-
-
Notifications
You must be signed in to change notification settings - Fork 434
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Heap-buffer-overflow in mz_os.c:71 mz_path_has_slash #739
Comments
Where did
so does
and
|
poc0 is a malformed zip file generated by fuzzer. I used the "-x" flag when testing and it came into a heap-buffer-overflow crash. So maybe you could give a proper prompt when using "-x" to extract malformed files like poc0? |
Aaaah, ok. When built without ASAN the
That said, there is still a buffer overflow present. Let's take a look at that FYI - the cmake build now support building with ASAN, like this.
When I run that I get the line numbers where the problems are
Memory allocation in the
The error is triggered in the
This needs further analysis |
Does checking for |
Yes it does. The error is triggered when Fix in PR #741 |
@Akane0721 are your fuzz test available somewhere? They don't appear to be in the fuzzing that this project uses. |
|
Thanks @Akane0721 but I don't see the fuzz test you used for minizip in that repo. Have I missed something? If you specific tests that use NestFuzz can you share them? |
Sorry, I'm not quite clear on what you mean by "fuzz test." Are you referring to the fuzzer's output folder for minizip or the fuzzer_stats file or something? |
No. problem. The question is how to reproduce the test you ran with minizip + NestFuzz that highlighted the issue you have reported? |
output_dir link: https://github.com/Akane0721/POC/tree/f2b5178655c1e8fa9acbc1d6ba50be0c62d36016/minizip-out-folder (only kept the non-duplicated "crashes" files), and the input seed zip file is also put there. fuzzer command: export AFL_USE_ASAN=1
CC="path/to/NestFuzz/afl-gcc" CXX="path/to/NestFuzz/afl-g++" cmake -S . -B build -D MZ_BUILD_TESTS=ON
cmake --build build
path/to/NestFuzz/./afl-fuzz -m none -d -i $INPUT -o $OUTPUT -- $PROG -x -o @@ input logic processing command: CC="path/to/NestFuzz/ipl-modeling/install/test-clang" CXX="path/to/NestFuzz/ipl-modeling/install/test-clang++" cmake -S . -B build -D MZ_BUILD_TESTS=ON
cmake --build build
python3 $ROOTDIR/fuzzer/NestFuzz/isi.py -t 300 -o $OUTPUT -l $LOG -- $PROGINFER -x -o @@ |
Thanks @Akane0721 ! |
Fixed in 4.0.3. Thank you! |
Description
heap-buffer-overflow (/minizip-ng/build/minizip+0x8d5a) in mz_path_has_slash
Version
Replay
ASAN
POC
https://github.com/Akane0721/POC/blob/f37d805631e0a15bea1f15b6e1edfb3246a2e0fc/minizip-ng/poc0
Environment
The text was updated successfully, but these errors were encountered: