Fuzzing libpng-1.6.31 using AFL++

[TOLUCHURI SHYAMILI SHANKER RAO]

Hello, 

I'm also trying to fuzz libpng-1.6.31 using AFL++.

As suggested I applied the patch to libpng using this command inside the libpng-1.6.31 folder:

patch > ~AFL/experimental/libpng_no_checksum/libpng-nocrc.patch

Next I compiled the library with this command:

CC=/path/to/afl-gcc ./configure --disable-shared && make -j4

And after this I went into the contrib/libtests/ folder and used this command:

/path/to/afl-gcc ./readpng.c -lm -lz ../../.libs/libpng16.a -o readpng

But there are some problems, first of all there is no 'libpng16.a' file anywhere and second of all it shows an error 'ld returned 1 exit status' and eventually not creating an executable. 

So if there's anyone who is familiar with it, could you please give me some advice.

Thanks a lot,

Shyamili

[Nikolay Shaplov]

В письме от среда, 8 марта 2023 г. 12:34:16 MSK пользователь 'TOLUCHURI
SHYAMILI SHANKER RAO' via afl-users написал:

> Next I compiled the library with this command:
> CC=/path/to/afl-gcc ./configure --disable-shared && make -j4
>
> And after this I went into the contrib/libtests/ folder and used this
> command:
> /path/to/afl-gcc ./readpng.c -lm -lz ../../.libs/libpng16.a -o readpng
>
> But there are some problems, first of all there is no 'libpng16.a' file
> anywhere and second of all it shows an error 'ld returned 1 exit status'
> and eventually not creating an executable.

I guess libpng16.a was not created while running build process (your make -j4)
or it have been created in some other location.
You can try to find it manually, if it is in another location (reading building
log might help), or try to figure out why it is not build at all. May be you
need some extra option to force static library build, or may be this feature
have been disabled recently, you can try older versions of libpng, and see if
you have it there...

--
Nikolay Shaplov aka Nataraj
Fuzzing Engineer at Postgres Professional
Matrix IM: @dhyan:nataraj.su