Version 2 (modified by Sam Hocevar, 16 years ago) (diff)

re-added the old crash tables

The January 2007 media player debacle

Media players are especially sensitive to stream corruption. In fact, zzuf started its life as a tool to find bugs in the VLC media player software. The following table gives a few examples of crashes (all programs were the latest version in Debian i386 sid as of 2007/01/14). Click on each link to download the file that caused the crash:

Disclaimer 1: “robust” does not mean that there is no bug, it just means that zzuf could not find one in reasonable time.

Disclaimer 2: segmentation faults reported below are not necessarily bugs in the program itself; for instance, the MPEG-2 crashes are more likely due to a bug in the libmpeg2 library.

VLC MPlayer xine FFmpeg (ffplay) GStreamer (gst-launch) mpg321 ogg123
MP3 robust SIGSEGV robust robust robust robust N/A
Ogg Vorbis robust SIGSEGV robust SIGSEGV SIGSEGV N/A robust
MPEG-1 SIGSEGV SIGSEGV SIGSEGV SIGSEGV robust N/A N/A
MPEG-2 SIGSEGV SIGSEGV robust SIGSEGV SIGSEGV N/A N/A
MPEG-4 AVI SIGSEGV SIGSEGV SIGSEGV SIGSEGV deadlock? N/A N/A
FLAC robust SIGSEGV robust heap corruption robust N/A SIGFPE
Ogg Theora robust SIGSEGV robust SIGSEGV robust N/A N/A
WMV SIGSEGV SIGSEGV N/A SIGSEGV robust N/A N/A
AAC heap corruption SIGSEGV SIGSEGV N/A N/A N/A N/A
AC-3/A52 SIGSEGV robust robust SIGSEGV N/A N/A N/A
Speex robust robust robust N/A robust N/A robust

Other bugs

Here is a list of other bugs that were easily found using zzuf, each time in a matter of seconds.

OpenBSD (OpenBSD xxxxxxx.xxx 4.0 GENERIC#1107 i386)
nm lol-openbsd-nm SIGSEGV crash in strcmp(), not exploitable
objdump -T lol-openbsd-objdump SIGSEGV ?
Linux (Debian 4.0 i386 unstable)
nm lol-debian-nm SIGKILL memory usage exceeded
identify fuzz1.xpm fuzz2.xpm fuzz3.xpm SIGSEGV Memory corruption in ImageMagick. Security implications look promising.
antiword lol-antiword.doc SIGSEGV ?
firefox lol-firefox.gif BadAlloc X11 error
dvipng lol-dvipng.dvi SIGSEGV Also occurs with dvi2ps
giftopnm lol-giftopnm.gif SIGSEGV ?
FreeBSD (FreeBSD xxxxxxx.xxx 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Sun May 7 04:32:43 UTC 2006 root@opus.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386)
nm lol-freebsd-nm SIGSEGV ?
Mac OS X (Darwin xxxxxxx.xxx 8.3.1 Darwin Kernel Version 8.3.1: Wed Nov 2 21:12:54 PST 2005; root:xnu-792.7.56.obj~6/RELEASE_I386 i386 i386)
nm lol-macosx-nm SIGSEGV ?
otool -I lol-macosx-otool SIGSEGV ?

Attachments (75)