From 1af8e2875edb2e64800652dab308a2872862b703 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= <dan.cermak@cgc-instruments.com>
Date: Wed, 3 Oct 2018 01:31:21 +0200
Subject: [PATCH] [testsuite] Add reproducers for CVE-2017-17724 & #209, #211

---
 test/data/2018-01-09-exiv2-crash-002.tiff    | Bin 0 -> 325 bytes
 test/data/2018-01-09-exiv2-crash-003.tiff    | Bin 0 -> 892 bytes
 tests/bugfixes/github/test_CVE_2017_17724.py |  25 +++++++++++++++++++
 tests/bugfixes/github/test_issue_211.py      |  22 ++++++++++++++++
 4 files changed, 47 insertions(+)
 create mode 100644 test/data/2018-01-09-exiv2-crash-002.tiff
 create mode 100644 test/data/2018-01-09-exiv2-crash-003.tiff
 create mode 100644 tests/bugfixes/github/test_CVE_2017_17724.py
 create mode 100644 tests/bugfixes/github/test_issue_211.py

diff --git a/test/data/2018-01-09-exiv2-crash-002.tiff b/test/data/2018-01-09-exiv2-crash-002.tiff
new file mode 100644
index 0000000000000000000000000000000000000000..c3c4e3416112cb0c441f302ad45e3e08f7e017fa
GIT binary patch
literal 325
zcmY+A%?ZLl5QX3Dsu=MnK~N-u3Lexd;w2&2faM7GVFh-OOF#>;1MwmX!um!RiE~)K
z$D6;MJYS&+pbv<Jkje&H;+Yc0vwGIEB{wQLEzbrhioL;r{!9x_I50|m{^O{U%^4%+
zVF61#tEPH5=XPv?B^#&egVKR>qwm}h&ODi#=c}pTKltqr?*C$qAQZFh1w<n?WVeo!
tdz%VLcI(nsPLR^Oe!f>}PiL(s2{AzsOI>fX(bBP8K6k<pZY~iyegmlZElU6Z

literal 0
HcmV?d00001

diff --git a/test/data/2018-01-09-exiv2-crash-003.tiff b/test/data/2018-01-09-exiv2-crash-003.tiff
new file mode 100644
index 0000000000000000000000000000000000000000..9ea86e862d99e6f25384fe8a9a3f7784db782344
GIT binary patch
literal 892
zcmb_Zy9&ZU5S&X;^s0zp;{&Y(zrj|;pHjhJvIy9yUtqDKm7t`y(kg}S?FEdli-IY_
z+}+OX%<gd5K><J+Pz5MPi#$W+3+5xd1e-TM!9L@Bszw)Wy$8(aQx6q>Z!w{-a-x&I
zZyxUVT!z6H+|^z4+_Rd-3OChidp(L51ZX101<<IqtygV4YR&)zyU={gcFv?Aq8U+0
z6fq)NbJfWcA(WJFKxAZSL+n4fnZ%~&7`3hyf9x*gNqikyBE1s#)wje9+s;rtK8^;d
vkwHHN|HZouf*L7`Bg=;&WMpxzfamp>71$W*t^FRO?i{*1WY$XT!sLGg$?mLR

literal 0
HcmV?d00001

diff --git a/tests/bugfixes/github/test_CVE_2017_17724.py b/tests/bugfixes/github/test_CVE_2017_17724.py
new file mode 100644
index 00000000..625338cb
--- /dev/null
+++ b/tests/bugfixes/github/test_CVE_2017_17724.py
@@ -0,0 +1,25 @@
+# -*- coding: utf-8 -*-
+
+import system_tests
+
+
+class TestFuzzedPoC(metaclass=system_tests.CaseMeta):
+
+    url = [
+        "https://github.com/Exiv2/exiv2/issues/210",
+        "https://github.com/Exiv2/exiv2/issues/209"
+    ]
+
+    filename = system_tests.path("$data_path/2018-01-09-exiv2-crash-002.tiff")
+    commands = [
+        "$exiv2 -pR $filename",
+        "$exiv2 -pS $filename",
+        "$exiv2 $filename"
+    ]
+    retval = [1, 1, 0]
+
+    compare_stderr = system_tests.check_no_ASAN_UBSAN_errors
+
+    def compare_stdout(self, i, command, got_stdout, expected_stdout):
+        """ We don't care about the stdout, just don't crash """
+        pass
diff --git a/tests/bugfixes/github/test_issue_211.py b/tests/bugfixes/github/test_issue_211.py
new file mode 100644
index 00000000..f9d53ef0
--- /dev/null
+++ b/tests/bugfixes/github/test_issue_211.py
@@ -0,0 +1,22 @@
+# -*- coding: utf-8 -*-
+
+import system_tests
+
+
+class TestFuzzedPoC(metaclass=system_tests.CaseMeta):
+
+    url = "https://github.com/Exiv2/exiv2/issues/211"
+
+    filename = system_tests.path("$data_path/2018-01-09-exiv2-crash-003.tiff")
+    commands = [
+        "$exiv2 -pR $filename",
+        "$exiv2 -pS $filename",
+        "$exiv2 $filename"
+    ]
+    retval = [1, 1, 0]
+
+    compare_stderr = system_tests.check_no_ASAN_UBSAN_errors
+
+    def compare_stdout(self, i, command, got_stdout, expected_stdout):
+        """ We don't care about the stdout, just don't crash """
+        pass