GNU bug report logs - #23549
parted needs to be afl-fuzzed (crash found on Debian, 3.2-15)

Previous Next

Package: parted;

Reported by: Jacek Wielemborek <d33tah <at> gmail.com>

Date: Mon, 16 May 2016 15:30:02 UTC

Severity: normal

To reply to this bug, email your comments to 23549 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-parted <at> gnu.org:
bug#23549; Package parted. (Mon, 16 May 2016 15:30:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Jacek Wielemborek <d33tah <at> gmail.com>:
New bug report received and forwarded. Copy sent to bug-parted <at> gnu.org. (Mon, 16 May 2016 15:30:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Jacek Wielemborek <d33tah <at> gmail.com>
To: bug-parted <at> gnu.org
Subject: parted needs to be afl-fuzzed (crash found on Debian, 3.2-15)
Date: Mon, 16 May 2016 14:03:43 +0200

[Message part 1 (text/plain, inline)]
Hello,

The following base64-encoded device crashes parted 3.2 on "print all":

C+WpQf////8AAAAQAAAAAAAA5/8AAAAEAAAAAAAgAgAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAABkAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABkAAAAAAAAAAAAAADqAAAAAAAA
AAAAAAAA/gAAAAD////5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABGAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAEAAAAA+////wAAAAAAAGQAQAAAAAAAAAAAAAAA
AACJiYmJiYmJiYmJiYmJDgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA//9//wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIgAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAOoA
AAAAAAAAAAAAAAAAAAAARgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AACrAAAAAPH/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAD////qAAAAAAAAAAAAAAAA8hZWDgAAAAAAAAAAAAAAAAARAAAIAAD+AAAA
AP////kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5h0AAAAAAAAAAAAAAAAA
AAAAAAAAAO7iAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAHgAAAAAAAAAAZAAAAAAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAADm////
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE
AgAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAP////roAAAA
AAAAABsAIwAAAO//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABkAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAiAAAAAAAAAAAAAAB/AAAAAAAAAAAAAAAAAAAAAAAAAOb/HwAA
AAAAAAAA7v///wAAAAAAAAAfAAAAAAAAAAAAAP////8AAAAAAAAAAAAAAAAA
6f8AAAAAAAAAAAAAAAAAAABkAAAZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAHAAAAAAAA

Here's an archive of input files I started fuzzing with:

H4sIAB21OVcAA+3VT2xURRgA8NlNBSOKJEbicSR48dJ9r7tvvRlCipAQg6RF
DxystEqluGb/kBg51JJw0IQ70XDyIuVADAeMUD0YbxrDyRDizQOQcJCbJq1v
/0AsCS1pu2DT32/z9pv9Zt7Mt2+SeZPpYOi3Uq5aqXRi7sHYaSdpNcmG0mpW
zfNJ+xNipe+V5VqN5lg9xlCv1ZpLjVuuf52aTAffn5ya6Osa7Q3OyuWH7X/6
n/3PKpWsvf/VoUqIpb5W1bPB9//vy2Hbmd+uhIuXQzjz+5kf/5kLJ38Im74L
xbtf33p5Uwhzc5tfG2htOfXzts/m5ze37t7efql4sfB9OPnt9OfNwhf7i7+8
cCucDOH2/JP+KxvKV1dO/NSOxXAqvwp5q7CCWUbPr21VrDf5+f/Bx30+2JY8
/5NStuj9n7/4OznnPyyrEO7MLyy0z/7hFdw9en54z754YNfBkfZMh/PM678+
P9Wdt+verDt6cWcvXho9e33vhRv7z92Mx6425maLvfx07zp9bWR2BQUBAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAYzG8Z188sOvgSAiFcDj/
/epbu5/p5Hv9hV7c0Ys7e/HS6Nnrey/c2H/uZjx2tTE3+0ovP927Tl8bme1/
9azWZDrYaH3U3zVKuaxc7sTc4piUsnY7SatJNpRW8yu0c2k5xFJ/y+pqNZpj
9RhDvVZrLjVuuf516o03R+OBsXpzYjzuzh9F7Xg88slULMWxqWb+fXQ8lmNj
4kjMd6VvCvdbT99vPfUoN7773B931r6c/58XX7rf7D6rgRDXYt7rc8c/XIt5
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaTyXRw/MTR/q5R
ymXlcifmFseklLXbSVpNsqG0mmVZ6OSqIZb6W1ZXq9Ecq8cY6rVac6lxy/Wv
U1v+/GbXQu6hAwY637H4uArinj3L5DetZvK/th/aupr7AQAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAANaryXTwvcZ4f9co5bJyuRNzi2NSytrt
JK0m2VBarab5uKRUqSYhlvpbVler0RyrxxjqtVpzqXHL9W9Qbw8fmhl4lIHF
EGIe7o2dfqB729bCqmq4+Gyhu0Bc8TQbypcz78x8OnFo5knXAQAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALBa/wLdzr7yAFgCAA==

I used my afl-sid project [1] to generate the ASAN-augmented build and
the following command line to find a crash in 20 minutes:

afl-fuzz -d -i i2 -o o -m none -- parted -s @@ print all

I couldn't reproduce the crash on Fedora 23 (3.26-16).

