How to fuzz a libpng library

[Lingjun Zhou]

Hello, my coolest geek friends.

I'm trying to fuzz a former version（say libpng-1.6.31） of libpng with afl.  But after I compiled libpng with afl-clang-fast and make install it, I just don't know how to start my fuzzing process.

I tried to write a c file called process_png.c to use png library and then use afl-fuzz to fuzz certain executable file a.out , but it didn't seem to work.

So if there's anyone who is familiar with it, could you please give me some advice.

Thanks a lot.

[Michal Zalewski]

Libpng is not exactly a plug-and-play target, but it shouldn't be too
hard. First of all, you want to apply
afl/experimental/libpng_no_checksum/libpng-nocrc.patch to libpng to
remove CRC checks.

Then, you want to compile the library with:

CC=/path/to/afl-gcc ./configure --disable-shared && make -j4

When this is done, you need a target binary that reads from stdin and
does something interesting with the image data. There's one decent
target that comes with libpng, although it's not built by default. Go
to contrib/libtests in the libpng directory, and try:

/path/to/afl-gcc ./readpng.c -lm -lz ../../.libs/libpng16.a -o readpng

The resulting binary, readpng, should be a suitable target. You want
to fuzz it like so:

./afl-fuzz -i testcases/images/png -o some_output_dir -x
dictionaries/png.dict /path/to/readpng

That should do the trick and get you going. Note that to load any of
the generated test cases into a non-patched version of libpng, you'd
need to fix up CRC.

/mz

[Lingjun Zhou]

Thanks a lot, Michal. 

I will try it right away.  ^_^

在 2018年1月29日星期一 UTC+8下午2:45:15，Michal Zalewski写道：

[deathholes]

I'm trying to fuzz libpng using this method, but it is not able to compile the readpng.c file.
It shows "file format not supported" error for the libpng15.a file.

Any idea on how to handle this error?

thanks.

[Jakub Wilk]

* deathholes <malakar....@gmail.com>, 2018-03-23, 00:00:

>I'm trying to fuzz libpng using this method, but it is not able to
>compile the readpng.c file.
>It shows "file format not supported" error for the libpng15.a file.

What's your libpng version? Which command generated this error?

--
Jakub Wilk

[TOLUCHURI SHYAMILI SHANKER RAO]

Hello, 

I'm also trying to fuzz libpng-1.6.31 using AFL++.

As suggested I applied the patch to libpng using this command inside the libpng-1.6.31 folder:

patch > ~AFL/experimental/libpng_no_checksum/libpng-nocrc.patch

Next I compiled the library with this command:

CC=/path/to/afl-gcc ./configure --disable-shared && make -j4

And after this I went into the contrib/libtests/ folder and used this command:

/path/to/afl-gcc ./readpng.c -lm -lz ../../.libs/libpng16.a -o readpng

But there are some problems, first of all there is no 'libpng16.a' file anywhere and second of all it shows an error 'ld returned 1 exit status' and eventually not creating an executable. 

So if there's anyone who is familiar with it, could you please give me some advice.

Thank you.