== The January 2007 media player debacle ==

Media players are especially sensitive to stream corruption. In fact, zzuf started its life as a tool to find bugs in the VLC media player software. The following table gives a few examples of crashes (all programs were the latest version in Debian i386 sid as of 2007/01/14). Click on each link to download the file that caused the crash:

'''Disclaimer 1''': “robust” does not mean that there is no bug, it just means that zzuf could not find one in reasonable time.

'''Disclaimer 2''': segmentation faults reported below are not necessarily bugs in the program itself; for instance, the MPEG-2 crashes are more likely due to a bug in the libmpeg2 library.

{{{
#!html
<table style="border: solid black 1px; background: white;">
  <tr style="background-color: #99f;">
    <td></td>
    <td>VLC</td>
    <td>MPlayer</td>
    <td>xine</td>
    <td>FFmpeg (ffplay)</td>
    <td>GStreamer (gst-launch)</td>
    <td>mpg321</td>
    <td>ogg123</td>
  </tr>
  <tr style="background-color: #ddf;">
    <td style="background-color: #99f;">MP3</td>
    <td style="background: #cfa;">robust</td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.mp3">SIGSEGV</a></tt></b></td>
    <td style="background: #cfa;">robust</td>
    <td style="background: #cfa;">robust</td>
    <td style="background: #cfa;">robust</td>
    <td style="background: #cfa;">robust</td>
    <td>N/A</td>
  </tr>
  <tr style="background-color: #ddf;">
    <td style="background-color: #99f;">Ogg Vorbis</td>
    <td style="background: #cfa;">robust</td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.ogg">SIGSEGV</a></tt></b></td>
    <td style="background: #cfa;">robust</td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-ffplay.ogg">SIGSEGV</a></tt></b></td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-gstreamer.ogg">SIGSEGV</a></tt></b></td>
    <td>N/A</td>
    <td style="background: #cfa;">robust</td>
  </tr>
  <tr style="background-color: #ddf;">
    <td style="background-color: #99f;">MPEG-1</td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-vlc.mpg">SIGSEGV</a></tt></b></td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.mpg">SIGSEGV</a></tt></b></td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-xine.mpg">SIGSEGV</a></tt></b></td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-ffplay.mpg">SIGSEGV</a></tt></b></td>
    <td style="background: #cfa;">robust</td>
    <td>N/A</td>
    <td>N/A</td>
  </tr>
  <tr style="background-color: #ddf;">
    <td style="background-color: #99f;">MPEG-2</td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-vlc.m2v">SIGSEGV</a></tt></b></td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.m2v">SIGSEGV</a></tt></b></td>
    <td style="background: #cfa;">robust</td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-ffplay.m2v">SIGSEGV</a></tt></b></td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-gstreamer.m2v">SIGSEGV</a></tt></b></td>
    <td>N/A</td>
    <td>N/A</td>
  </tr>
  <tr style="background-color: #ddf;">
    <td style="background-color: #99f;">MPEG-4 AVI</td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-vlc.avi">SIGSEGV</a></tt></b></td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.avi">SIGSEGV</a></tt></b></td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-xine.avi">SIGSEGV</a></tt></b></td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-ffplay.avi">SIGSEGV</a></tt></b></td>
    <td style="background: #fca;"><a href="/files/zzuf/bugs/lol-gstreamer.avi">deadlock?</a></td>
    <td>N/A</td>
    <td>N/A</td>
  </tr>
  <tr style="background-color: #ddf;">
    <td style="background-color: #99f;">FLAC</td>
    <td style="background: #cfa;">robust</td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.flac">SIGSEGV</a></tt></b></td>
    <td style="background: #cfa;">robust</td>
    <td style="background: #fca;"><a href="/files/zzuf/bugs/lol-ffplay.flac">heap corruption</a></td>
    <td style="background: #cfa;">robust</td>
    <td>N/A</td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-ogg123.flac">SIGFPE</a></tt></b></td>
  </tr>
  <tr style="background-color: #ddf;">
    <td style="background-color: #99f;">Ogg Theora</td>
    <td style="background: #cfa;">robust</td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.ogm">SIGSEGV</a></tt></b></td>
    <td style="background: #cfa;">robust</td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-ffplay.ogm">SIGSEGV</a></tt></b></td>
    <td style="background: #cfa;">robust</td>
    <td>N/A</td>
    <td>N/A</td>
  </tr>
  <tr style="background-color: #ddf;">
    <td style="background-color: #99f;">WMV</td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-vlc.wmv">SIGSEGV</a></tt></b></td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.wmv">SIGSEGV</a></tt></b></td>
    <td>N/A</td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-ffplay.wmv">SIGSEGV</a></tt></b></td>
    <td style="background: #cfa;">robust</td>
    <td>N/A</td>
    <td>N/A</td>
  </tr>
  <tr style="background-color: #ddf;">
    <td style="background-color: #99f;">AAC</td>
    <td style="background: #fca;"><a href="/files/zzuf/bugs/lol-vlc.aac">heap corruption</a></td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-mplayer.aac">SIGSEGV</a></tt></b></td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-xine.aac">SIGSEGV</a></tt></b></td>
    <td>N/A</td>
    <td>N/A</td>
    <td>N/A</td>
    <td>N/A</td>
  </tr>
  <tr style="background-color: #ddf;">
    <td style="background-color: #99f;">AC-3/A52</td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-vlc.ac3">SIGSEGV</a></tt></b></td>
    <td style="background: #cfa;">robust</td>
    <td style="background: #cfa;">robust</td>
    <td style="background: #fca;"><b><tt><a href="/files/zzuf/bugs/lol-ffplay.ac3">SIGSEGV</a></tt></b></td>
    <td>N/A</td>
    <td>N/A</td>
    <td>N/A</td>
  </tr>
  <tr style="background-color: #ddf;">
    <td style="background-color: #99f;">Speex</td>
    <td style="background: #cfa;">robust</td>
    <td style="background: #cfa;">robust</td>
    <td style="background: #cfa;">robust</td>
    <td>N/A</td>
    <td style="background: #cfa;">robust</td>
    <td>N/A</td>
    <td style="background: #cfa;">robust</td>
  </tr>
</table>
}}}

== Other bugs ==

Here is a list of other bugs that were easily found using zzuf, each time in a matter of seconds.

{{{
#!html
<table style="border: solid black 1px; background: white;">
  <tr style="background-color: #99f;"><td colspan="3"><b>OpenBSD</b> (OpenBSD xxxxxxx.xxx 4.0 GENERIC#1107 i386)</td></tr>
  <tr style="background-color: #ddf;">
      <td><tt><b>nm <a href="/files/zzuf/bugs/lol-openbsd-nm">lol-openbsd-nm</a></b></tt></td>
      <td>SIGSEGV</td>
      <td>crash in <tt>strcmp()</tt>, not exploitable</td>
  </tr>
  <tr style="background-color: #ddf;">
      <td><tt><b>objdump -T <a href="/files/zzuf/bugs/lol-openbsd-objdump">lol-openbsd-objdump</a></b></tt></td>
      <td>SIGSEGV</td>
      <td>?</td>
  </tr>
  <tr style="background-color: #99f;"><td colspan="3"><b>Linux</b> (Debian 4.0 i386 unstable)</td></tr>
  <tr style="background-color: #ddf;">
      <td><tt><b>nm <a href="/files/zzuf/bugs/lol-debian-nm">lol-debian-nm</a></b></tt></td>
      <td>SIGKILL</td>
      <td>memory usage exceeded</td>
  </tr>
  <tr style="background-color: #ddf;">
      <td><tt><b>identify <a href="/files/zzuf/bugs/fuzz1.xpm">fuzz1.xpm</a>
          <a href="/files/zzuf/bugs/fuzz2.xpm">fuzz2.xpm</a>
          <a href="/files/zzuf/bugs/fuzz3.xpm">fuzz3.xpm</a></b></tt></td>
      <td>SIGSEGV</td>
      <td>Memory corruption in ImageMagick. Security implications look promising.</td>
  </tr>
  <tr style="background-color: #ddf;">
      <td><tt><b>antiword <a href="/files/zzuf/bugs/lol-antiword.doc">lol-antiword.doc</a></b></tt></td>
      <td>SIGSEGV</td>
      <td>?</td>
  </tr>
  <tr style="background-color: #ddf;">
      <td><tt><b>firefox <a href="/files/zzuf/bugs/lol-firefox.gif">lol-firefox.gif</a></b></tt></td>
      <td>BadAlloc</td>
      <td>X11 error</td>
  </tr>
  <tr style="background-color: #ddf;">
      <td><tt><b>dvipng <a href="/files/zzuf/bugs/lol-dvipng.dvi">lol-dvipng.dvi</a></b></tt></td>
      <td>SIGSEGV</td>
      <td>Also occurs with <tt>dvi2ps</tt></td>
  </tr>
  <tr style="background-color: #ddf;">
      <td><tt><b>giftopnm <a href="/files/zzuf/bugs/lol-giftopnm.gif">lol-giftopnm.gif</a></b></tt></td>
      <td>SIGSEGV</td>
      <td>?</td>
  </tr>
  <tr style="background-color: #99f;"><td colspan="3"><b>FreeBSD</b> (FreeBSD xxxxxxx.xxx 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Sun May  7 04:32:43 UTC 2006     root@opus.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386)</td></tr>
  <tr style="background-color: #ddf;">
      <td><tt><b>nm <a href="/files/zzuf/bugs/lol-freebsd-nm">lol-freebsd-nm</a></b></tt></td>
      <td>SIGSEGV</td>
      <td>?</td>
  </tr>
  <tr style="background-color: #99f;"><td colspan="3"><b>Mac OS X</b> (Darwin xxxxxxx.xxx 8.3.1 Darwin Kernel Version 8.3.1: Wed Nov  2 21:12:54 PST 2005; root:xnu-792.7.56.obj~6/RELEASE_I386 i386 i386)</td></tr>
  <tr style="background-color: #ddf;">
      <td><tt><b>nm <a href="/files/zzuf/bugs/lol-macosx-nm">lol-macosx-nm</a></b></tt></td>
      <td>SIGSEGV</td>
      <td>?</td>
  </tr>
  <tr style="background-color: #ddf;">
      <td><tt><b>otool -I <a href="/files/zzuf/bugs/lol-macosx-otool">lol-macosx-otool</a></b></tt></td>
      <td>SIGSEGV</td>
      <td>?</td>
  </tr>
</table>
}}}