failed to reproduce testcase
leepeter2019 opened this issue · comments
I am following the cryptofuzz build manual and running manual.
to test it finds the crash or bug, i use the testcase on oss-fuzz
-
oss-fuzz link:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19926&sort=-id&q=openssl%20type%3DBug-Security&can=1 -
testcase:
https://oss-fuzz.com/download?testcase_id=5738113498611712
i set git checkout as 5b428 for cryptofuzz and 26583 for openssl as mentioned in https://oss-fuzz.com/revisions?job=libfuzzer_asan_cryptofuzz&range=202001060241:202001070301
when i run cryptofuzz, it does not make any crash for the given testcase. How can i check to reproduce correctly on the test case?
- This is testcase information :
Cipherttype: AES_128_CBC_HMAC_SHA1
OpenSSL::OpSymmetricDecrypt_EVP
operation name: SymmetricDecrypt
ciphertext: {0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20} (16 bytes)
tag: nullopt
aad: nullopt
cipher iv: {0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0xff} (8 bytes)
cipher key: {0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20} (16 bytes)
cipher: AES_128_CBC_HMAC_SHA1
cleartextSize: 2105376
Thank you for trying my project leepeter2019.
I've confirmed that it doesn't work with those commits.
When you look here: https://oss-fuzz.com/testcase-detail/5738113498611712
the revision ranges for Cryptofuzz is: 5b42807 - 8aa5576
and for OpenSSL it is: 26583f6aa8dc28e3598e61db66e54e2fdf8b195f - 1242f3c798db340397186e178023f1a9fe297df0
Please checkout Cryptofuzz at 8aa5576
and OpenSSL at 1242f3c798db340397186e178023f1a9fe297df0
and recompile.
You should now be able to reproduce the bug.
Thank you for your help. I will retry based on your comments.
but I cannot access the link https://oss-fuzz.com/testcase-detail/5738113498611712, because I dont have access right.
can you share what is in the 'https://oss-fuzz.com/testcase-detail/5738113498611712' to understand why the crash happens?
Thanks again.