Comments (18)
I gave a whack at updating the project, by adding the eXIf chunk to the dictionary.
Where is the seed corpus actually located? Is it the PNG files contained in the libpng distribution?
from libpng.
I assumed @kcc meant a large variety of PNG color_types, sample_depths, etc. The libpng directory "contrib/testpngs" which is currently included in the corpus covers most of them.
from libpng.
Yes. By diverse I mean different features of the data format, or, more precisely, inputs that cover different parts of code.
I encourage you to look at the coverage achieved on the oss-fuzz's corpus to see what code remains uncovered.
@glennrp did you change something in the build system recently?
Our dashboard (oss-fuzz.com, you can see it too) shows that the last two days the total number of instrumented basic blocks dropped from 6634 to 1166
from libpng.
from libpng.
I think I generated the appropriate pull request
Nope, I don't see it. :(
from libpng.
Without seeing the test case I attempted a fix which I've pushed to libpng16.
Didn't seem to help.
I can attach the repro here (should I?), but it only triggers in read_fuzzer.cc (which does png_set_crc_action(png_handler.png_ptr, PNG_CRC_QUIET_USE, PNG_CRC_QUIET_USE);
)
from libpng.
You can attach the reproducer here or mail it to [email protected]
from libpng.
Attached reproducer (gzip-ed, to please GitHub).
It causes the leak when fed to read_fuzzer.cc
clusterfuzz-testcase-minimized-6064109344784384.gz
from libpng.
from libpng.
I can confirm that the leak report is gone, thanks!
Do you mind if I add your e-mail to https://github.com/google/oss-fuzz/blob/master/projects/libpng/project.yaml ?
This way you will receive e-mail if the bot finds any more bugs (and you'll get access to the details)
from libpng.
Yes, please add my e-mail to the distribution list.
FYI I tested with
valgrind pngtest --relaxed file.png
The "--relaxed" option turns off CRC checking.
from libpng.
Done: https://github.com/google/oss-fuzz/blob/master/projects/libpng/project.yaml
When you have a chance, please take a look at https://github.com/google/oss-fuzz/blob/master/projects/libpng/libpng_read_fuzzer.cc (is there anything to improve there? can you add something similar to the main libpng tree?).
Note that Google has a monetary reward program for participating in OSS-Fuzz:
https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html
The "--relaxed" option turns off CRC checking.
Good to know, thanks!
from libpng.
Yes, @glennrp, current seed corpus is being collected by the following command:
find $SRC/libpng -name "*.png" | xargs zip $OUT/libpng_read_fuzzer_seed_corpus.zip
in libpng checkout.
from libpng.
There also is another set of corpus files generated by the fuzzer and improved over time. Those files in the cloud are not "seed" corpus, it's a working corpus, I would say. It is synchronized across all VMs running libpng fuzzer, and it grows automatically over time.
You can download a minimized version of that corpus using "Corpus backup" link on the fuzzer stats page: https://oss-fuzz.com/v2/fuzzer-stats/by-day/2017-07-27/2017-08-02/fuzzer/libFuzzer_libpng_read_fuzzer/job/libfuzzer_asan_libpng
from libpng.
If you know some other good public source of diverse png files, feel free to extend the command line that creates libpng_read_fuzzer_seed_corpus.zip in https://github.com/google/oss-fuzz/blob/master/projects/libpng/build.sh
from libpng.
@kcc Could you clarify what you mean by diverse? I can try to find a source.
from libpng.
I did update libpng_read_fuzzer.cc but the "coverage" report is showing me some other version.
from libpng.
Moving the discussion to google/oss-fuzz#809, if you don't mind
from libpng.
Related Issues (20)
- Feature Request - graceful error returns for reading/writing images HOT 5
- bug: png_check_sig API changed in 1.6.41 HOT 13
- How to disable warnings
- libpng: APIs that are currently used HOT 8
- 1.6.42: test sute fails in one unit HOT 39
- LoongArch LSX: Follow up on checking for compiler intrinsics inside ./configure HOT 6
- Possible miscalculation of buffer length in `png_icc_profile_error` HOT 3
- Questions about choosing zlib over other compression algorithms and other issues HOT 6
- Use PNG_ABORT instead of abort in png_safe_error HOT 3
- CMake: How to configure options for pnglibconf generation? HOT 4
- Need to restore STDERR in pngtest.c HOT 3
- 16-bit channels, possible issue? HOT 7
- Minor Syntax Issues in the `/libpng/contrib/gregbook` HOT 1
- Possible integer overflow in pngtests.c HOT 2
- Implicit fallthroughs HOT 8
- libpng version 1.6.43 dll only worked on the debugged version.crashed with the released version. HOT 3
- [Build][CMake][Windows] Issue to build on Windows when cygwin (awk ) is present in the PATH HOT 4
- libpng-1.6.43.tar.gz is corrupt HOT 2
- Sovereign Tech Fund: Fellowship for Maintainers
- Potential Vulnerability in libpng Leading to Hang or Infinite Loop when Processing Malformed PNG Files HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libpng.