Tested programs

See also the list of crashes.

Bug reported

  • ClamAV
  • FreeType2
  • gettext: LANGUAGE=’../../../../../tmp’ with non-suid programs
  • glibc
  • ImageMagick
  • libpoppler
  • libexif
  • nm
  • rpm

Bug not yet reported

  • file
    • crash with invalid magic.mgc file, you can be specified using -m
  • mplayer
    • HOME='' make mplayer crash and it never leaves
    • command line: -quiet -vo null -ao null -endpos 2
  • Flash browser plugin
    • many crash

gettext

  • gettext: library to translate (localize) string (i18n/l10n things)

  • It’s possible to use your own .mo file with this little hack:

    mkdir /tmp/LC_MESSAGES
    cp hello.mo /tmp/LC_MESSAGES/
    LANGUAGE='../../../../../../../../tmp' ./hello
    Erreur de segmentation
    
  • Found crash with fuzzing near intl/dcigettext.c:934 but //Bruno Haible// (author of gettext) will not fix them (add more verifications) because it « would not serve the purpose of a maximally efficient lookup of translations »

gstreamer

cd gst-plugins-base
./configure --prefix=/opt/gstreamer CFLAGS="-O0 -ggdb" PKG_CONFIG_PATH=/opt/gstreamer/lib/pkgconfig/

python

./configure --prefix=/opt/pythonsvn --with-pydebug && make && make install

With pydebug, use “export PYTHONTHREADDEBUG=1” to trace threading operations.

php

sudo apt-get build-dep php5
cvs -z9 -d :pserver:cvsread@cvs.php.net:/repository checkout -r PHP_5_3 php5
cd php5
./buildconf
CFLAGS="-O0 -ggdb" ./configure --enable-debug --prefix=/opt/php && make && make install

and then use/copy the program sapi/cli/php.

Other configure options:

--enable-mbstring \
--enable-ftp --enable-calendar --enable-exif --enable-intl \
--enable-soap  --enable-sockets --enable-zip

Notes:

  • php_error_cb() displays a PHP error like the “Fatal errors”
  • Real function name is “zif_” + name (eg. zif_count_chars for count_chars)
  • Interesting files: main/php.h, main/php_config.h, Zend/zend.h