Context Navigation

Changes between Version 2 and Version 3 of zzuf/bugs Tweet

Timestamp:: 07/09/2008 12:28:28 PM (16 years ago)
Author:: Sam Hocevar
Comment:: switched tables to wiki formatting

Legend:

: Unmodified
: Added
: Removed
: Modified

zzuf/bugs

-                      v2
+                      v3
 '''Disclaimer 2''': segmentation faults reported below are not necessarily bugs in the program itself; for instance, the MPEG-2 crashes are more likely due to a bug in the libmpeg2 library.
+{{{
+#!html
+<table style="border: solid black 1px; background: white;">
+  <tr style="background-color: #99f;">
+    <td></td>
+    <td>VLC</td>
+    <td>MPlayer</td>
+    <td>xine</td>
+    <td>FFmpeg (ffplay)</td>
+    <td>GStreamer (gst-launch)</td>
+    <td>mpg321</td>
+    <td>ogg123</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+    <td style="background-color: #99f;">MP3</td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.mp3">SIGSEGV</a></tt></b></td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #cfa;">robust</td>
+    <td>N/A</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+    <td style="background-color: #99f;">Ogg Vorbis</td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.ogg">SIGSEGV</a></tt></b></td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-ffplay.ogg">SIGSEGV</a></tt></b></td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-gstreamer.ogg">SIGSEGV</a></tt></b></td>
+    <td>N/A</td>
+    <td style="background: #cfa;">robust</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+    <td style="background-color: #99f;">MPEG-1</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-vlc.mpg">SIGSEGV</a></tt></b></td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.mpg">SIGSEGV</a></tt></b></td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-xine.mpg">SIGSEGV</a></tt></b></td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-ffplay.mpg">SIGSEGV</a></tt></b></td>
+    <td style="background: #cfa;">robust</td>
+    <td>N/A</td>
+    <td>N/A</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+    <td style="background-color: #99f;">MPEG-2</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-vlc.m2v">SIGSEGV</a></tt></b></td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.m2v">SIGSEGV</a></tt></b></td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-ffplay.m2v">SIGSEGV</a></tt></b></td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-gstreamer.m2v">SIGSEGV</a></tt></b></td>
+    <td>N/A</td>
+    <td>N/A</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+    <td style="background-color: #99f;">MPEG-4 AVI</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-vlc.avi">SIGSEGV</a></tt></b></td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.avi">SIGSEGV</a></tt></b></td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-xine.avi">SIGSEGV</a></tt></b></td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-ffplay.avi">SIGSEGV</a></tt></b></td>
+    <td style="background: #fca;"><a href="/files/zzuf/bugs/lol-gstreamer.avi">deadlock?</a></td>
+    <td>N/A</td>
+    <td>N/A</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+    <td style="background-color: #99f;">FLAC</td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.flac">SIGSEGV</a></tt></b></td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #fca;"><a href="/files/zzuf/bugs/lol-ffplay.flac">heap corruption</a></td>
+    <td style="background: #cfa;">robust</td>
+    <td>N/A</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-ogg123.flac">SIGFPE</a></tt></b></td>
+  </tr>
+  <tr style="background-color: #ddf;">
+    <td style="background-color: #99f;">Ogg Theora</td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.ogm">SIGSEGV</a></tt></b></td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-ffplay.ogm">SIGSEGV</a></tt></b></td>
+    <td style="background: #cfa;">robust</td>
+    <td>N/A</td>
+    <td>N/A</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+    <td style="background-color: #99f;">WMV</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-vlc.wmv">SIGSEGV</a></tt></b></td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.wmv">SIGSEGV</a></tt></b></td>
