Discussion:
[Pixman] Crash during stress-test
LE GARREC Vincent
2017-11-15 21:37:30 UTC
Permalink
Dear,

I ran stress-test under fuzzing and I found a crash.

I'm not really comfortable with pixman so I don't really know how to report
you the problem.

Please find enclosed modifications I needed to apply to allow fuzzing with
afl.
I disabled HAVE_GCC_VECTOR_EXTENSIONS and adapt smallprng_rand_r to read
from buffer instead of random data based on seed.

To make the stress-test crashes, run ./stress-test rasterize_edges_8.crash

I hope it's not my patch that make pixman crashes.

Please, tell me if you need further information or if I did something wrong.

Best regards,

Vincent LE GARREC
Emil Velikov
2017-11-17 11:31:10 UTC
Permalink
Hi Vincent,

On 15 November 2017 at 21:37, LE GARREC Vincent
Post by LE GARREC Vincent
Dear,
I ran stress-test under fuzzing and I found a crash.
I'm not really comfortable with pixman so I don't really know how to report
you the problem.
Please find enclosed modifications I needed to apply to allow fuzzing with
afl.
I disabled HAVE_GCC_VECTOR_EXTENSIONS and adapt smallprng_rand_r to read
from buffer instead of random data based on seed.
To make the stress-test crashes, run ./stress-test rasterize_edges_8.crash
I hope it's not my patch that make pixman crashes.
Please, tell me if you need further information or if I did something wrong.
I'm not that muhc of a pixman to provide you with feedback on the exact issue.

Small question though:
Have you considered adding a argument to the program which changes
rand -> input file method?

It will allow you to drop the HAVE_GCC_VECTOR_EXTENSIONS workarounds
and upstream the changes.
This way one will be able to do some extensive testing prior to
rolling a potentially vulnerable pixman release to the masses.

HTH
Emil
LE GARREC Vincent
2017-11-19 18:26:56 UTC
Permalink
I made a clone on https://github.com/bansan85/pixman/tree/stress_test_file
I tried to make lots of small commits to make review easier.
I still have a crash. Please use the new file enclosed. The previous one is
not working anymore.
I don't used HAVE_GCC_VECTOR_EXTENSIONS but I tried to make the code
compatible.

To run the stress-test :
./stress-test -f rasterize_edges_8_min.crash
Post by Emil Velikov
Hi Vincent,
On 15 November 2017 at 21:37, LE GARREC Vincent
Post by LE GARREC Vincent
Dear,
I ran stress-test under fuzzing and I found a crash.
I'm not really comfortable with pixman so I don't really know how to
report
Post by LE GARREC Vincent
you the problem.
Please find enclosed modifications I needed to apply to allow fuzzing
with
Post by LE GARREC Vincent
afl.
I disabled HAVE_GCC_VECTOR_EXTENSIONS and adapt smallprng_rand_r to read
from buffer instead of random data based on seed.
To make the stress-test crashes, run ./stress-test
rasterize_edges_8.crash
Post by LE GARREC Vincent
I hope it's not my patch that make pixman crashes.
Please, tell me if you need further information or if I did something
wrong.
I'm not that muhc of a pixman to provide you with feedback on the exact issue.
Have you considered adding a argument to the program which changes
rand -> input file method?
It will allow you to drop the HAVE_GCC_VECTOR_EXTENSIONS workarounds
and upstream the changes.
This way one will be able to do some extensive testing prior to
rolling a potentially vulnerable pixman release to the masses.
HTH
Emil
Emil Velikov
2017-12-12 16:40:04 UTC
Permalink
On 19 November 2017 at 18:26, LE GARREC Vincent
Post by LE GARREC Vincent
I made a clone on https://github.com/bansan85/pixman/tree/stress_test_file
I tried to make lots of small commits to make review easier.
A lot better, thank you. There are some whitespace fixes alongside the
feature ones.
Can you give it another quick look and send the lot to the list for
review - I think the recommended way is via git send-email.

-Emil

Loading...