Let me know if you need any more help fuzzing - I'll be happy to help.

Cheers,
d33tah

[1] https://github.com/d33tah/aflize


[signature.asc (application/pgp-signature, attachment)]
Information forwarded to bug-parted <at> gnu.org:
bug#23549; Package parted. (Mon, 16 May 2016 16:34:01 GMT) Full text and rfc822 format available.

Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Jacek Wielemborek <d33tah <at> gmail.com>
To: bug-parted <at> gnu.org
Subject: Re: parted needs to be afl-fuzzed (crash found on Debian, 3.2-15)
Date: Mon, 16 May 2016 15:28:54 +0200

[Message part 1 (text/plain, inline)]
W dniu 16.05.2016 o 14:03, Jacek Wielemborek pisze:
> I couldn't reproduce the crash on Fedora 23 (3.26-16).

This one (xz-compressed, base64-encoded) crashes reproducibly:

/Td6WFoAAATm1rRGAgAhARYAAAB0L+Wj4IHOAdJdAAW5hnr3fJQdVHoCGT8c
Gko17fdoX+AfJVHZLSkz8pUK+7cXqfw2pDYhxGxMi5neVl4uZmA/k6I/nTdM
i7XAMc4xIbXujPZt/9Q/pGbfD3gMDD0FjFWUQsd/ytmAoeugwlw8HPQ7W+xf
G4N5YjQCnj1JvPmV8enTtKBCi/KiJ+Ulr5vSsBvrpNYH/Yp7cjw5eAbFy7Tn
Hc2nEXUtQA9R2VBxn020vYFgIRa6XeMVUz+7ibmL9qfiLLisYYE7ef+tnH+U
Xm2YcD7jEt6MQCr0RoNg/5+N29ST32UFaY133nPI/YZTJUzJloFlBAVp4jvS
zccFXr0YOqlIj8AjeuuE419BL8sl3tsQn113JBJKpbEdRzyl7AdXrPKJa1ns
aqO83iyoJVh7vws5r077YCQtqvW+poUnAxffjmG3Dc8YMP98pZHJaVVRGVzO
JoVAw7T5mw/8F65yxD7DJ1HUGx5B8rnWc6lBzEDwGTUGJeWsHCFgm0LGHBtN
nLsKbguCiGl+9tA4XyMCGj6sgjurw32BHqcNckesEGmzxd1U2zZHakYln6Ck
pnW9FFsDBJ6ELYZLb8CqFhf+Vyq/gBOTLlCUvetziVB1X7ZN0VJxLF+o8qtz
L58AAACUFpj6OPY80gAB7gPPgwIA9O3QV7HEZ/sCAAAAAARZWg==

Just send it to:

base64 -d | xzcat > eeeee
parted -s eeeee print all


[signature.asc (application/pgp-signature, attachment)]
Information forwarded to bug-parted <at> gnu.org:
bug#23549; Package parted. (Mon, 16 May 2016 17:27:01 GMT) Full text and rfc822 format available.

Message #11 received at submit <at> debbugs.gnu.org (full text, mbox):

From: "Brian C. Lane" <bcl <at> redhat.com>
To: bug-parted <at> gnu.org
Subject: Re: bug#23549: parted needs to be afl-fuzzed (crash found on Debian, 
 3.2-15)
Date: Mon, 16 May 2016 10:25:49 -0700

On Mon, May 16, 2016 at 02:03:43PM +0200, Jacek Wielemborek wrote:
> Hello,
> 
> The following base64-encoded device crashes parted 3.2 on "print all":

[snip]

> Let me know if you need any more help fuzzing - I'll be happy to help.

Tracebacks with debug symbols would also be helpful.

I'm pretty sure that fuzzing the MBR will result in all kinds of
interesting crashes.

-- 
Brian C. Lane | Anaconda Team | IRC: bcl #anaconda | Port Orchard, WA (PST8PDT)
Information forwarded to bug-parted <at> gnu.org:
bug#23549; Package parted. (Tue, 17 May 2016 14:45:01 GMT) Full text and rfc822 format available.

Message #14 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Jacek Wielemborek <d33tah <at> gmail.com>
To: bcl <at> redhat.com, bug-parted <at> gnu.org
Subject: Re: bug#23549: parted needs to be afl-fuzzed (crash found on Debian, 
 3.2-15)
Date: Tue, 17 May 2016 16:44:21 +0200

[Message part 1 (text/plain, inline)]
> Tracebacks with debug symbols would also be helpful.

Unfortunately I don't have the build left anymore, so I can't really
help with this one. I can help you guys reproduce the AFL environment
easily though.


[signature.asc (application/pgp-signature, attachment)]
This bug report was last modified 9 years and 35 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.