diff --git a/test/data/2018-01-09-exiv2-crash-002.tiff b/test/data/2018-01-09-exiv2-crash-002.tiff new file mode 100644 index 00000000..c3c4e341 Binary files /dev/null and b/test/data/2018-01-09-exiv2-crash-002.tiff differ diff --git a/test/data/2018-01-09-exiv2-crash-003.tiff b/test/data/2018-01-09-exiv2-crash-003.tiff new file mode 100644 index 00000000..9ea86e86 Binary files /dev/null and b/test/data/2018-01-09-exiv2-crash-003.tiff differ diff --git a/tests/bugfixes/github/test_CVE_2017_17724.py b/tests/bugfixes/github/test_CVE_2017_17724.py new file mode 100644 index 00000000..625338cb --- /dev/null +++ b/tests/bugfixes/github/test_CVE_2017_17724.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class TestFuzzedPoC(metaclass=system_tests.CaseMeta): + + url = [ + "https://github.com/Exiv2/exiv2/issues/210", + "https://github.com/Exiv2/exiv2/issues/209" + ] + + filename = system_tests.path("$data_path/2018-01-09-exiv2-crash-002.tiff") + commands = [ + "$exiv2 -pR $filename", + "$exiv2 -pS $filename", + "$exiv2 $filename" + ] + retval = [1, 1, 0] + + compare_stderr = system_tests.check_no_ASAN_UBSAN_errors + + def compare_stdout(self, i, command, got_stdout, expected_stdout): + """ We don't care about the stdout, just don't crash """ + pass diff --git a/tests/bugfixes/github/test_issue_211.py b/tests/bugfixes/github/test_issue_211.py new file mode 100644 index 00000000..f9d53ef0 --- /dev/null +++ b/tests/bugfixes/github/test_issue_211.py @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class TestFuzzedPoC(metaclass=system_tests.CaseMeta): + + url = "https://github.com/Exiv2/exiv2/issues/211" + + filename = system_tests.path("$data_path/2018-01-09-exiv2-crash-003.tiff") + commands = [ + "$exiv2 -pR $filename", + "$exiv2 -pS $filename", + "$exiv2 $filename" + ] + retval = [1, 1, 0] + + compare_stderr = system_tests.check_no_ASAN_UBSAN_errors + + def compare_stdout(self, i, command, got_stdout, expected_stdout): + """ We don't care about the stdout, just don't crash """ + pass