Context Navigation

Changes between Version 1 and Version 2 of zzuf/bugs Tweet

Timestamp:: 07/09/2008 11:56:04 AM (18 years ago)
Author:: Sam Hocevar
Comment:: re-added the old crash tables

Legend:

: Unmodified
: Added
: Removed
: Modified

zzuf/bugs

-                      v1
+                      v2
 '''Disclaimer 2''': segmentation faults reported below are not necessarily bugs in the program itself; for instance, the MPEG-2 crashes are more likely due to a bug in the libmpeg2 library.
+''todo''
+{{{
+#!html
+<table style="border: solid black 1px; background: white;">
+  <tr style="background-color: #99f;">
+    <td></td>
+    <td>VLC</td>
+    <td>MPlayer</td>
+    <td>xine</td>
+    <td>FFmpeg (ffplay)</td>
+    <td>GStreamer (gst-launch)</td>
+    <td>mpg321</td>
+    <td>ogg123</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+    <td style="background-color: #99f;">MP3</td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.mp3">SIGSEGV</a></tt></b></td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #cfa;">robust</td>
+    <td>N/A</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+    <td style="background-color: #99f;">Ogg Vorbis</td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.ogg">SIGSEGV</a></tt></b></td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-ffplay.ogg">SIGSEGV</a></tt></b></td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-gstreamer.ogg">SIGSEGV</a></tt></b></td>
+    <td>N/A</td>
+    <td style="background: #cfa;">robust</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+    <td style="background-color: #99f;">MPEG-1</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-vlc.mpg">SIGSEGV</a></tt></b></td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.mpg">SIGSEGV</a></tt></b></td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-xine.mpg">SIGSEGV</a></tt></b></td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-ffplay.mpg">SIGSEGV</a></tt></b></td>
+    <td style="background: #cfa;">robust</td>
+    <td>N/A</td>
+    <td>N/A</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+    <td style="background-color: #99f;">MPEG-2</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-vlc.m2v">SIGSEGV</a></tt></b></td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.m2v">SIGSEGV</a></tt></b></td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-ffplay.m2v">SIGSEGV</a></tt></b></td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-gstreamer.m2v">SIGSEGV</a></tt></b></td>
+    <td>N/A</td>
+    <td>N/A</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+    <td style="background-color: #99f;">MPEG-4 AVI</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-vlc.avi">SIGSEGV</a></tt></b></td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.avi">SIGSEGV</a></tt></b></td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-xine.avi">SIGSEGV</a></tt></b></td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-ffplay.avi">SIGSEGV</a></tt></b></td>
+    <td style="background: #fca;"><a href="/files/zzuf/bugs/lol-gstreamer.avi">deadlock?</a></td>
+    <td>N/A</td>
+    <td>N/A</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+    <td style="background-color: #99f;">FLAC</td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.flac">SIGSEGV</a></tt></b></td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #fca;"><a href="/files/zzuf/bugs/lol-ffplay.flac">heap corruption</a></td>
+    <td style="background: #cfa;">robust</td>
+    <td>N/A</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-ogg123.flac">SIGFPE</a></tt></b></td>
+  </tr>
+  <tr style="background-color: #ddf;">
+    <td style="background-color: #99f;">Ogg Theora</td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.ogm">SIGSEGV</a></tt></b></td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-ffplay.ogm">SIGSEGV</a></tt></b></td>
+    <td style="background: #cfa;">robust</td>
+    <td>N/A</td>
+    <td>N/A</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+    <td style="background-color: #99f;">WMV</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-vlc.wmv">SIGSEGV</a></tt></b></td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.wmv">SIGSEGV</a></tt></b></td>
+    <td>N/A</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-ffplay.wmv">SIGSEGV</a></tt></b></td>
+    <td style="background: #cfa;">robust</td>
+    <td>N/A</td>
+    <td>N/A</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+    <td style="background-color: #99f;">AAC</td>
+    <td style="background: #fca;"><a href="/files/zzuf/bugs/lol-vlc.aac">heap corruption</a></td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.aac">SIGSEGV</a></tt></b></td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-xine.aac">SIGSEGV</a></tt></b></td>
+    <td>N/A</td>
+    <td>N/A</td>
+    <td>N/A</td>
+    <td>N/A</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+    <td style="background-color: #99f;">AC-3/A52</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-vlc.ac3">SIGSEGV</a></tt></b></td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-ffplay.ac3">SIGSEGV</a></tt></b></td>
+    <td>N/A</td>
+    <td>N/A</td>
+    <td>N/A</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+    <td style="background-color: #99f;">Speex</td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #cfa;">robust</td>
+    <td>N/A</td>
+    <td style="background: #cfa;">robust</td>
+    <td>N/A</td>
+    <td style="background: #cfa;">robust</td>
+  </tr>
+</table>
+}}}
 == Other bugs ==
 …
 Here is a list of other bugs that were easily found using zzuf, each time in a matter of seconds.
+''todo''
+{{{
+#!html
+<table style="border: solid black 1px; background: white;">
+  <tr style="background-color: #99f;"><td colspan="3"><b>OpenBSD</b> (OpenBSD xxxxxxx.xxx 4.0 GENERIC#1107 i386)</td></tr>
+  <tr style="background-color: #ddf;">
+      <td><tt><b>nm <a href="/files/zzuf/bugs/lol-openbsd-nm">lol-openbsd-nm</a></b></tt></td>
+      <td>SIGSEGV</td>
+      <td>crash in <tt>strcmp()</tt>, not exploitable</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+      <td><tt><b>objdump -T <a href="/files/zzuf/bugs/lol-openbsd-objdump">lol-openbsd-objdump</a></b></tt></td>
+      <td>SIGSEGV</td>
+      <td>?</td>
+  </tr>
+  <tr style="background-color: #99f;"><td colspan="3"><b>Linux</b> (Debian 4.0 i386 unstable)</td></tr>
+  <tr style="background-color: #ddf;">
+      <td><tt><b>nm <a href="/files/zzuf/bugs/lol-debian-nm">lol-debian-nm</a></b></tt></td>
+      <td>SIGKILL</td>
+      <td>memory usage exceeded</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+      <td><tt><b>identify <a href="/files/zzuf/bugs/fuzz1.xpm">fuzz1.xpm</a>
+          <a href="/files/zzuf/bugs/fuzz2.xpm">fuzz2.xpm</a>
+          <a href="/files/zzuf/bugs/fuzz3.xpm">fuzz3.xpm</a></b></tt></td>
+      <td>SIGSEGV</td>
+      <td>Memory corruption in ImageMagick. Security implications look promising.</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+      <td><tt><b>antiword <a href="/files/zzuf/bugs/lol-antiword.doc">lol-antiword.doc</a></b></tt></td>
+      <td>SIGSEGV</td>
+      <td>?</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+      <td><tt><b>firefox <a href="/files/zzuf/bugs/lol-firefox.gif">lol-firefox.gif</a></b></tt></td>
+      <td>BadAlloc</td>
+      <td>X11 error</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+      <td><tt><b>dvipng <a href="/files/zzuf/bugs/lol-dvipng.dvi">lol-dvipng.dvi</a></b></tt></td>
+      <td>SIGSEGV</td>
+      <td>Also occurs with <tt>dvi2ps</tt></td>
+  </tr>
+  <tr style="background-color: #ddf;">
+      <td><tt><b>giftopnm <a href="/files/zzuf/bugs/lol-giftopnm.gif">lol-giftopnm.gif</a></b></tt></td>
+      <td>SIGSEGV</td>
+      <td>?</td>
+  </tr>
+  <tr style="background-color: #99f;"><td colspan="3"><b>FreeBSD</b> (FreeBSD xxxxxxx.xxx 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Sun May  7 04:32:43 UTC 2006     root@opus.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386)</td></tr>
+  <tr style="background-color: #ddf;">
+      <td><tt><b>nm <a href="/files/zzuf/bugs/lol-freebsd-nm">lol-freebsd-nm</a></b></tt></td>
+      <td>SIGSEGV</td>
+      <td>?</td>
+  </tr>
+  <tr style="background-color: #99f;"><td colspan="3"><b>Mac OS X</b> (Darwin xxxxxxx.xxx 8.3.1 Darwin Kernel Version 8.3.1: Wed Nov  2 21:12:54 PST 2005; root:xnu-792.7.56.obj~6/RELEASE_I386 i386 i386)</td></tr>
+  <tr style="background-color: #ddf;">
+      <td><tt><b>nm <a href="/files/zzuf/bugs/lol-macosx-nm">lol-macosx-nm</a></b></tt></td>
+      <td>SIGSEGV</td>
+      <td>?</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+      <td><tt><b>otool -I <a href="/files/zzuf/bugs/lol-macosx-otool">lol-macosx-otool</a></b></tt></td>
+      <td>SIGSEGV</td>
+      <td>?</td>
+  </tr>
+</table>
+}}}