使用afl来fuzz libtiff

源码下载：

http://download.osgeo.org/libtiff/

编译：

export CC=afl-clang-fast
export CXX=afl-clang-fast++
./configure --disable-shared
make

我们确定目标是fuzz tiff2pdf

下载测试用例

wget https://lcamtuf.coredump.cx/afl/demo/afl_testcases.tgz

我们使用afl_testcases/tiff/full/images里面的即可

最小化测试用例

afl-cmin -i testcase_full -o testcase_cmin ./tools/tiff2pdf @@ /dev/null

最终6000多个减少到800个

corpus minimization tool for afl-fuzz by <lcamtuf@google.com>

[*] Testing the target binary...
[+] OK, 101 tuples recorded.
[*] Obtaining traces for input files in 'testcase_full'...
    Processing file 6399/6399...
[*] Sorting trace sets (this may take a while)...
[+] Found 12057 unique tuples across 6399 files.
[*] Finding best candidates for each tuple...
    Processing file 6399/6399...
[*] Sorting candidate list (be patient)...
[*] Processing candidates and writing output files...
    Processing tuple 12057/12057...
[+] Narrowed down to 817 files, saved in 'testcase_cmin'.

开fuzz

afl-fuzz -i testcase_cmin/ -o afl_output/ tools/tiff2pdf @@ /dev/null