Guan Fuzz

tags: `paper`

Guan Fuzz

Environment

OS

➜  ~ lsb_release -r 
Release:	20.04
➜  ~ uname -a
Linux lin-System-Product-Name 5.13.0-40-generic #45~20.04.1-Ubuntu SMP Mon Apr 4 09:38:31 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

clang & llvm version

➜  ~ clang -v
clang version 10.0.0-4ubuntu1 
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/8
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/9
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/8
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/9
Selected GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/9
Candidate multilib: .;@m64
Selected multilib: .;@m64

➜  ~ llvm-config --version
10.0.0

Usage

xml setting

element
- ARGV
  - ELEMENT
    - origin parameter
- PARAMETER
  - MUST
    - true : 100% selected
    - false: 50%
  - ELEMENT
    - parameter
example

<root>
  <ARGV>
      <ELEMENT>./djpeg @@</ELEMENT>
 </ARGV>

  <PARAMETER>
    <MUST>false</MUST>
    <ELEMENT>-colors 8</ELEMENT>
    <ELEMENT>-colors 9</ELEMENT>
    <ELEMENT>-colors 10</ELEMENT>
    <ELEMENT>-colors 50</ELEMENT>
    <ELEMENT>-colors 99</ELEMENT>
  </PARAMETER>	  
  <PARAMETER>
    <MUST>false</MUST>
    <ELEMENT>-fast</ELEMENT>
  </PARAMETER>
  <PARAMETER>
    <MUST>false</MUST>
    <ELEMENT>-grayscale</ELEMENT>
  </PARAMETER>
  <PARAMETER>
    <MUST>false</MUST>
    <ELEMENT>-rgb</ELEMENT>
  </PARAMETER>
  <PARAMETER>
    <MUST>false</MUST>
    <ELEMENT>-rgb565</ELEMENT>
  </PARAMETER>
  <PARAMETER>
    <MUST>false</MUST>
    <ELEMENT>-scale 1/7</ELEMENT>
    <ELEMENT>-scale 1/3</ELEMENT>
    <ELEMENT>-scale 2/3</ELEMENT>
    <ELEMENT>-scale 2/1</ELEMENT>
  </PARAMETER>
  <PARAMETER>
    <MUST>false</MUST>
    <ELEMENT>-bmp</ELEMENT>
    <ELEMENT>-gif</ELEMENT>
    <ELEMENT>-os2</ELEMENT>
    <ELEMENT>-pnm</ELEMENT>
    <ELEMENT>-targa</ELEMENT>
  </PARAMETER>
  <PARAMETER>
    <MUST>false</MUST>
    <ELEMENT>-dct int</ELEMENT>
    <ELEMENT>-dct fast</ELEMENT>
    <ELEMENT>-dct float</ELEMENT>
  </PARAMETER>
  <PARAMETER>
    <MUST>false</MUST>
    <ELEMENT>-dither fs</ELEMENT>
    <ELEMENT>-dither none</ELEMENT>
    <ELEMENT>-dither ordered</ELEMENT>
  </PARAMETER>
  <PARAMETER>
    <MUST>false</MUST>
    <ELEMENT>-nosmooth</ELEMENT>
  </PARAMETER>
  <PARAMETER>
    <MUST>false</MUST>
    <ELEMENT>-onepass</ELEMENT>
  </PARAMETER>
  <PARAMETER>
    <MUST>false</MUST>
    <ELEMENT>-maxmemory 1</ELEMENT>
  </PARAMETER>
  <PARAMETER>
    <MUST>true</MUST>
    <ELEMENT>-outfile /dev/null</ELEMENT>
  </PARAMETER>
  <PARAMETER>
    <MUST>false</MUST>
    <ELEMENT>-memsrc</ELEMENT>
  </PARAMETER>
  <PARAMETER>
    <MUST>false</MUST>
    <ELEMENT>-skip 0,20</ELEMENT>
    <ELEMENT>-skip 0,21</ELEMENT>
    <ELEMENT>-skip 1,20</ELEMENT>
    <ELEMENT>-skip 1,21</ELEMENT>
  </PARAMETER>
  <PARAMETER>
    <MUST>false</MUST>
    <ELEMENT>-crop 5x5+3+3</ELEMENT>
  </PARAMETER>
  <PARAMETER>
    <MUST>true</MUST>
    <ELEMENT>@@</ELEMENT>
  </PARAMETER>
</root>

how to run

Meanshift

    python3 group_argv_file.py 8090 valid invalid

Guan-Fuzz
```
    ./Guan-fuzz -i in -o out -s ./parameter.xml -m none -d -p 8090 ./djpeg
```
- argument usage like AFL: https://github.com/google/AFL
- -p: connect Meanshift

Result

Target	CVE ID
bingrep	CVE-2021-39480
libsixel	CVE-2021-46700
libtiff	CVE-2022-2867
libtiff	CVE-2022-2868
libtiff	CVE-2022-2869
libtiff	CVE-2022-1354
libtiff	CVE-2022-1355
fribidi	CVE-2022-25308
fribidi	CVE-2022-25308
fribidi	CVE-2022-25308
jbig2dec	CVE-2023-46361
mupdf	CVE-2021-4216
Bento4	CVE-2022-29017

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
.travis		.travis
dictionaries		dictionaries
docs		docs
evaluation		evaluation
experimental		experimental
libdislocator		libdislocator
libtokencap		libtokencap
llvm_mode		llvm_mode
qemu_mode		qemu_mode
testcases		testcases
.gitignore		.gitignore
.travis.yml		.travis.yml
Android.bp		Android.bp
CONTRIBUTING.md		CONTRIBUTING.md
LICENSE		LICENSE
Makefile		Makefile
Readme.md		Readme.md
afl-analyze.c		afl-analyze.c
afl-as.c		afl-as.c
afl-as.h		afl-as.h
afl-cmin		afl-cmin
afl-fuzz.c		afl-fuzz.c
afl-gcc.c		afl-gcc.c
afl-gotcpu.c		afl-gotcpu.c
afl-plot		afl-plot
afl-showmap.c		afl-showmap.c
afl-tmin.c		afl-tmin.c
afl-whatsup		afl-whatsup
alloc-inl.h		alloc-inl.h
android-ashmem.h		android-ashmem.h
config.h		config.h
debug.h		debug.h
group_argv_file.py		group_argv_file.py
hash.h		hash.h
parse.c		parse.c
parse.h		parse.h
test-instr.c		test-instr.c
test-libfuzzer-target.c		test-libfuzzer-target.c
types.h		types.h

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

tags: `paper`

Guan Fuzz

Environment

Usage

xml setting

how to run

Result

About

Releases

Packages

Languages

License

p870613/GuanFuzz

Folders and files

Latest commit

History

Repository files navigation

tags: paper

Guan Fuzz

Environment

Usage

xml setting

how to run

Result

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

tags: `paper`

Packages