afl-generated, minimized image test sets (partial)
These very compact, synthetic corpora were generated with
afl-fuzz for some of the image formats supported in modern web browsers.
They exercise a remarkable variety of features in common image parsers and are a superior starting
point for manual testing or targeted fuzzing work.
The test cases are selected for optimal edge coverage and a wide range of coarse hit counts for every
branch, as culled with afl-cmin.
There are also *-edges-only variants that do not factor in hit counts.
Format | Parsing library | Instrumented tool | Browsers | Preview link | Status |
JPEG #1 |
IJG jpeg9a |
djpeg |
All |
click here |
Largely done |
JPEG #2 |
libjpeg-turbo 1.3.1 |
djpeg |
All |
click here |
Largely done |
GIF #1 |
giflib 5.1 |
gif2rgb¹ |
All |
click here |
Largely done |
GIF #2 |
ImageMagick 6.8.9 |
convert |
All |
click here |
Largely done |
PNG |
libpng 1.6.16 |
readpng |
All |
click here |
Largely done |
BMP |
ImageMagick 6.8.9 |
convert |
All |
click here |
Largely done |
ICO |
ImageMagick 6.8.9 |
convert |
All |
click here |
Largely done |
WebP |
libwebp 0.4.2 |
dwebp |
Chrome |
click here |
Largely done |
TIFF |
libtiff CVS 2014/12/24 |
tiff2rgba¹ |
IE, Safari |
click here |
Largely done |
JPEG XR |
jxrlib 1.1 |
JxrDecApp¹ |
IE |
click here |
Ditched ² |
¹ With some ad-hoc security fixes incorporated into the utility.
² Due to the sheer number of exploitable bugs that allow the fuzzer to jump to arbitrary addresses.
You can also grab a downloadable archive containing all of the above.
Note that some of this may crash your browser or make it use up 100% of CPU time (and let's not even
mention trying to open this in any desktop software).
Additional sets are probably coming in the near future. This may include:
- Compression and archive formats: gzip, bzip2, xz, lzo, tar, zip
- Non-web images: jp2 (Safari), jbig
- Audio and video: vorbis, mp3, aac, h264, theora, webm
- Miscellaneous tools & libraries: file, tcpdump, lcms, libxml, freetype
Other requests welcome.
PS. Some of the test cases are flagged by Kaspersky and others as
nefarious malware.
Sorry about that.