+    <td>N/A</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-ffplay.wmv">SIGSEGV</a></tt></b></td>
+    <td style="background: #cfa;">robust</td>
+    <td>N/A</td>
+    <td>N/A</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+    <td style="background-color: #99f;">AAC</td>
+    <td style="background: #fca;"><a href="/files/zzuf/bugs/lol-vlc.aac">heap corruption</a></td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.aac">SIGSEGV</a></tt></b></td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-xine.aac">SIGSEGV</a></tt></b></td>
+    <td>N/A</td>
+    <td>N/A</td>
+    <td>N/A</td>
+    <td>N/A</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+    <td style="background-color: #99f;">AC-3/A52</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-vlc.ac3">SIGSEGV</a></tt></b></td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-ffplay.ac3">SIGSEGV</a></tt></b></td>
+    <td>N/A</td>
+    <td>N/A</td>
+    <td>N/A</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+    <td style="background-color: #99f;">Speex</td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #cfa;">robust</td>
+    <td style="background: #cfa;">robust</td>
+    <td>N/A</td>
+    <td style="background: #cfa;">robust</td>
+    <td>N/A</td>
+    <td style="background: #cfa;">robust</td>
+  </tr>
+</table>
+}}}
+|| || '''VLC''' || '''MPlayer''' || '''xine''' || '''FFmpeg (ffplay)''' || '''GStreamer (gst-launch)''' || '''mpg321''' || '''ogg123''' ||
+|| '''MP3''' || robust || '''[/files/zzuf/bugs/lol-mplayer.mp3 SIGSEGV]''' || robust || robust || robust || robust || N/A ||
+|| '''Ogg Vorbis''' || robust || '''[/files/zzuf/bugs/lol-mplayer.ogg SIGSEGV]''' || robust || '''[/files/zzuf/bugs/lol-ffplay.ogg SIGSEGV]''' || '''[/files/zzuf/bugs/lol-gstreamer.ogg SIGSEGV]''' || N/A || robust ||
+|| '''MPEG-1''' || '''[/files/zzuf/bugs/lol-vlc.mpg SIGSEGV]''' || '''[/files/zzuf/bugs/lol-mplayer.mpg SIGSEGV]''' || '''[/files/zzuf/bugs/lol-xine.mpg SIGSEGV]''' || '''[/files/zzuf/bugs/lol-ffplay.mpg SIGSEGV]''' || robust || N/A || N/A ||
+|| '''MPEG-2''' || '''[/files/zzuf/bugs/lol-vlc.m2v SIGSEGV]''' || '''[/files/zzuf/bugs/lol-mplayer.m2v SIGSEGV]''' || robust || '''[/files/zzuf/bugs/lol-ffplay.m2v SIGSEGV]''' || '''[/files/zzuf/bugs/lol-gstreamer.m2v SIGSEGV]''' || N/A || N/A ||
+|| '''MPEG-4 AVI''' || '''[/files/zzuf/bugs/lol-vlc.avi SIGSEGV]''' || '''[/files/zzuf/bugs/lol-mplayer.avi SIGSEGV]''' || '''[/files/zzuf/bugs/lol-xine.avi SIGSEGV]''' || '''[/files/zzuf/bugs/lol-ffplay.avi SIGSEGV]''' || '''[/files/zzuf/bugs/lol-gstreamer.avi deadlock?]''' || N/A || N/A ||
+|| '''FLAC''' || robust || '''[/files/zzuf/bugs/lol-mplayer.flac SIGSEGV]''' || robust || '''[/files/zzuf/bugs/lol-ffplay.flac heap corruption]''' || robust || N/A || '''[/files/zzuf/bugs/lol-ogg123.flac SIGFPE]''' ||
+|| '''Ogg Theora''' || robust || '''[/files/zzuf/bugs/lol-mplayer.ogm SIGSEGV]''' || robust || '''[/files/zzuf/bugs/lol-ffplay.ogm SIGSEGV]''' || robust || N/A || N/A ||
+|| '''WMV''' || '''[/files/zzuf/bugs/lol-vlc.wmv SIGSEGV]''' || '''[/files/zzuf/bugs/lol-mplayer.wmv SIGSEGV]''' || N/A || '''[/files/zzuf/bugs/lol-ffplay.wmv SIGSEGV]''' || robust || N/A || N/A ||
+|| '''AAC''' || '''[/files/zzuf/bugs/lol-vlc.aac heap corruption]''' || '''[/files/zzuf/bugs/lol-mplayer.aac SIGSEGV]''' || '''[/files/zzuf/bugs/lol-xine.aac SIGSEGV]''' || N/A || N/A || N/A || N/A ||
+|| '''AC-3/A52''' || '''[/files/zzuf/bugs/lol-vlc.ac3 SIGSEGV]''' || robust (I KID YOU NOT) || robust || '''[/files/zzuf/bugs/lol-ffplay.ac3 SIGSEGV]''' || N/A || N/A || N/A ||
+|| '''Speex''' || robust || robust || robust || N/A || robust || N/A || robust ||
 == Other bugs ==
 …
 Here is a list of other bugs that were easily found using zzuf, each time in a matter of seconds.
+{{{
+#!html
+<table style="border: solid black 1px; background: white;">
+  <tr style="background-color: #99f;"><td colspan="3"><b>OpenBSD</b> (OpenBSD xxxxxxx.xxx 4.0 GENERIC#1107 i386)</td></tr>
+  <tr style="background-color: #ddf;">
+      <td><tt><b>nm <a href="/files/zzuf/bugs/lol-openbsd-nm">lol-openbsd-nm</a></b></tt></td>
+      <td>SIGSEGV</td>
