[libdvdnav-devel] Crashes with corrupt ISO

[Thomas Lindroth]

On 12/23/2014 05:51 PM, Steve Dibb wrote:
> Agreed.  I'm willing to take it on, but having broken sources make life
> a lot easier sometimes, so if you have more, post them here or send them
> my way and I'll debug them.
Excellent. I used lsdvd as a front end to libdvdread when I did the
fuzzing. Unfortunately this means that some of the crashes I found are
not in libdvdread but in lsdvd. I see that you are the author of
dvd_info so I reused the crash data I had and re-ran the fuzzer with
dvd_info as front end instead.

Here is a collection of about 300 crashes with dvd_info. The afl-fuzz
claim they are all unique but that usually just means the same bug is
triggered by many different code paths. The filenames say what kind of
crash it is. Signal 6 crashes are usually libc double free or corruption
aborts but they can also be out of memory errors. I ran the fusser with
a 1G ulimit because it's not reasonable for it to use more memory.
Latest git was used.

https://www.dropbox.com/s/h1x6laz1jsapk3a/crashes.tar.xz

If you fix these crashes I'll re-run the fuzzer for a longer period of
time to find more obscure problems. These should keep you busy for a while.