Skip to content

Commit

Permalink
Create gh-pages branch via GitHub
Browse files Browse the repository at this point in the history
  • Loading branch information
@gaa-cifasis
gaa-cifasis authored Aug 4, 2016
1 parent 3468487 commit 8c8e2bf
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 3 deletions.
11 changes: 9 additions & 2 deletions index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,13 @@ <h2>An experimental grammar fuzzer in Haskell using QuickCheck</h2>
<section id="main-content">
<p>QuickFuzz is a grammar fuzzer powered by <a href="http://www.cse.chalmers.se/%7Erjmh/QuickCheck/">QuickCheck</a>, <a href="https://wiki.haskell.org/Template_Haskell">Template Haskell</a> and specific libraries from Hackage to generate many complex file-formats like Jpeg, Png, Svg, Xml, Zip, Tar and more!. QuickFuzz is open-source (GPL3) and it can use other bug detection tools like <a href="http://caca.zoy.org/wiki/zzuf">zzuf</a>, <a href="https://github.com/aoh/radamsa">radamsa</a>, <a href="http://google.github.io/honggfuzz/">honggfuzz</a> and <a href="http://valgrind.org">valgrind</a>.</p>

<h2>
<a id="news" class="anchor" href="#news" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>News</h2>

<ul>
<li>An academic article on QuickFuzz will be presented on the Haskell Symposium 2016!</li>
</ul>

<h2>
<a id="bugs-lost-and-found" class="anchor" href="#bugs-lost-and-found" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a><strong>Bugs <del>lost and</del> found</strong>
</h2>
Expand Down Expand Up @@ -147,7 +154,7 @@ <h2>
<h2>
<a id="downloads" class="anchor" href="#downloads" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Downloads</h2>

<p>Pre-compiled and <em>upx</em> compressed binaries are available here:</p>
<p>Pre-compiled and compressed (bzexe) binaries are available here:</p>

<ul>
<li><a href="https://github.com/CIFASIS/QuickFuzz/releases/download/v0.1/QuickFuzz.x86">Linux x86</a></li>
Expand All @@ -163,7 +170,7 @@ <h3>
<a id="the-quickfuzz-team" class="anchor" href="#the-quickfuzz-team" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>The QuickFuzz team</h3>

<ul>
<li>Pablo <strong>Buiras</strong> (<a href="http://www.chalmers.se/en/Pages/default.aspx">Chalmers University of Technology</a>)</li>
<li>Pablo <strong>Buiras</strong> (Harvard University)</li>
<li>Martín <strong>Ceresa</strong> (<a href="http://cifasis-conicet.gov.ar/">CIFASIS-Conicet</a>)</li>
<li>Gustavo <strong>Grieco</strong> (<a href="http://cifasis-conicet.gov.ar/">CIFASIS-Conicet</a> and <a href="http://www-verimag.imag.fr/?lang=en">VERIMAG</a>)</li>
</ul>
Expand Down
2 changes: 1 addition & 1 deletion params.json
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"name": "QuickFuzz",
"tagline": "An experimental grammar fuzzer in Haskell using QuickCheck",
"body": "QuickFuzz is a grammar fuzzer powered by [QuickCheck](http://www.cse.chalmers.se/~rjmh/QuickCheck/), [Template Haskell](https://wiki.haskell.org/Template_Haskell) and specific libraries from Hackage to generate many complex file-formats like Jpeg, Png, Svg, Xml, Zip, Tar and more!. QuickFuzz is open-source (GPL3) and it can use other bug detection tools like [zzuf](http://caca.zoy.org/wiki/zzuf), [radamsa](https://github.com/aoh/radamsa), [honggfuzz](http://google.github.io/honggfuzz/) and [valgrind](http://valgrind.org).\r\n\r\n## **Bugs ~~lost and~~ found**\r\n\r\n* Firefox ([failed assert in gif loader](https://bugzilla.mozilla.org/show_bug.cgi?id=1210745), [CVE-2016-1933](https://www.mozilla.org/en-US/security/advisories/mfsa2016-02/), [CVE-2015-7194](https://www.mozilla.org/en-US/security/advisories/mfsa2015-128/), [CVE-2015-7216, CVE-2015-7217](https://www.mozilla.org/en-US/security/advisories/mfsa2015-143/))\r\n* VLC ([CVE-2016-3941](https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1533633))\r\n* Libxml2 ([CVE-2016-3627](http://seclists.org/oss-sec/2016/q1/682), [CVE-2016-4483](http://seclists.org/oss-sec/2016/q2/214))\r\n* Mxml ([CVE-2016-4570, CVE-2016-4571](http://www.openwall.com/lists/oss-security/2016/05/09/16))\r\n* Cairo ([CVE-2016-3190](http://seclists.org/oss-sec/2016/q1/676))\r\n* GraphicsMagick ( [CVE-2015-8808](http://seclists.org/oss-sec/2016/q1/288), [CVE-2016-2317, CVE-2016-2318](http://seclists.org/oss-sec/2016/q1/297) )\r\n* LibGD ([CVE-2016-6132](http://seclists.org/oss-sec/2016/q2/636))\r\n* Librsvg ([CVE-2015-7557, CVE-2015-7558](http://www.openwall.com/lists/oss-security/2015/12/21/5), [CVE-2016-4348](http://www.openwall.com/lists/oss-security/2016/04/28/7))\r\n* Gdk-Pixbuf ([CVE-2015-7552](https://bugzilla.suse.com/show_bug.cgi?id=958963), [CVE-2015-4491](https://www.mozilla.org/en-US/security/advisories/mfsa2015-88/), [CVE-2015-7674](http://www.openwall.com/lists/oss-security/2015/10/02/10), [CVE-2015-7673](http://www.openwall.com/lists/oss-security/2015/10/02/9), [CVE-2015-8875](http://seclists.org/oss-sec/2016/q2/355), undisclosed)\r\n* Mplayer ([CVE-2016-4352](http://www.openwall.com/lists/oss-security/2016/04/29/7), [lots of crashes](https://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/2015-December/073241.html) [and more](http://www.openwall.com/lists/oss-security/2015/11/10/8))\r\n* Jasper ([CVE-2015-5203](https://bugzilla.redhat.com/show_bug.cgi?id=1254242))\r\n* Jq ([CVE-2016-4074](http://www.openwall.com/lists/oss-security/2016/04/24/4))\r\n* Jansson ([CVE-2016-4425](http://www.openwall.com/lists/oss-security/2016/05/02/1))\r\n* Unzip ([CVE-2015-7696, CVE-2015-7697](http://www.openwall.com/lists/oss-security/2015/10/11/5))\r\n* CPIO ([reads out-of-bound](http://seclists.org/oss-sec/2016/q1/440), [CVE-2016-2037](http://seclists.org/oss-sec/2016/q1/136))\r\n* GNU Tar ([out-of-bound read](http://www.openwall.com/lists/oss-security/2015/08/31/1))\r\n* Optipng ([CVE-2015-7802](http://www.openwall.com/lists/oss-security/2015/09/23/4), [CVE-2015-7801](https://bugzilla.redhat.com/show_bug.cgi?id=1264015))\r\n* Libtiff ([CVE-2015-7313](http://www.openwall.com/lists/oss-security/2015/09/21/7))\r\n* Busybox ([pointer misuse](http://www.openwall.com/lists/oss-security/2015/10/25/3))\r\n* Libarchive ([big allocation in tar handling](https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1487020))\r\n\r\n## Quick introduction to QuickFuzz\r\n\r\nTo generate corrupted gifs to test giffix using QuickFuzz and zzuf:\r\n\r\n $ QuickFuzz Gif \"/usr/bin/giffix @@\" -a zzuf -t 25 -s 10\r\n *** Error in `/usr/bin/giffix': double free or corruption (out): 0x0000000000b44f80 ***\r\n zzuf[s=-1193471787,r=0.004:1e-06]: signal 6 (SIGABRT)\r\n *** Error in `/usr/bin/giffix': free(): invalid pointer: 0x0000000002565f80 ***\r\n zzuf[s=1436598283,r=0.004:1e-06]: signal 6 (SIGABRT)\r\n zzuf[s=88548751,r=0.004:1e-06]: signal 11 (SIGSEGV)\r\n +++ OK, passed 25 tests.\r\n\r\nIt looks like we re-discovered several files to trigger [CVE-2015-7555](https://bugzilla.redhat.com/show_bug.cgi?id=1290785) in a few seconds! QuickFuzz can also print the structure of the generated file that triggered a crash or abort in Haskell syntax. For instance:\r\n\r\n GifFile {\r\n gifHeader = GifHeader {gifVersion = GIF87a, gifScreenDescriptor = LogicalScreenDescriptor {screenWidth = 1, screenHeight = 0, backgroundIndex = 1, hasGlobalMap = True, colorResolution = 0, isColorTableSorted = True, colorTableSize = 1}, gifGlobalMap = }, \r\n gifImages = [(Just GraphicControlExtension {gceDisposalMethod = DisposalRestorePrevious, gceUserInputFlag = True, gceTransparentFlag = True, gceDelay = 1, gceTransparentColorIndex = 0},GifImage {imgDescriptor = ImageDescriptor {gDescPixelsFromLeft = 1, gDescPixelsFromTop = 1, gDescImageWidth = 0, gDescImageHeight = 1, gDescHasLocalMap = False, gDescIsInterlaced = False, gDescIsImgDescriptorSorted = False, gDescLocalColorTableSize = 0}, imgLocalPalette = Just , imgLzwRootSize = 0, imgData = \"\"})], \r\n gifLoopingBehaviour = LoopingForever\r\n }\r\n\r\n## List of file types to generate\r\n\r\n|**Images**|**Archives**|**Code**|**Others**|\r\n|------|------|------|------|\r\n|Bmp|Bzip|Css|Ogg|\r\n|Gif|CPIO|Dot|TrueType fonts|\r\n|Jpeg|Gzip|Html|Unicode text|\r\n|Png|Tar|Javascript|Wav|\r\n|Pnm|Zip|Xml|Regex|\r\n|Svg|\r\n|Tga|\r\n|Tiff|\r\n\r\n## Downloads\r\n\r\nPre-compiled and *upx* compressed binaries are available here:\r\n\r\n* [Linux x86](https://github.com/CIFASIS/QuickFuzz/releases/download/v0.1/QuickFuzz.x86)\r\n* [Linux x86_64](https://github.com/CIFASIS/QuickFuzz/releases/download/v0.1/QuickFuzz.x86_64)\r\n\r\nOtherwise QuickFuzz can be [easy compiled](https://github.com/CIFASIS/QuickFuzz#instalation) using [stack](http://docs.haskellstack.org/en/stable/README/#how-to-install).\r\n\r\n## Authors\r\n### The QuickFuzz team\r\n\r\n* Pablo **Buiras** ([Chalmers University of Technology](http://www.chalmers.se/en/Pages/default.aspx))\r\n* Martín **Ceresa** ([CIFASIS-Conicet](http://cifasis-conicet.gov.ar/))\r\n* Gustavo **Grieco** ([CIFASIS-Conicet](http://cifasis-conicet.gov.ar/) and [VERIMAG](http://www-verimag.imag.fr/?lang=en))\r\n\r\n### Students\r\n\r\n* Franco Costantini\r\n\r\n### Former Members\r\n\r\n* Martín **Escarrá** ([Universidad Nacional de Rosario](http://www.unr.edu.ar/))\r\n\r\n### **Acknowledgements**\r\n\r\n* [ayberkt](https://github.com/ayberkt) for the bug reports and pull requests.\r\n* A special thanks goes to all the developers from the packages who made possible QuickFuzz to generate several complex file-formats.",
"body": "QuickFuzz is a grammar fuzzer powered by [QuickCheck](http://www.cse.chalmers.se/~rjmh/QuickCheck/), [Template Haskell](https://wiki.haskell.org/Template_Haskell) and specific libraries from Hackage to generate many complex file-formats like Jpeg, Png, Svg, Xml, Zip, Tar and more!. QuickFuzz is open-source (GPL3) and it can use other bug detection tools like [zzuf](http://caca.zoy.org/wiki/zzuf), [radamsa](https://github.com/aoh/radamsa), [honggfuzz](http://google.github.io/honggfuzz/) and [valgrind](http://valgrind.org).\r\n\r\n## News\r\n\r\n* An academic article on QuickFuzz will be presented on the Haskell Symposium 2016!\r\n\r\n## **Bugs ~~lost and~~ found**\r\n\r\n* Firefox ([failed assert in gif loader](https://bugzilla.mozilla.org/show_bug.cgi?id=1210745), [CVE-2016-1933](https://www.mozilla.org/en-US/security/advisories/mfsa2016-02/), [CVE-2015-7194](https://www.mozilla.org/en-US/security/advisories/mfsa2015-128/), [CVE-2015-7216, CVE-2015-7217](https://www.mozilla.org/en-US/security/advisories/mfsa2015-143/))\r\n* VLC ([CVE-2016-3941](https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1533633))\r\n* Libxml2 ([CVE-2016-3627](http://seclists.org/oss-sec/2016/q1/682), [CVE-2016-4483](http://seclists.org/oss-sec/2016/q2/214))\r\n* Mxml ([CVE-2016-4570, CVE-2016-4571](http://www.openwall.com/lists/oss-security/2016/05/09/16))\r\n* Cairo ([CVE-2016-3190](http://seclists.org/oss-sec/2016/q1/676))\r\n* GraphicsMagick ( [CVE-2015-8808](http://seclists.org/oss-sec/2016/q1/288), [CVE-2016-2317, CVE-2016-2318](http://seclists.org/oss-sec/2016/q1/297) )\r\n* LibGD ([CVE-2016-6132](http://seclists.org/oss-sec/2016/q2/636))\r\n* Librsvg ([CVE-2015-7557, CVE-2015-7558](http://www.openwall.com/lists/oss-security/2015/12/21/5), [CVE-2016-4348](http://www.openwall.com/lists/oss-security/2016/04/28/7))\r\n* Gdk-Pixbuf ([CVE-2015-7552](https://bugzilla.suse.com/show_bug.cgi?id=958963), [CVE-2015-4491](https://www.mozilla.org/en-US/security/advisories/mfsa2015-88/), [CVE-2015-7674](http://www.openwall.com/lists/oss-security/2015/10/02/10), [CVE-2015-7673](http://www.openwall.com/lists/oss-security/2015/10/02/9), [CVE-2015-8875](http://seclists.org/oss-sec/2016/q2/355), undisclosed)\r\n* Mplayer ([CVE-2016-4352](http://www.openwall.com/lists/oss-security/2016/04/29/7), [lots of crashes](https://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/2015-December/073241.html) [and more](http://www.openwall.com/lists/oss-security/2015/11/10/8))\r\n* Jasper ([CVE-2015-5203](https://bugzilla.redhat.com/show_bug.cgi?id=1254242))\r\n* Jq ([CVE-2016-4074](http://www.openwall.com/lists/oss-security/2016/04/24/4))\r\n* Jansson ([CVE-2016-4425](http://www.openwall.com/lists/oss-security/2016/05/02/1))\r\n* Unzip ([CVE-2015-7696, CVE-2015-7697](http://www.openwall.com/lists/oss-security/2015/10/11/5))\r\n* CPIO ([reads out-of-bound](http://seclists.org/oss-sec/2016/q1/440), [CVE-2016-2037](http://seclists.org/oss-sec/2016/q1/136))\r\n* GNU Tar ([out-of-bound read](http://www.openwall.com/lists/oss-security/2015/08/31/1))\r\n* Optipng ([CVE-2015-7802](http://www.openwall.com/lists/oss-security/2015/09/23/4), [CVE-2015-7801](https://bugzilla.redhat.com/show_bug.cgi?id=1264015))\r\n* Libtiff ([CVE-2015-7313](http://www.openwall.com/lists/oss-security/2015/09/21/7))\r\n* Busybox ([pointer misuse](http://www.openwall.com/lists/oss-security/2015/10/25/3))\r\n* Libarchive ([big allocation in tar handling](https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1487020))\r\n\r\n## Quick introduction to QuickFuzz\r\n\r\nTo generate corrupted gifs to test giffix using QuickFuzz and zzuf:\r\n\r\n $ QuickFuzz Gif \"/usr/bin/giffix @@\" -a zzuf -t 25 -s 10\r\n *** Error in `/usr/bin/giffix': double free or corruption (out): 0x0000000000b44f80 ***\r\n zzuf[s=-1193471787,r=0.004:1e-06]: signal 6 (SIGABRT)\r\n *** Error in `/usr/bin/giffix': free(): invalid pointer: 0x0000000002565f80 ***\r\n zzuf[s=1436598283,r=0.004:1e-06]: signal 6 (SIGABRT)\r\n zzuf[s=88548751,r=0.004:1e-06]: signal 11 (SIGSEGV)\r\n +++ OK, passed 25 tests.\r\n\r\nIt looks like we re-discovered several files to trigger [CVE-2015-7555](https://bugzilla.redhat.com/show_bug.cgi?id=1290785) in a few seconds! QuickFuzz can also print the structure of the generated file that triggered a crash or abort in Haskell syntax. For instance:\r\n\r\n GifFile {\r\n gifHeader = GifHeader {gifVersion = GIF87a, gifScreenDescriptor = LogicalScreenDescriptor {screenWidth = 1, screenHeight = 0, backgroundIndex = 1, hasGlobalMap = True, colorResolution = 0, isColorTableSorted = True, colorTableSize = 1}, gifGlobalMap = }, \r\n gifImages = [(Just GraphicControlExtension {gceDisposalMethod = DisposalRestorePrevious, gceUserInputFlag = True, gceTransparentFlag = True, gceDelay = 1, gceTransparentColorIndex = 0},GifImage {imgDescriptor = ImageDescriptor {gDescPixelsFromLeft = 1, gDescPixelsFromTop = 1, gDescImageWidth = 0, gDescImageHeight = 1, gDescHasLocalMap = False, gDescIsInterlaced = False, gDescIsImgDescriptorSorted = False, gDescLocalColorTableSize = 0}, imgLocalPalette = Just , imgLzwRootSize = 0, imgData = \"\"})], \r\n gifLoopingBehaviour = LoopingForever\r\n }\r\n\r\n## List of file types to generate\r\n\r\n|**Images**|**Archives**|**Code**|**Others**|\r\n|------|------|------|------|\r\n|Bmp|Bzip|Css|Ogg|\r\n|Gif|CPIO|Dot|TrueType fonts|\r\n|Jpeg|Gzip|Html|Unicode text|\r\n|Png|Tar|Javascript|Wav|\r\n|Pnm|Zip|Xml|Regex|\r\n|Svg|\r\n|Tga|\r\n|Tiff|\r\n\r\n## Downloads\r\n\r\nPre-compiled and compressed (bzexe) binaries are available here:\r\n\r\n* [Linux x86](https://github.com/CIFASIS/QuickFuzz/releases/download/v0.1/QuickFuzz.x86)\r\n* [Linux x86_64](https://github.com/CIFASIS/QuickFuzz/releases/download/v0.1/QuickFuzz.x86_64)\r\n\r\nOtherwise QuickFuzz can be [easy compiled](https://github.com/CIFASIS/QuickFuzz#instalation) using [stack](http://docs.haskellstack.org/en/stable/README/#how-to-install).\r\n\r\n## Authors\r\n### The QuickFuzz team\r\n\r\n* Pablo **Buiras** (Harvard University)\r\n* Martín **Ceresa** ([CIFASIS-Conicet](http://cifasis-conicet.gov.ar/))\r\n* Gustavo **Grieco** ([CIFASIS-Conicet](http://cifasis-conicet.gov.ar/) and [VERIMAG](http://www-verimag.imag.fr/?lang=en))\r\n\r\n### Students\r\n\r\n* Franco Costantini\r\n\r\n### Former Members\r\n\r\n* Martín **Escarrá** ([Universidad Nacional de Rosario](http://www.unr.edu.ar/))\r\n\r\n### **Acknowledgements**\r\n\r\n* [ayberkt](https://github.com/ayberkt) for the bug reports and pull requests.\r\n* A special thanks goes to all the developers from the packages who made possible QuickFuzz to generate several complex file-formats.",
"google": "",
"note": "Don't delete this file! It's used internally to help with page regeneration."
}

0 comments on commit 8c8e2bf

Please sign in to comment.