Created
July 8, 2017 20:20
-
-
Save shxdow/a48c01eeb826f253675971c2e3af2ae8 to your computer and use it in GitHub Desktop.
Fuzzer for PDF readers in Linux (HW for UdaCity CS258 Problem Set 4)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import random | |
import os | |
import time | |
import subprocess | |
import math | |
apps = ( | |
"emacs", | |
"evince", | |
) | |
files = ("orig.pdf",) | |
fuzz_output = 'fuzz.pdf' | |
FuzzFactor = 250 | |
num_tests = 10 | |
crashes = {} | |
for app in apps: | |
crashes[app] = 0 | |
for i in range(num_tests): | |
test_file = random.choice(files) | |
test_app = random.choice(apps) | |
with open(test_file, "rb") as f: | |
buf = bytearray(f.read()) | |
# start Charlie Miller code | |
numwrites = random.randrange(math.ceil(((float(len(buf))) / FuzzFactor))) + 1 | |
for j in range(numwrites): | |
rbyte = random.randrange(256) | |
rn = random.randrange(len(buf)) | |
buf[rn] = "%c" % rbyte | |
# end Charlie Miller code | |
with open(fuzz_output, "wb") as f: | |
f.write(buf) | |
print "Opening file '%s' with app '%s', %d bytes changed" % (test_app, test_file, numwrites) | |
p = subprocess.Popen([test_app, fuzz_output]) | |
time.sleep(1) | |
crashed = p.poll() | |
if not crashed: | |
p.terminate() | |
else: | |
crashes[test_app] += 1 | |
print "Test summary" | |
print "=" * 40 | |
for app, count in crashes.items(): | |
print "App '%s' crashed %d times." % (app, count) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment