libpcre2 fuzzing

Target

URL: svn://vcs.exim.org/pcre2/code/trunk
Relative URL: ^/code/trunk
Repository Root: svn://vcs.exim.org/pcre2
Repository UUID: 6239d852-aaf2-0410-a92c-79f79f948069
Revision: 610
Node Kind: directory
Schedule: normal
Last Changed Author: ph10
Last Changed Rev: 610
Last Changed Date: 2016-11-27 08:14:33 -0800 (Sun, 27 Nov 2016)

Source code of setup, setup and results @ https://github.com/alfredfarrugia/libpcre2-fuzzing

Environment

Linux trusty64 3.16.0-55-generic #74~14.04.1-Ubuntu SMP Tue Nov 17 10:15:59 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

setup

cd /tmp
svn co svn://vcs.exim.org/pcre2/code/trunk pcre2
cd pcre2
autoreconf -i
CC=afl-clang-fast CXX=afl-clang-fast++ ./configure --prefix=/opt/fuzzable-pcre2 --enable-debug
make
make install

fuzzing methodology

afl-fuzz -x dict/regex -i input/pcre2test -o /tmp/findings/pcre2test /opt/fuzzable-pcre2/bin/pcre2test

crashing payloads

The crashes found so far are recursion bugs which produces a segmentation fault.

crash reproduction:
	echo "Lyg/Pi4pKhAwGDldKyhKfC0pLwpKfNFden//WzAt0V0rUy3Rf0Q2Xjl6eS16MDCvr68wMK+vr6+vr6+vr68wMH0oYXxiXFthLX16XXswMDYwMDB9Cg==" | base64 -d | bin/pcre2test


Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7b20d94 in match (eptr=, ecode=, mstart=, offset_top=, mb=, eptrb=, rdepth=2) at src/pcre2_match.c:759
759	utf = (mb->poptions & PCRE2_UTF) != 0;

All discovered payloads:

echo "Lyg/Pi4pKhAwGDldKyhKfC0pLwpKfNFden//WzAt0V0rUy3Rf0Q2Xjl6eS16MDCvr68wMK+vr6+vr6+vr68wMH0oYXxiXFthLX16XXswMDYwMDB9Cg==" | base64 -d | bin/pcre2test
echo "Lyg/Pi4pKlswCkp80V1tf/9bMC3RXStTXT8rWzAt0X9ENl45GDldKyhKfC0pLwpKfNFden//WzAt0V0rU10/K1swLdF/RDZeOXp5LXowMK+vr6+vr6+vr68wMH0oYXxiXFthLX16XXswMDYwMDB9Cg==" | base64 -d | bin/pcre2test
echo "Lyg/Pi4pKlswGDldKyhKfC0pLwpKfNFden//Wxwt0V0rU10/K1swLdF/RDZeOXp5LXowMK+vr6+vr6+vr68wL30oYXxiXFthLX16XXswMDYwMDB9Cg==" | base64 -d | bin/pcre2test
echo "Lyg/Pi4pKlswGDldKyhKfC0pLwot0X9ENl45enktejAwr6+vr6+vr6+vrzAwfT9hfGJcW2EtfXpdezAwNjAwMH0K" | base64 -d | bin/pcre2test
echo "Lyg/Pi4pKlthFXpdezMsLwo4WzBhfGJcXVxvezAwMDA1MDAwMDAwMFIoYXxiXFuALTMgfSMsfHx8a2tra2tra2tra2tra2tra2tra2tra2t8m3x8fHx8fHx8fHwtel17MDAwNzAwfQo=" | base64 -d | bin/pcre2test
echo "Lyg/Pi4pKlthFXpdezMsLwo4WzBhfGJcXVxvezAwMTA1MDAwMDAwMH0oYXxiXFthLTMgfSMsfHx8a2tra2tra2tra2tra2tra2traWtra2t8m3x8fHx8fHx8fHwtel17MDAwNzAwfQo=" | base64 -d | bin/pcre2test
echo "Lyg/fC4pK1teLV0zMH3KwNfKysdhLXqMcjN8YmkvCmEteiddemEtel1yM9ADS3szIC8yW14tekN7I2B8fAJwcC1dMzB9ysDXysrHYS16jHBwcHCNcHB8YlxbYWF8W2EtMw59Iyx8fHyGbXAt/Q5/Iw18fHx8pnx8inxwcHBwcHBweHBwfHx8fHz/gIhdezAwMDQwMH0K" | base64 -d | bin/pcre2test
echo "Lyg/fC4pK1teLV0zMH3KwNfKysdhLXqMcjN8YlovCmEteiddemEtel1yM9ADS3szIC8yW14tekN7I2B8fAJwcHBwcHCNcHB8YlxbYWF8W2EtMw59Iyx8fHxwW3At/Q5/Iw18fHx8pnx8inxwcHBwcHBwcHBwfHx8XHz/gIhdezAwMDQwMH0K" | base64 -d | bin/pcre2test
echo "Lyg/fC4pK1teLV0zMHAt/Q5/Iw18fHx8pnx8inxwcHBwcHBwcHBwfHx9ysDXysrHYS16jHIzfGJpLwphLXonXXphLXpdcjPQA0t7MyAvMlteLXpDZCNgfHwCcHBwcHBwjXB7fGJcW2FhfFthLTMOfSMsfHx8cFtwLf0OfyMNfHx8fKZ8fIp8cHCDcHBwcHBwcHx8fHx8/4CIXXswMDA0MDB9Cg==" | base64 -d | bin/pcre2test
echo "LygxfC4pK1teLV0zMH3KwNfKysdhLXqMcjN8YmkvCmEteiddemEtel1yM9ADS3szIC8yW14tekN7Dn8jDXx8fHymfHyKfHBwcHBwcHBwcHB8fHwjYHx8AnBwcHBwcI1wcHxiXFthYXxbYS0zDn0jLHx8fHBbcC39Dn8jDXx8fHymfHyKfHBwcHBwcHBwcHB8fHx8fP+AiF17MDAwNDAwfQo=" | base64 -d | bin/pcre2test
echo "LyhjP1wxKmE/XFZ8PSkqP3YxKj9cV0MvCksD6G1d/31hLH1ONpNDK1r/f/8iXFthLTMgfSMsfGtra2tra3ybfHx8fHx8fHx8fC16XXswMDA3MDB9Cg==" | base64 -d | bin/pcre2test
echo "LyhjP1wxKmE/XFZ8PSkqP3YxKj9cV0MvCksD6G1d/31hbH1ONpNDK1r/CwtiXFthLTMgfSMs/////2tra3ybfHx8fHx8fHx8fC16XXswMDA3MDB9Cg==" | base64 -d | bin/pcre2test
echo "LyhjP1wxKoI/XFZ8PSkqP3YxKj9cV0MvCksD6G1d/31hLH1ONpNDK1r/CwtiXFthLTMgfSMsfGtra2tra3ybfHx8Xnx8fHx8fC16XXswMDA3MDB9Cg==" | base64 -d | bin/pcre2test
echo "LygufDopKj9cMSpFXFYuLjV7OX0UfGcwMDQwMCg6bGJzJS5sYikvCn0oYXxbYRAzDn0jLHx8fHymfHx8fAJwcHBwcHBwcHB8YlxbYWF8W2EtMw59Iyx8fHx8pnx8fHxwcHBwcHBwcHAt/Q59Iyx8fHx8pnx8fHx8W2EtMw59Iyx8fHx8pnx8fHxwcHBwcHBwcHBwcHBwcHBwcHB8fHx8fP+Ael17MDAwNDAwfQo=" | base64 -d | bin/pcre2test
echo "LyiZXStTfC4pK1otP1xSezUsMzB9ykp6P0p6emBdJHzd3WkvCmkthQpKej+ZXStTfC4pK1wtP1z/fzUsMzB9ykp6cHBwcHB8YlxbYWF8W2EtMw59Iyx8fHxwW3At/Q5wcHCScHBwhXAVIHx8fHz/gHpdezAwMDQwMH1I" | base64 -d | bin/pcre2test
echo "LyiZXStTfC4pK1wtP1xSezUsMzB9ykp6P0p6elpdJHzd3WkvCmkthQpKej9KenpgXSR83YBpej9KI2B8fAIgcHBwcHBwcH58YlxbYWF8W2EtMw59Iyx8fHxwW3At/Q5wcHBwcHBmhXBwfHx8fHz/gHpdezAwMDQwMH1I" | base64 -d | bin/pcre2test
echo "Lyg/fC4pKmQtOVlAOV08fIMwel4tLwpbYXx8fHx8fHxeLUMrU14tf/9DeyMsWzAn0V0rW14tekN7I4xffAJwcHBwcHBwcHB9YlxbYWF8W2EtMw59Iyx8fH18pnx8fHxwcHBwcHBwcHAt/Q59Iyx8fKZ8fHx8cHBwcHBwcHBncHx8fHx8/4BhXXswMDA0MDB9Cg==" | base64 -d | bin/pcre2test
echo "Lyg/fC4pKnx8fHxAOV08fINMel4tLwpbYXx8fHx8fHxeLUMrU14tf/9DeyMsWzAx0V0rW14tekN7I4x8fAJwcHBwcHBwcHB9YlxbYWF8W2EtMw59Iyx8fH18pnx8fHxwcHBwcHBwcHAt/Q59Iyx8fKZ8fHx8cHBwcHBwcHBncHx8fHx8/4BhXXswMDA0MDB9Cg==" | base64 -d | bin/pcre2test
echo "Lyg/fC4pKig/fC4pKz98gXx8KHEPY3x8fKZ8fHx8cHBwcHBwcHBwLf0OfSMsfHx8fKYpLwopLwooP3suKSo/fIF8fCl6PXsjLFswKdFdK1teLXpDe/9/fHwCcGJwcHBwcHBwfGJcW2FhfFthLTMOfSMsfHx8fHxwcHBwcHBwcHAt/Q59Iyx8fHx8pnx8fHxwfHx8fP+Ael17MDAwNDAwfQo=" | base64 -d | bin/pcre2test
echo "Lyg/Pi4pKyhhfGIpLwp9C2t8Yikvf//t/ywtOXgYZgEZekMrXl4tenpDeyMsWzBL0V0yW14tekN7I2B8fAIgcHBwcHBwcHB8YlxbYWF8W3At/Q59Iw18fHx8pnx8inxwcHBwcHBwhXBwfHx8cHBwcHBwhXBwfHx8fHz/gHpdezAwMDQwMH1I" | base64 -d | bin/pcre2test
echo "LygufGIpKiRcMSoQXFMMXS4KS15ukCtDXStdLwpLXm6QK1tjUXIzfExfLwovCl5qYlxdXHx7YlxbYQ1SDn0jLHx0fHybfHx8fHBwcHBwcHBscHB8fHx8o/+Ael17MDAwNDAwfQo=" | base64 -d | bin/pcre2test
echo "LygufGIpKi4+Pj4TKlteLV0vCkp8K3UqfHx8/Hx8ZEMvaWlpCmBhfGJcW2EtMyCHIyx8a2t8/Hx8fC16XXswMDA3MDB9LXpdezAwMDcwMH0K" | base64 -d | bin/pcre2test
echo "Lyg/Pi4pKlxSezgsfShKsLCwsLCwsJAOYikvCkr+DQ0gHDAwciP//2JcW2EtMw59Iyx8fGKAel17MDQwNDAwfQo=" | base64 -d | bin/pcre2test
echo "Lyg/Pi4pKlxSezgsfShKsLCwsLCwsJB8YikvCkr+DQ0gHDAwciNhfGJcW2EtMw59IyxbfCsrKysrKysrKysrKysrKysrKy8rKysrKysrK2KAaF17MDQwNDAwfQo=" | base64 -d | bin/pcre2test
echo "Lyg/fC4pK2kKV1Fyf3xFeS8KLwpeamJcXVx8e2JcW39yKnxFfHyTI9F8fHyFhYWFeS8NUg5SDpMjLHx8fHybfHx8fHBwcHBwcIt8fHyTIyx8fHx8m3x8fAJwcHBwcHCLfHx8fP+Ael17MDAwNDAwfQo=" | base64 -d | bin/pcre2test
echo "Lyg/fC4pK2kKV1Fyf3xFXC8KLwpeamJcXVx8e2JcW39yKnxFhYWFhYWFhYWFhYWFeS8NUg5SDpMjLHx8fHybfHx8fHBwfHx8fJt8fHx8cHBwcHBwi3x8fJMjLHx8fHybfHx8fP+Ael17MDAwNDAwfQo=" | base64 -d | bin/pcre2test
echo "LygufGIpKj9cDSouXFJ7NjJ9Q3x8fHx8fHx8fHx8fHwvbWdpCmD//wqmgF4NDQ0NCQ0NNh+8YpZ8fHx8L21nLFswKdFdK1teLXpDeyN8fHxwcHBweHBwcHBwfGJcW2FhfFthLTMOfXBwcHBwcC39DoEjLHx8fHymfHx8fHBwcHB4cHBwcHB8fHx8fP+Ael17MDAwNDAwfS0=" | base64 -d | bin/pcre2test
echo "LygufGIpKj9cDSouXFJ7NjJ9Q3x8fHx8fHx8fHx8fHwvbWdpCmD//wqmgF4NDQ0NCQ0NNh//CqaAXg0NDQ0JDQ02H7xisbxilnx8fHwvbWcsWzAp0V0rW14tekN7I3x8fAJwcHBwcHBwcHB8YlxbYWF8W2EtMw59cHBwcHBwLf0OfSMsfHx8fKZ8fHx8cHBwcHhwcHBwcHx8fHx8/4B6XXswMDA0MDB9LQ==" | base64 -d | bin/pcre2test
echo "LygufGIpKj9cDSouXFJ7NjJ9Q3xLfHx8fHx8fHx8fHwvbWdpCmD//wqmgF4NDQ0NCQ0NNhy8YpZ8fHx8L21nLFswKdFdK1teLXpDeyN8fHwCcHBwcHBwMHBwfGJcW2FhfFthLTMOfXBwcHBwcC39Dn0jLHx8fHymfHx8fHBwcHB4cHBwcHB8fHN8fP+Ael17MDAwNDAwfS0=" | base64 -d | bin/pcre2test
echo "Lyg/Pi4pKvQ/9Hx7MywvCjhbMGF8YlxdXG97MDAwMDUwMDAw//8wfShhfGJcW2EtMyB9Iyx8fHx8m3x8fHx8fHx8fHxKel17MDIwNzAwfQo=" | base64 -d | bin/pcre2test
echo "Lyg/Pi4pKvQrP/R8ezMsLwo4WzBhfGJcXVxvezAwMDA1MDAwMP/jMIEoYXxiXFthLTMgfSMsfHx8fJt8fHx8fHx8fHx8LXpdezAyMDcwMH0K" | base64 -d | bin/pcre2test
echo "Lyg/Pi4pKvQrP/R8ezMsLwo4WzBhfGJcXf5vezAwMDA1MDAwMP/eMH0oYXxiXFthLTMgfSMsfHx8fJt8fHx8fHx8fHx8LXpdezAyMDcwMH0K" | base64 -d | bin/pcre2test
echo "Lyg/Pi4pKvQrP/R8ezMsLwo4WzBhfGJch4eHh4ddXG9pMDAwMDUwMDAw//8wfShhfGJcW2EtMyB9Iyx8fHx8m3x8fHx8fHx8fHwtel17MDIwNzAwfQo=" | base64 -d | bin/pcre2test
echo "Lyg/Pi4pKvQrP/R8ezMsLwo4WzBhfGJ7XVxvezAwMDA1/zAwMP//MH0oYXxiXFthLTMgfSMsfHx8fJt8fHx8fHx8fHx8LXpdezAyMDcwMH0K" | base64 -d | bin/pcre2test
echo "Lyg/fC4pKlhOKz/02/Tk9PT0XvT0fGIQLwr1fH0+Xmo1MDAwMP//MHMoYXxiXFtxLTMgfSMsfHx8W5t8fHx8fHx8fHx8LXpdezAyMDcwMH0K" | base64 -d | bin/pcre2test
echo "Lyg/fC4pKlxOLwr1fH0+Xmo1MDBEMP//MH0oYXxiXFthLTMgfSMsfHx8fJt8fHx8fHx8fHx8LXpdezAyMDcwMH0K" | base64 -d | bin/pcre2test
echo "Lyg/fC4pKlxOKz/02/Tk9PT0UfT0fGIQLwr1fH0+Xmo1MDAwMP//En0oYXxiXFthLTMgfSMsfHx8fJt8fHx8fHx8fHydLXpdezAyNzAwfQo=" | base64 -d | bin/pcre2test
echo "Lyg/fC4pKlxOKz/02/Tk9PT0XvT0fGIQLwr1fH0+Xmo1MDAwMP//MH0oYXxiXFthXXswMjA3MDB9Ag==" | base64 -d | bin/pcre2test
echo "Lyg/Pi4pKlxwQyv0P1xXezgsfShhfHxiKT8rWytbXi16XS8KWz7ZXS309PT09PT09PT09PT09PT09PT09PT09C16Q3sjfI98AnBwcHBwcHBwcHxiXFthYXxbYS0zDn0jLHx8fGOmfFx8fHBwkyMsfHx8fKZ/fHx8cHBwcHBwcHBwcHx8fHx8/4B6XXswMDA0MDB9Cg==" | base64 -d | bin/pcre2test
echo "LygufC4pKig/fC4pKj98gXx8KGD/YikvCltPKnpdYmlhfHx8fHyQfFt4Yin//5UvRWF8LilAekN7I2B8fAIgcHBwUnBwcHB8YlxbYWF8W2EjKXx8fHymfHyKfHBwcHBwcHCFL3B8fHx8fP8D6F17MDAwNDAwfUg=" | base64 -d | bin/pcre2test
echo "Lyg/Pi4pKlswoJwnJy19XXszOH0oSnxkKS8KSmRbMDw1MDAeMBwwMIAoYXw2XFthW2EVFRUVFRUVFRUVFRUVFRUVFRUVFRUVFRUVFRUVFS1wcHBwcHBwcJNwfHx8fHz/gHpdezAwMDQwMH0K" | base64 -d | bin/pcre2test
echo "LygeHj98LjMqKD98Lis/LikqKSsrCkx7Ma+vXa8BezMse6+vXa8BezMse6+v//h7r3x1aS8KK30wf6BpaWkjLFswKdFdMltXV1dXV1dXfHwCIHBwcHBweHBwfGJcW3xbYS0zDn0jLHx8fHJhfFthLTN/fSMsfHx8cFtwLf0rfSMNfHx8fKbDfIp8cHBwcHBwcIVwcHx8fHx8/4B6XXswMDA0MDB9SA==" | base64 -d | bin/pcre2test
echo "LygufGIpKj9c/yo/Li41ezd9A3znJH7uNC8KKKYzJUiP/10vfRt8+Ct/MGkiCoB/MDQ5Wl5egC97I2B8fAJwcHBwcHBwcHB8YlxbYWF8RWEtMw59Iyx8fHxwW3At/Q59Iw18fHx8pnx8inxwcHBwcHBwYWF8W3x8fHz/gHpdezAwMDQwMH0K" | base64 -d | bin/pcre2test
echo "LygufGIpKj9c/yo/Li41ezd9A3znJH7uNC8KKFIzJUiP/10tfRt8+Ct/MGkiCoB/MP85Wl5egC97I2B8fAJwcHBwcHBwcHB8YlxbYWF8W2EgMw59IywF//8FW3At/Q59Iw18fHx8pnx8inxwcHBwcHBwYWF8W3x8fHz/gHpdezAwMDQwMH0K" | base64 -d | bin/pcre2test
echo "LygufGIpKj9c/yo/Li41ezd6A3znJH7uNC8KKFIzJUiP/10vfRt8+Ct/MGkiCoB/MDQ5Wl5egC97I2B8fAJwcHBwcHBwcHB8YlxbYWF8W2EtMw59BCx8fHxwW3At/Q59Iw18fHx8pnx8inxwcHBwcHBwYWF8W3x8fHz/gHpdezAwMDQwMH0K" | base64 -d | bin/pcre2test
echo "LygufGIpKj9c/yo/Li41ezd9A3znJH7uNC8KKFIzJUiP/10vfRt8+Ct/MGkiCoB/MDQ5Wl5eQFB7I2B8fAJwcHBwcHBwj3B8YlxbLnyA/yo/XP8qYWF8W2EtMw59Iyx8fHxwW3gt/Q59Iw18fHx8pnx8inxwcHZycHBwYWF8W3x8fHz/gHpdezAwMDQwMH0K" | base64 -d | bin/pcre2test
echo "LygufGJmZgX//wVmZmZmZikqUVxSK1199+Iwff8FQStdfyt8fT8HkGL/B5Bi/0QKYi8KfXNALH0oYX5iKS8KW2F8fHx/XFthDTMOfXx8cHBwcHBww2xwcHx8fHx8/4B6XXswMDA0MDB9Cg==" | base64 -d | bin/pcre2test
echo "Lyg/fC4pKi5cSCtcSEoeOTyZfGImAWIuEC8KXmp8ciAgICAgK21nQApggF5dXyWYXXsrW14tekN7I4x8fAJwdHBwcHBwcHB9YlxbYWF8W2EtMw59Iyx8fH18pnx8fHxwcHBwcHBwcHAt/Q59Iyx8fKZ8fHx8cGBwcHBwcHBncHx8fHx8/4BhXXswMDA0MDB9Cg==" | base64 -d | bin/pcre2test
echo "Lyg/Pi7/gD8+fC4pKlteLXpDXi1dK1t6LXpde0EsfShKfGIpLwpsf5V6enp6eyNtfHwCcHBwcHBwcHBwfGJcW2FhfFthLTMOfSMsfH//cFtwLf0OfSMNfHx8fKZ8fIp0cHBwcP9wcHBwcIl8fHx8/4B6XXswMDA0MDB9Cg==" | base64 -d | bin/pcre2test
echo "Lyg/Pi7/gD8+fC4pKlteLXpDXi1dK1t6LXpdezYsfShKfGIpLwpsf5V6enp6eyNtfHwCWXBwcHBwcHBwfGJcW2FhfGVhLTMOfSMsfHx8cFtwLf0OfSMNfHx8fKZ8fIp+cHBwcP9wcHBwcHx8fHx8/4B6XXswMDA0MDB9Cg==" | base64 -d | bin/pcre2test
echo "Lyg/Pi7/gD8+fC4pKlteLXpDXi1dK1t6LXpdxn8sfShKfGIpLwpsf5V6enp6eyNtfHwCcHBwcIZwcHBwfGJcW2FhfFthLSAOfSMsfHx8cFtwLf0OfSMNfHx8fKZ8fIp+cHBwcP9wcHBwcHx8fHx8/4B6XXswMDA0MDB9Cg==" | base64 -d | bin/pcre2test