+      <td>crash in <tt>strcmp()</tt>, not exploitable</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+      <td><tt><b>objdump -T <a href="/files/zzuf/bugs/lol-openbsd-objdump">lol-openbsd-objdump</a></b></tt></td>
+      <td>SIGSEGV</td>
+      <td>?</td>
+  </tr>
+  <tr style="background-color: #99f;"><td colspan="3"><b>Linux</b> (Debian 4.0 i386 unstable)</td></tr>
+  <tr style="background-color: #ddf;">
+      <td><tt><b>nm <a href="/files/zzuf/bugs/lol-debian-nm">lol-debian-nm</a></b></tt></td>
+      <td>SIGKILL</td>
+      <td>memory usage exceeded</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+      <td><tt><b>identify <a href="/files/zzuf/bugs/fuzz1.xpm">fuzz1.xpm</a>
+          <a href="/files/zzuf/bugs/fuzz2.xpm">fuzz2.xpm</a>
+          <a href="/files/zzuf/bugs/fuzz3.xpm">fuzz3.xpm</a></b></tt></td>
+      <td>SIGSEGV</td>
+      <td>Memory corruption in ImageMagick. Security implications look promising.</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+      <td><tt><b>antiword <a href="/files/zzuf/bugs/lol-antiword.doc">lol-antiword.doc</a></b></tt></td>
+      <td>SIGSEGV</td>
+      <td>?</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+      <td><tt><b>firefox <a href="/files/zzuf/bugs/lol-firefox.gif">lol-firefox.gif</a></b></tt></td>
+      <td>BadAlloc</td>
+      <td>X11 error</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+      <td><tt><b>dvipng <a href="/files/zzuf/bugs/lol-dvipng.dvi">lol-dvipng.dvi</a></b></tt></td>
+      <td>SIGSEGV</td>
+      <td>Also occurs with <tt>dvi2ps</tt></td>
+  </tr>
+  <tr style="background-color: #ddf;">
+      <td><tt><b>giftopnm <a href="/files/zzuf/bugs/lol-giftopnm.gif">lol-giftopnm.gif</a></b></tt></td>
+      <td>SIGSEGV</td>
+      <td>?</td>
+  </tr>
+  <tr style="background-color: #99f;"><td colspan="3"><b>FreeBSD</b> (FreeBSD xxxxxxx.xxx 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Sun May  7 04:32:43 UTC 2006     root@opus.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386)</td></tr>
+  <tr style="background-color: #ddf;">
+      <td><tt><b>nm <a href="/files/zzuf/bugs/lol-freebsd-nm">lol-freebsd-nm</a></b></tt></td>
+      <td>SIGSEGV</td>
+      <td>?</td>
+  </tr>
+  <tr style="background-color: #99f;"><td colspan="3"><b>Mac OS X</b> (Darwin xxxxxxx.xxx 8.3.1 Darwin Kernel Version 8.3.1: Wed Nov  2 21:12:54 PST 2005; root:xnu-792.7.56.obj~6/RELEASE_I386 i386 i386)</td></tr>
+  <tr style="background-color: #ddf;">
+      <td><tt><b>nm <a href="/files/zzuf/bugs/lol-macosx-nm">lol-macosx-nm</a></b></tt></td>
+      <td>SIGSEGV</td>
+      <td>?</td>
+  </tr>
+  <tr style="background-color: #ddf;">
+      <td><tt><b>otool -I <a href="/files/zzuf/bugs/lol-macosx-otool">lol-macosx-otool</a></b></tt></td>
+      <td>SIGSEGV</td>
+      <td>?</td>
+  </tr>
+</table>
+}}}
+ * OpenBSD (4.0 GENERIC!#1107 i386)
+|| nm [/files/zzuf/bugs/lol-openbsd-nm lol-openbsd-nm] || SIGSEGV || crash in `strcmp()`, not exploitable ||
+|| objdump -T [/files/zzuf/bugs/lol-openbsd-objdump lol-openbsd-objdump] || SIGSEGV || ? ||
+ * Linux (Debian 4.0 i386 unstable)
+|| nm [/files/zzuf/bugs/lol-debian-nm lol-debian-nm] || SIGKILL || memory usage exceeded ||
+|| identify [/files/zzuf/bugs/fuzz1.xpm fuzz1.xpm] [/files/zzuf/bugs/fuzz2.xpm fuzz2.xpm] [/files/zzuf/bugs/fuzz3.xpm fuzz3.xpm] || SIGSEGV || Memory corruption in !ImageMagick. Security implications look promising. ||
+|| antiword [/files/zzuf/bugs/lol-antiword.doc lol-antiword.doc] || SIGSEGV || ? ||
+|| firefox [/files/zzuf/bugs/lol-firefox.gif lol-firefox.gif] || !BadAlloc || X11 error ||
+|| dvipng [/files/zzuf/bugs/lol-dvipng.dvi lol-dvipng.dvi] || SIGSEGV || Also occurs with `dvi2ps` ||
+|| giftopnm [/files/zzuf/bugs/lol-giftopnm.gif lol-giftopnm.gif] || SIGSEGV || ? ||
+ * FreeBSD (6.1-RELEASE FreeBSD 6.1-RELEASE !#0: Sun May  7 04:32:43 UTC 2006     root@opus.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386)
+|| nm [/files/zzuf/bugs/lol-freebsd-nm lol-freebsd-nm] || SIGSEGV || ? ||
+ * Mac OS X (8.3.1 Darwin Kernel Version 8.3.1: Wed Nov  2 21:12:54 PST 2005; root:xnu-792.7.56.obj~6/RELEASE_I386 i386 i386)
+|| nm [/files/zzuf/bugs/lol-macosx-nm lol-macosx-nm] || SIGSEGV || ? ||
+|| otool -I [/files/zzuf/bugs/lol-macosx-otool lol-macosx-otool] || SIGSEGV || ? ||