file 6399/6399...
[*] Sorting trace sets (this may take a while)...
[+] Found 12057 unique tuples across 6399 files.
[*] Finding best candidates for each tuple...
Processing file 6399/6399...
[*] Sorting candidate list (be patient)...
[*] Processing candidates and writing output files...
Processing tuple 12057/12057...
[+] Narrowed down to 817 files, saved in 'testcase_cmin'.

开fuzz

1
afl-fuzz -i testcase_cmin/ -o afl_output/ tools/tiff2pdf @@ /dev/null
自愿打赏专区